In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

A.

A full-scale simulation of an emergency and the subsequent response functions

B.

A specific test by response teams of individual emergency response functions

C.

A functional evacuation of personnel

D.

An activation of the backup site

The BEST method of demonstrating a company's security level to potential customers is

A.

a report from an external auditor.

B.

responding to a customer's security questionnaire.

C.

a formal report from an internal auditor.

D.

a site visit by a customer's security team.

An engineer in a software company has created a virus creation tool. The tool can generate
thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled
environment to test the company's next generation virus scanning software. Which would
BEST describe the behavior of the engineer and why?

A.

The behavior is ethical because the tool will be used to create a better virus scanner.

B.

The behavior is ethical because any experienced programmer could create such a tool.

C.

The behavior is not ethical because creating any kind of virus is bad.

D.

The behavior is not ethical because such a tool could be leaked on the Internet

A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?

A.

Identify and select recovery strategies.

B.

Present the findings to management for funding.

C.

Select members for the organization's recovery teams.

D.

Prepare a plan to test the organization's ability to recover its operations.

Which of the following is a method used to prevent Structured Query Language (SQL)
injection attacks?

A.

Data compression

B.

Data classification

C.

Data warehousing

D.

Data validation

An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

A.

Provide the encrypted passwords and analysis tools to the auditor for analysis.

B.

Analyze the encrypted passwords for the auditor and show them the results.

C.

Demonstrate that non-compliant passwords cannot be created in the system.

D.

Demonstrate that non-compliant passwords cannot be encrypted in the system.

An external attacker has compromised an organization's network security perimeter and
installed a sniffer onto an inside computer. Which of the following is the MOST effective
layer of security the organization could have implemented to mitigate the attacker's ability
to gain further information?

A.

Implement packet filtering on the network firewalls

B.

Require strong authentication for administrators

C.

Install Host Based Intrusion Detection Systems (HIDS)

D.

Implement logical network segmentation at the switches

Which of the following does Temporal Key Integrity Protocol (TKIP) support?

A.

Multicast and broadcast messages

B.

Coordination of IEEE 802.11 protocols

C.

Wired Equivalent Privacy (WEP) systems

D.

Synchronization of multiple devices

Which of the following statements is TRUE for point-to-point microwave transmissions?

A.

They are not subject to interception due to encryption.

B.

Interception only depends on signal strength.

C.

They are too highly multiplexed for meaningful interception.

D.

They are subject to interception by an antenna within proximity

Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

A.

Hot site

B.

Cold site

C.

Warm site

D.

Mobile site

Which of the following is an appropriate source for test data?

A.

Production data that is secured and maintained only in the production environment.

B.

Test data that has no similarities to production datA.

C.

Test data that is mirrored and kept up-to-date with production datA.

D.

Production data that has been sanitized before loading into a test environment.

Which of the following can BEST prevent security flaws occurring in outsourced software development?

A.

Contractual requirements for code quality

B.

Licensing, code ownership and intellectual property rights

C.

Certification of the quality and accuracy of the work done

D.

Delivery dates, change management control and budgetary control