What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

A.

To ensure Information Technology (IT) staff knows and performs roles assigned to each of them

B.

To validate backup sites’ effectiveness

C.

To find out what does not work and fix it

D.

To create a high level DRP awareness among Information Technology (IT) staff

An international medical organization with headquarters in the United States (US) and branches in France
wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data?

A.

Aggregate it into one database in the US

B.

Process it in the US, but store the information in France

C.

Share it with a third party

D.

Anonymize it and process it in the US

A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

A.

Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP)

B.

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

C.

Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP)

D.

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

Which of the following is the MOST important part of an awareness and training plan to
prepare employees for emergency situations?

A.

Having emergency contacts established for the general employee population to get
information

B.

Conducting business continuity and disaster recovery training for those who have a
direct role in the recovery

C.

Designing business continuity and disaster recovery training programs for different
audiences

D.

Publishing a corporate business continuity and disaster recovery plan on the corporate
website

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

A.

Transport layer handshake compression

B.

Application layer negotiation

C.

Peer identity authentication

D.

Digital certificate revocation

What Is the FIRST step in establishing an information security program?

A.

Establish an information security policy.

B.

Identify factors affecting information security.

C.

Establish baseline security controls.

D.

Identify critical security infrastructure.

After following the processes defined within the change management plan, a super user
has upgraded a
device within an Information system.
What step would be taken to ensure that the upgrade did NOT affect the network security
posture?

A.

Conduct an Assessment and Authorization (A&A)

B.

Conduct a security impact analysis

C.

Review the results of the most recent vulnerability scan

D.

Conduct a gap analysis with the baseline configuration

“Stateful” differs from “Static” packet filtering firewalls by being aware of which of the following?

A.

Difference between a new and an established connection

B.

Originating network location

C.

Difference between a malicious and a benign packet payload

D.

Originating application session

Determining outage costs caused by a disaster can BEST be measured by the

A.

cost of redundant systems and backups.

B.

cost to recover from an outage.

C.

overall long-term impact of the outage.

D.

revenue lost during the outage.

Which of the following is the MOST important goal of information asset valuation?

A.

Developing a consistent and uniform method of controlling access on information assets

B.

Developing appropriate access control policies and guidelines

C.

Assigning a financial value to an organization’s information assets

D.

Determining the appropriate level of protection

Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

A.

clear-text attack.

B.

known cipher attack.

C.

frequency analysis.

D.

stochastic assessment

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

A.

Log all activities associated with sensitive systems

B.

Provide links to security policies

C.

Confirm that confidentially agreements are signed

D.

Employ strong access controls