In Business Continuity Planning (BCP), what is the importance of documenting business processes?

A.

Provides senior management with decision-making tools

B.

Establishes and adopts ongoing testing and maintenance strategies

C.

Defines who will perform which functions during a disaster or emergency

D.

Provides an understanding of the organization's interdependencies

Which one of the following is a threat related to the use of web-based client side input validation?

A.

Users would be able to alter the input after validation has occurred

B.

The web server would not be able to validate the input after transmission

C.

The client system could receive invalid input from the web server

D.

The web server would not be able to receive invalid input from the client

Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

A.

Smurf

B.

Rootkit exploit

C.

Denial of Service (DoS)

D.

Cross site scripting (XSS)

Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

A.

Operational networks are usually shut down during testing.

B.

Testing should continue even if components of the test fail.

C.

The company is fully prepared for a disaster if all tests pass.

D.

Testing should not be done until the entire disaster plan can be tested

Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?

A.

Network Address Translation (NAT)

B.

Application Proxy

C.

Routing Information Protocol (RIP) Version 2

D.

Address Masking

An advantage of link encryption in a communications network is that it

A.

makes key management and distribution easier.

B.

protects data from start to finish through the entire network.

C.

improves the efficiency of the transmission.

D.

encrypts all information, including headers and routing information

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

A.

To assist data owners in making future sensitivity and criticality determinations

B.

To assure the software development team that all security issues have been addressed

C.

To verify that security protection remains acceptable to the organizational security policy

D.

 To help the security team accept or reject new systems for implementation and
production

Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

A.

Test before the IT Audit

B.

Test when environment changes

C.

Test after installation of security patches

D.

Test after implementation of system patches

The stringency of an Information Technology (IT) security assessment will be determined by the

A.

system's past security record.

B.

size of the system's database.

C.

sensitivity of the system's datA.

D.

age of the system.

When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

A.

hardened building construction with consideration of seismic factors.

B.

adequate distance from and lack of access to adjacent buildings.

C.

curved roads approaching the data center.

D.

proximity to high crime areas of the city.

A vulnerability test on an Information System (IS) is conducted to

A.

exploit security weaknesses in the IS.

B.

measure system performance on systems with weak security controls.

C.

evaluate the effectiveness of security controls.

D.

prepare for Disaster Recovery (DR) planning.

Which one of the following is a fundamental objective in handling an incident?

A.

To restore control of the affected systems

B.

To confiscate the suspect's computers

C.

To prosecute the attacker

D.

To perform full backups of the system