1
Q
- Copyright provides what form of protection:
A. Protects an author’s right to distribute his/her works.
B. Protects information that provides a competitive advantage.
C. Protects the right of an author to prevent unauthorized use of his/her works.
D. Protects the right of an author to prevent viewing of his/her works.
A
C. Protects the right of an author to prevent unauthorized use of his/her works.
2
Q
- Which of the following describes the first step in establishing an encrypted session
using a Data Encryption Standard (DES) key?
A. Key clustering
B. Key compression
C. Key signing
D. Key exchange
A
D. Key exchange
3
Q
- A CISSP may face with an ethical conflict between their company’s policies and the (ISC)2 Code of Ethics. According to the (ISC)2 Code of Ethics, in which order of
priority should ethical conflicts be resolved?
A. Duty to principals, profession, public safety, and individuals.
B. Duty to public safety, principals, individuals, and profession.
C. Duty to profession, public safety, individuals, and principals.
D. Duty to public safety, profession, individuals, and principals.
A
B. Duty to public safety, principals, individuals, and profession.
4
Q
11. Company X is planning to implement rule based access control mechanism for controlling access to its information assets, what type of access control is this usually related to? A. Discretionary Access Control B. Task-initiated Access Control C. Subject-dependent Access Control D. Token-oriented Access Control
A
A. Discretionary Access Control
5
Q
12. In the Common Criteria Evaluation and Validation Scheme (CCEVS), requirements for future products are defined by: A. Protection Profile. B. Target of Evaluation. C. Evaluation Assurance Level 3. D. Evaluation Assurance Level 7.
A
A. Protection Profile.
6
Q
- Configuration management provides assurance that changes…?
A. to application software cannot bypass system security features.
B. do not adversely affect implementation of the security policy.
C. to the operating system are always subjected to independent validation and verification.
D. in technical documentation maintain an accurate description of the Trusted Computer Base.
A
B. do not adversely(不利地) affect implementation of the security policy.
7
Q
- All of the following methods ensure the stored data are unreadable except…?
A. writing random data over the old file.
B. physical alteration of media.
C. degaussing the disk or tape.
D. removing the volume header information.
A
D. removing the volume header information.
8
Q
- What determines the assignment of data classifications in a mandatory access control
(MAC) philosophy?
A. The analysis of the users in conjunction with the audit department
B. The assessment by the information security department
C. The user’s evaluation of a particular information element
D. The organization’s published security policy for data classification
A
D. The organization’s published security policy for data classification
9
Q
- Which of the following is the primary goal of a security awareness program?
A. It provides a vehicle for communicating security procedures.
B. It provides a clear understanding of potential risk and exposure.
C. It provides a forum for disclosing exposure and risk analysis.
D. It provides a forum to communicate user responsibilities.
A
B. It provides a clear understanding of potential risk and exposure. # A:它提供了一種傳達安全程序的工具。 B.它提供了對潛在風險和暴露的清晰了解。 C.它提供了一個公開暴露和風險分析的論壇。 D.它提供了一個交流用戶責任的論壇。
10
Q
- Which of the following evidence collection method is most likely accepted in a court case?
A. Provide a full system backup inventory.
B. Create a file-level archive of all files.
C. Provide a mirror image of the hard drive.
D. Copy all files accessed at the time of the incident.
A
C. Provide a mirror image of the hard drive.
11
Q
- Which of the following characteristics is not of a good stream cipher?
A. Long periods of no repeating patterns.
B. Statistically predictable.
C. Keystream is not linearly related to the key.
D. Statistically unbiased keystream.
A
B. Statistically predictable.
12
Q
- When a security administrator wants to conduct regular test on the strength of user passwords, what may be the best setup for this test?
A. A networked laptop with Rainbow table that have direct access to the live password database.
B. A standalone workstation with Rainbow table and a copied password database.
C. A networked workstation with Rainbow table and a copied password database.
D. This is not possible, because the password database is encrypted.
A
B. A standalone workstation with Rainbow table and a copied password database.
13
Q
- Which answer lists the proper steps required to develop a disaster recovery and business continuity plan (DRP/BCP)?
A. Project initiation, business impact analysis, strategy development, plan development, testing, maintenance.
B. Strategy development, project initiation, business impact analysis, plan development, testing, maintenance.
C. Business impact analysis, project initiation, strategy development, plan development, testing, maintenance.
D. Project initiation, plan development, business impact analysis, strategy development, testing, maintenance.
A
A. Project initiation, business impact analysis, strategy development, plan development, testing, maintenance.
14
Q
- An information security program should include the following elements:
A. Disaster recovery and business continuity planning, and definition of access control requirements and human resources policies.
B. Business impact, threat and vulnerability analysis, delivery of an information security awareness program, and physical security of key installations.
C. Security policy implementation, assignment of roles and responsibilities, and information asset classification.
D. Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems.
A
C. Security policy implementation, assignment of roles and responsibilities, and information asset classification.
15
Q
- Security of an automated information system is most effective and economical if the system is…?
A. optimized prior to addition of security.
B. customized to meet the specific security threat.
C. subjected to intense security testing.
D. designed originally to meet the information protection needs.
A
D. designed originally to meet the information protection needs.
16
Q
- It is important that information about an ongoing computer crime investigation be…?
A. destroyed as soon after trial as possible.
B. reviewed by upper management before being released.
C. replicated to a backup system to ensure availability.
D. limited to as few people as possible.
A
D. limited to as few people as possible.
17
Q
- Which answer is not true for Diffie-Hellman algorithm?
A. Security stems from the difficulty of calculating the product of two large prime numbers.
B. It was the first public key exchange algorithm.
C. It is vulnerable to man-in-the-middle attacks.
D. It is used for distribution of a shared key, not for message encryption and decryption.
A
A. Security stems from the difficulty of calculating the product of two large prime numbers.
18
Q
- After signing out a laptop computer from the company loaner pool, you discovered there is a memorandum stored in the loaner laptop written to a competitor containing sensitive information about a new product your company is about to release. Based on the (ISC)2 Code of Ethics, what is the first action you should take?
A. Delete the memorandum from the laptop to ensure no one else will see it.
B. Contact the author of the memorandum to let him/her know the memorandum was on the laptop.
C. Immediately inform your company’s management of your findings and its potential ramifications.
D. Inform the security awareness trainers that data disclosure prevention in a mobile computing environment needs to be added to their classes.
A
C. Immediately inform your company’s management of your findings and its potential ramifications.
19
Q
44. What is the trusted registry that guarantees the authenticity of client and server public keys? A. Public key notary. B. Certification authority. C. Key distribution center. D. Key revocation certificate.
A
B. Certification authority.
20
Q
45. The concept that all accesses must be mediated, protected from unauthorized modification, and verifiable as correct is implemented through what? A. A security model. B. A reference monitor. C. A security kernel. D. A trusted computing base.
A
C. A security kernel.
21
Q
- During a disaster or emergency, how does a closed-circuit television (CCTV) help management and security to minimize loss?
A. It helps the management to direct resources to the hardest hit area.
B. It records instances of looting and other criminal activities.
C. It documents shortcomings of plans and procedures.
D. It captures the exposure of assets to physical risk.
A
A. It helps the management to direct resources to the hardest hit area.
22
Q
- The goal of cryptanalysis is to…?
A. forge coded signals that will be accepted as authentic.
B. ensure that the key has no repeating segments.
C. reduce the system overhead for cryptographic functions.
D. determine the number of encryption permutations required.
A
A. forge coded signals that will be accepted as authentic.
23
Q
- Which one of the followings cannot be identified by a business impact analysis (BIA)?
A. Analyzing the threats associated with each functional area.
B. Determining risks associated with threats.
C. Identifying major functional areas of information.
D. Determining team members associated with disaster planning.
A
D. Determining team members associated with disaster planning.
24
Q
- Pretty Good Privacy (PGP) provides…?
A. confidentiality, integrity, and authenticity.
B. integrity, availability, and authentication.
C. availability, authentication, and non-repudiation.
D. authorization, non-repudiation, and confidentiality.
A
D. authorization, non-repudiation, and confidentiality.
25
53. Which of the following can be identified when exceptions occur using operations security detective controls?
A. Unauthorized people seeing printed confidential reports.
B. Unauthorized people destroying confidential reports.
C. Authorized operations people performing unauthorized functions.
D. Authorized operations people not responding to important console messages.
C. Authorized operations people performing unauthorized functions.
26
56. Before powering off a computer system, a computer crime investigator should record contents of the monitor and…?
A. save the contents of the spooler queue.
B. dump the memory contents to a disk.
C. backup the hard drive.
D. collect the owner’s boot up disks.
B. dump the memory contents to a disk.
27
59. A security planning process must defines: how security will be managed, who will be responsible, and…?
A. what practices are reasonable and prudent(謹慎) for the enterprise.
B. who will work in the security department.
C. what impact security will have on the intrinsic value of data.
D. how security measures will be tested for effectiveness.
A. what practices are reasonable and prudent(謹慎) for the enterprise.
28
60. A security policy provides a way to…?
A. establish a cost model for security activities.
B. allow management to define system recovery requirements.
C. identify and clarify security goals and objectives.
D. enable management to define system access rules.
C. identify and clarify security goals and objectives.
29
65. Separation of duties should be…?
A. enforced in all organizational areas.
B. cost justified for the potential for loss.
C. enforced in the program testing phase of application development.
D. determined by the availability of trained staff.
B. cost justified for the potential for loss.
30
67. In IPsec, what is the standard format that helps to establish and manage the security association (SA) between two internetworking entities?
A. Internet Security Association and Key Management Protocol (ISAKMP)
B. Internet Key Exchange (IKE)
C. Diffie-Hellman Key Exchange
D. Authentication Header (AH)
B. Internet Key Exchange (IKE)
31
74. Which of the following is true about information that is designated with the highest level of confidentiality in a private sector organization?
A. It is limited to named individuals and creates an audit trail.
B. It is restricted to those in the department of origin for the information.
C. It is available to anyone in the organization whose work relates to the subject and requires authorization for each access.
D. It is classified only by the information security officer and restricted to those who have made formal requests for access.
A. It is limited to named individuals and creates an audit trail.
32
75. When verifying key control objectives of a system design, the security specialist should ensure that the…?
A. final system design has security administrator approval.
B. auditing procedures have been defined.
C. vulnerability assessment has been completed.
D. impact assessment has been approved.
C. vulnerability assessment has been completed.
33
```
80. An instance of being exposed to losses is called?
A. Vulnerably
B. Threat
C. Risk
D. Exposure
```
D. Exposure
34
81. Reference monitor requires which of the following conditions?
A. Policy, mechanism and assurance
B. Isolation, layering and abstraction
C. Isolation, completeness and verifiability
D. Confidentiality, availability and integrity
C. Isolation, completeness and verifiability
35
```
82. A person in possession of a sample of ciphertext and corresponding plaintext is capable of what type of attack?
A. Known-plaintext
B. Ciphertext only
C. Chosen-plaintext
D. Plaintext
```
A. Known-plaintext
36
86. When there is a “separation of duties”, parts of tasks are assigned to different people
so that:
A. Collusion is required to perform an unauthorized act.
B. Better planning is required to break into systems.
C. Defense-in-depth is achieved by creating multiple layers an attacker must circumvent.
D. The weakest link, people, are not easily flipped.
A. Collusion is required to perform an unauthorized act.
37
90. In a typical information security program, who would be responsible for providing reports to the corporate executives and senior management on the effectiveness of the instituted program controls?
A. Auditors
B. Information systems security manager (ISSM)
C. Information systems security officer (ISSO)
D. Information systems security professionals
A. Auditors
38
92. If risk is defined as “the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets” the risk has all of the following elements except?
A. An impact of assets based on threats and vulnerabilities.
B. Controls addressing the threats.
C. Threats to and vulnerabilities of processes and/or assets.
D. Probabilities of the threats.
B. Controls addressing the threats.
39
96. Which choice below is an accurate statement about standards?
A. Standards are the high-level statements made by senior management in support of information systems security.
B. Standards are the first element created in an effective security policy program.
C. Standards are used to describe how policies will be implemented within an organization.
D. Standards are senior management’s directives to create a computer security program.
C. Standards are used to describe how policies will be implemented within an organization.
40
```
97. A memory address location specified in a program instruction that contains the address of final memory location is known as:
A. Implied addressing.
B. Indexed addressing.
C. Indirect addressing.
D. Register addressing.
```
C. Indirect addressing.
41
```
104. Which security mode best defines where users have both the required clearance and the need-to-know for all data on a system?
A. Dedicated.
B. Limited access.
C. Controlled.
D. Compartmented.
```
A. Dedicated(專用).
42
106. What criteria went into the Common Criteria standard?
A. TCSEC.
B. ITSEC.
C. Canadian Trusted Computer Evaluation Criteria.
D. All of the above.
D. All of the above.
43
```
107. Which of the following is the European evaluation criteria standard?
A. TCSEC.
B. ITSEC.
C. IPSec.
D. CTCEC.
```
B. ITSEC.
44
108. In the following top-down Common Criteria evaluation process, what is the missing component:
Protection Profile > Target of Evaluation > ??> > Security
Functionality/Assurance Requirements > Evaluation > Evaluation Assurance Level
A. Certification Domain.
B. Integrity Assessment.
C. Security Domain.
D. Security Target.
D. Security Target.
45
```
112. Which of the following includes the definition of procedures for emergency response?
A. Operations Planning
B. Disaster Recovery Planning
C. Business Continuity Planning
D. Backup Planning
```
C. Business Continuity Planning
46
```
113. Which of the following team should be part of the disaster recovery procedures?
A. Test Team
B. Management Team
C. Salvage Team
D. IT Team
```
C. Salvage Team
47
115. The business continuity planning (BCP) project management and initiation phase does not involve?
A. Establishing members of the BCP team.
B. Determining the need for automated data collection tools.
C. Performing a business impact analysis (BIA).
D. Preparing and presenting status reports.
C. Performing a business impact analysis (BIA).
48
117. Information flow models:
A. Allow for dynamically changing access controls.
B. Ensure one domain does not affect another domain.
C. Ensure that data moves in a way that does not violate security policy.
D. Ensure the system is secure through all state transitions.
C. Ensure that data moves in a way that does not violate security policy.
49
```
119. Which device can Forward, Filter, and Flood?
A. Switch
B. Router
C. Hub
D. Repeater
```
A. Switch
50
120. Which of the following is not a good description of Pretty Good Privacy (PGP)?
A. It uses a web of trust between the participants
B. It uses a hierarchical trust model
C. It was created by Phil Zimmerman
D. It uses passphrases
B. It uses a hierarchical trust model
51
```
122. Which is not a type of service available with ATM?
A. MBR (Minimum Bit Rate)
B. CBR (Constant Bit Rate)
C. UBR (Unspecified Bit Rate)
D. ABR (Available Bit Rate)
```
A. MBR (Minimum Bit Rate)
52
130. A Smurf attack takes advantage of which of the following?
A. ICMP messages to a network’s broadcast address.
B. SYN buffers on a host.
C. Overlapping IP fragments.
D. Oversized ICMP packets.
A. ICMP messages to a network’s broadcast address.
53
131. Which is not true about fair cryptosystems?
A. It splits the private key into different parts.
B. It gives law enforcement access when legally authorized.
C. It escrows the separate key parts with separate escrow agencies.
D. It uses a tamper proof chip.
D. It uses a tamper proof chip.
54
```
132. A system where a user authenticates, is disconnected, and the receiving system connects back to a number in a pre-defined database is also known as which?
A. Callback
B. Call forward
C. Remote Access
D. Port knocking
```
A. Callback
55
```
134. A Sockets (SOCKS) gateways can be classified as which type of firewall?
A. Stateless filtering
B. Stateful filtering
C. Circuit-level
D. Application-level
```
C. Circuit-level
56
136. In configuration management, a configuration item is?
A. The version of the operating system, which is operating on the work station, that provides information security services.
B. A component whose state is to be recorded and against which changes are to be progressed.
C. The network architecture used by the organization.
D. A series of files that contain sensitive information.
B. A component whose state is to be recorded and against which changes are to be progressed.
57
```
139. What can best be described as an abstract machine which it must mediate all
access of subjects to objects?
A. The reference monitor
B. A security domain
C. The security kernel
D. The security perimeter
```
A. The reference monitor
58
141. What is defined as the hardware, firmware and software elements of a trusted
computing base that implement the reference monitor concept?
A. Protection rings
B. A security kernel
C. A protection domain
D. The reference monitor
B. A security kernel
59
```
142. Critical areas should be lighted:
A. Ten feet high and six feet out.
B. Ten feet high and four feet out.
C. Eight feet high and four feet out.
D. Eight feet high and two feet out.
```
D. Eight feet high and two feet out.
60
```
149. A timely review of system access records would be an example of which basic security function?
A. Avoidance
B. Deterrence
C. Prevention
D. Detection
```
D. Detection
61
150. Which of the following is a reasonable response from the intrusion detection system when it detects Internet Protocol (IP) packets where the IP source address is the same as the IP destination address?
A. Allow the packet to be processed by the network and record the event
B. Record selected information about the item and delete the packet
C. Resolve the destination address and process the packet
D. Translate the source address arid resend the packet
B. Record selected information about the item and delete the packet
62
154. Three principal schemes that provide a framework for managing access control are
A. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC).
B. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Layer Based Access Protocol (LBAP).
C. Mandatory Access Control (MAC), Layer Based Access Protocol (LBAP), and Target Based Access Protocol (TBAP).
D. Role Based Access Control (RBAC), Layer Based Access Protocol (LBAP), and Target Based Access Protocol (TBAP).
A. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC).
63
155. When a communication link is subject to monitoring, what is the advantage for using an end-to-end encryption solution over link encryption solution?
A. Cleartext is only available to the sending and receiving entities.
B. Routing information is included in the message transmission protocol.
C. Routing information is encrypted by the originator.
D. Each message has a unique encryption key.
A. Cleartext is only available to the sending and receiving entities.
64
```
156. To which form of access control is a rule based control mechanism usually related?
A. Discretionary Access Control
B. Task-initiated Access Control
C. Subject-dependent Access Control
D. Token-oriented Access Control
```
A. Discretionary Access Control
65
```
158. What role does biometrics have in logical access control?
A. Certification
B. Authorization
C. Authentication
D. Confirmation
```
C. Authentication
66
```
159. When establishing a violation tracking and analysis process, which one of the following parameters is used to keep the quantity of data to manageable levels?
A. Quantity baseline
B. Maximum log size
C. Circular logging
D. Clipping levels
```
D. Clipping levels
67
```
166. What is the role of internet key exchange (IKE) within the IPsec protocol?
A. Enforcing quality of service.
B. Data signature.
C. Data encryption.
D. Peer authentication and key exchange.
```
D. Peer authentication and key exchange.
68
```
169. The Clipper Chip utilizes which concept in public key cryptography?
A. Key Escrow
B. Substitution
C. An undefined algorithm
D. Super strong encryption
```
A. Key Escrow
69
```
176. Copies of the original discs and other media are considered as what type of
evidence?
A. Primary evidence
B. Reliable evidence
C. Hearsay evidence
D. Conclusive evidence.
```
C. Hearsay evidence
70
```
182. What encryption operation is used when AES uses S-boxes during the process of encryption?
A. Substitution
B. Key generation
C. Key exchange
D. Chaining
```
A. Substitution
71
183. Which item is the responsibility of key management?
A. Key generation and destruction
B. Access controls and encryption
C. Key length and algorithm propriety
D. Access control, user authentication and authorization
A. Key generation and destruction
72
```
What is the Clipper Chip key size?
A. 80 bit
B. 64 bit
C. 128 bit
D. 160 bit
```
A. 80 bit
73
189. To speed up RAID disk access, an organization can:
A. Use larger hard drives.
B. Stripe the data across several drives.
C. Mirror critical drives.
D. Disallow ad hoc queries.
B. Stripe the data across several drives.
74
194. Proper change control management involves:
A. Having an undisciplined change control process.
B. Having a well-structured change management process.
C. The immediate implementation of all requested changes so as to assure ultimate customer satisfaction.
D. Assuring that all of the CSO‘s request are immediately implemented.
B. Having a well-structured change management process.
75
196. Trusted recovery may be defined as:
A. Procedures that restore a system and its data in a trusted manner after the system was disrupted or a system failure occurred.
B. Securely restoring a system after a hard drive failure.
C. Finding missing equipment and verifying that security policies were not violated.
D. An operating system regaining a secure state after a brief lapse into an insecure state.
A. Procedures that restore a system and its data in a trusted manner after the system was disrupted or a system failure occurred.
76
197. Which of the following is incorrect with respect to a system cold start:
A. Occurs when an unexpected trusted computer base (TCB) or medial failure happens.
B. Occurs when recovery procedure cannot recover the system to a more consistent state.
C. The system, TCB, and user objects may remain in an inconsistent state while the system attempts to recover itself.
D. Systems administrator intervention is typically not necessary to restore the system.
D. Systems administrator intervention is typically not necessary to restore the system.
77
```
199. ____ tunnels NetBEUI and IPX protocols.
A. PPTP
B. IPsec
C. SSL
D. VPN
```
A. PPTP
78
204. Security guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment.
B. The need to detect unauthorized access.
C. The use of physical force.
D. The operation of access control devices.
A. The use of discriminating judgment.
The Answer: The use of discriminating judgment, a guard can make the determinations that hardware or other automated security devices cannot make due to its ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better at making value decisions at times of incidents. They are appropriate whenever immediate, discriminating judgment is required by the security entity.
The following answers are incorrect:
The use of physical force This is not the best answer. A guard provides discriminating judgment, and the ability to discern the need for physical force. The operation of access control devices A guard is often uninvolved in the operations of an automated access control device such as a biometric reader, a smart lock, mantrap, etc.
The need to detect unauthorized access The primary function of a guard is not to detect unauthorized access, but to prevent unauthorized physical access attempts and may deter social engineering attempts.
79
```
207. This IPsec mode encapsulates the entire IP packet between IPsec nodes.
A. Transport
B. PPP
C. Tunnel
D. GRE
```
C. Tunnel
80
209. Which security measure would be the best deterrent to the theft of corporate information from a laptop which was left in a hotel room?
A. Install a cable lock on the laptop when it is unattended.
B. Encrypt the data on the hard drive.
C. Store all data on disks and lock them in an in-room safe.
D. Remove the batteries and power supply from the laptop and store them separately from the computer.
B. Encrypt the data on the hard drive.
81
```
210. Which of the following is not EPA-approved replacements for Halon?
A. Water
B. NAF-S-III
C. Argon
D. Bromine
```
D. Bromine
82
211. Which of the following statements pertaining to fire suppression systems is true?
A. Soda acid is an effective fire suppression method for class C (electrical) fires.
B. CO2 systems are effective because they suppress the oxygen supply required to sustain the fire.
C. Gas masks provide an effective protection against use of CO2 systems.
D. Halon is commonly used because it is highly effective in the fact that it interferes with the chemical combustion of the elements within a fire.
B. CO2 systems are effective because they suppress the oxygen supply required to sustain the fire.
83
```
212. Which of the following suppresses combustion through a chemical reaction that
kills the fire?
A. Water
B. soda acid
C. Halon
D. CO2
```
C. Halon
84
```
221. The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?
A. Nine feet high and three feet out.
B. Eight feet high and three feet out.
C. Eight feet high and two feet out.
D. Nine feet high and two feet out.
```
C. Eight feet high and two feet out.
85
225. Under what conditions would the use of a Class C fire suppression system be preferable(優於) to the use of a Class A fire suppression system?
A. When the fire is in its incipient stage.
B. When the fire involves electrical equipment.
C. When the fire is caused by flammable products.
D. When the fire is located in an enclosed area.
B. When the fire involves electrical equipment.
86
227. A business continuity plan (BCP) should have a structure that includes:
A. A detailed section on incident and risk assessment covering all the organization's key business activities.
B. A detailed section on incident and risk assessment covering all the organization's business activities.
C. A brief section on incident and risk assessment covering all the organization's key business activities.
D. A brief section on incident and risk assessment covering all the organization's business activities.
A. A detailed section on incident and risk assessment covering all the organization's key business activities.
87
```
228. What should take place in order to restore a server, its files and data after a major system failure?
A. Restore from storage media backup
B. Perform a parallel test
C. Implement recovery procedures
D. Perform a check list test
```
A. Restore from storage media backup
88
230. In addition to preventing loss of life and further injury, what other reason is there to immediately initiate an emergency plan after a disaster?
A. Secure the area to prevent any looting, fraud or vandalism.
B. Reduce likelihood of further damage
C. Protect the site for forensic evidence
D. Investigate the extent of the damages
A. Secure the area to prevent any looting, fraud or vandalism.
89
231. When shopping for an off-site backup facility that will ultimately be used to store all your backup media, what is the most important factor to consider?
A. The backup facility should be within 15 minutes of the original facility.
B. The facility should contain an adequate number of PCs and servers and have raised flooring.
C. The facility should have at least one armed guard.
D. The facility should protect against unauthorized access and entry.
D. The facility should protect against unauthorized access and entry.
90
234. What is the best description of a structured walk through test?
A. It is a test to ensure that the critical systems will run at the alternate site.
B. All departments receive a copy of the disaster recovery plan and walk through it.
C. Representatives from each department come together and go through the test collectively.
D. Operations are shifted to the emergency site and senior management reviews
the plan on a line item by line item basis.
B. All departments receive a copy of the disaster recovery plan and walk through it.
91
236. A business impact analysis would not likely include which of the following tasks?
A. Calculating risk
B. Identifying threats
C. Selecting team members
D. Identifying critical functions of the company
A. Calculating risk
92
```
239. Resuming critical business functions includes:
A. Determining the extent of damage
B. Declaring a disaster
C. Establishing the command center
D. Contacting recovery team members
```
C. Establishing the command center
93
244. Privacy laws generally include which of the following provisions:
A. Individuals have the right to remove data that they do not wish disclosed.
B. Government agencies must ensure that their data is accurate.
C. Government agencies must provide access to all other government agencies.
D. Government agencies may not use data for a purpose other than that for which it was initially collected.
D. Government agencies may not use data for a purpose other than that for which it was initially collected
94
```
245. What is the minimum and customary practice of responsible protection of assets that affects a community or societal norm?
A. Due diligence
B. Risk mitigation
C. Asset protection
D. Due care
```
D. Due care
95
```
247. Evidence may be not detected through:
A. Out of band communications
B. Accidental discovery
C. Audit trail review
D. Real-time intrusion monitoring.
```
B. Accidental discovery
96
```
248. Which of the following is not a valid X.509 V.3 certificate field?
A. Subject’s public key information
B. Subject’s X.500 name
C. Issuer’s unique identifier
D. Subject’s digital signature
```
D. Subject’s digital signature
97
```
250. What are the objectives of emergency actions taken at the beginning stage of a disaster? Preventing injuries, loss of life, and …
A. determining damage.
B. protecting evidence.
C. relocating operations.
D. mitigating damage.
```
D. mitigating damage.
