Information Security

91. An organization recently completed a risk assessment. Based on the findings in the risk assessment, the organization chose to purchase insurance to cover possible losses. This approach is known as:

1. Risk transfer
2. Risk avoidance
3. Risk acceptance
4. Risk reduction

View answer

92. An organization recently underwent an audit of its financial applications. The audit report stated that there were several segregation-of-duties issues that were related to IT support of the application. What does this mean?

1. IT personnel should not have access to financial data.
2. The duties of personnel are not formally defined.
3. IT needs to begin the practice of job rotation.
4. Individuals in IT have too many roles or privileges.

View answer

93. An organization suffered a virus outbreak when malware was downloaded by an employee in a spam message. This outbreak might not have happened had the organization followed what security principle:

1. Heterogeneity
2. Fortress
3. Integrity
4. Defense in depth

View answer

94. An organization that is building a disaster recovery capability needs to re- engineer its application servers to meet new recovery requirements of 40- hour RPO and 24-hour RTO. Which of the following approaches will best meet this objective?

1. Active/Passive server cluster with replication
2. Tape backup and restore to a hot site
3. Tape backup and restore to a cold site
4. Server cluster with shared storage

View answer

95. An organization that is performing a disaster recovery planning project has determined that it needs to have on-site electric power available for as long as ten days, in the event of an electric utility failure. The best approach for this requirement is:

1. Uninterruptible power supply (UPS) and power distribution unit (PDU)
2. Electric generator
3. Uninterruptible power supply (UPS)
4. Uninterruptible power supply (UPS) and electric generator

View answer

96. An organization that wishes to conduct covert video surveillance should consider using:

1. Hidden video cameras
2. Pan/tilt/zoom cameras
3. Night vision cameras
4. Weather-proof cameras

View answer

97. An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an:

1. Intrusion detection system
2. Firewall
3. Application firewall
4. SSL certificate

View answer

98. An organization wishes to purchase an application and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics?

1. Security guidelines
2. Security policies
3. Security requirements
4. Functional requirements

View answer

99. An organization's critical application is required to be continuously available, with only a few minutes' per month of downtime allowed. What measure should the organization implement to assure this level of availability?

1. Server clustering
2. Server clustering and data replication
3. Hot standby site
4. Data replication

View answer

100. An organization's data classification policy includes handling procedures for data at each level of sensitivity. The IT department backs up all data onto magnetic tape, resulting in tapes that contain data at all levels of sensitivity. How should these backup tapes be handled?

1. According to procedures for the lowest sensitivity level
2. According to procedures for the highest sensitivity level
3. According to procedures in between the lowest and highest sensitivity levels
4. Data handling procedures do not apply to backup media, only original media

View answer