Information Security

161. The main reason that a DRP project should have executive support and approval is:

1. A DRP project is very expensive
2. A DRP project requires significant adjustments in the allocation of resources
3. A DRP project requires the redesign of all in-scope IT systems
4. A DRP project requires the redesign of all in-scope business processes

View answer

162. The most effective countermeasures against input attacks are:

1. Input field filtering, application firewall, application vulnerability scanning, and developer training
2. Input field filtering, application firewall, and intrusion prevention system
3. Input field filtering, application firewall, intrusion detection system, and ethical hacking
4. Application firewall, intrusion detection system, and developer training

View answer

163. The most effective way to confirm whether backups function properly is:

1. Confirming the presence of error messages in backup logs
2. Confirming the absence of error messages in backup logs
3. Testing the ability to backup data onto backup media
4. Testing the ability to restore data from backup media

View answer

164. The options for risk treatment are:

1. Risk reduction, risk assumption, risk avoidance, and risk acceptance
2. Risk acceptance, risk reduction, risk transfer, and risk mitigation
3. Risk acceptance, risk reduction, and risk transfer
4. Risk acceptance, risk avoidance, risk reduction, and risk transfer

View answer

165. The owners of files and directories on a file server are able to control which personnel may access those files and directories. The access control model that most closely resembles this is:

1. Role-based access control (RBAC)
2. Mandatory access control (MAC)
3. Discretionary access control (DAC)
4. Multilevel access

View answer

166. The Payment Card Industry Data Security Standard (PCI DSS) requires encryption of credit card in which circumstances:

1. Stored in databases, stored in flat files, and transmitted over public and private networks
2. Stored in databases, and transmitted over public networks
3. Stored in databases, stored in flat files, and transmitted over public networks
4. Stored in databases, and transmitted over public and private networks

View answer

167. The phases of a comprehensive security incident plan are:

1. Declaration, triage, investigation, analysis, containment, recovery, debriefing
2. Investigation, analysis, containment, recovery, debriefing
3. Declaration, triage, containment, recovery, debriefing
4. Declaration, triage, investigation, analysis, documentation, containment, recovery, debriefing

View answer

168. The practical range for Bluetooth is:

1. 100m
2. 300m
3. 30m
4. 10m

View answer

169. The primary advantage of the use of a central management console for anti-virus is:

1. Centralized virus detection
2. Centralized reporting
3. Consolidation of reporting and centralized signature file distribution
4. Centralized signature file distribution

View answer

170. The primary advantage of the use of workstation-based anti-virus is:

1. Virus signature updates can be performed less often
2. Virus signature updates can be performed more often
3. The user can control its configuration
4. This approach can defend against most, if not all, attack vectors

View answer