Which of the following refers to the amount of downtime that a business can endure to survive?

Which of the following considerations should be kept in mind while working on the business continuity planning process?

Each correct answer represents a complete solution. Choose all that apply.

Mark is the project manager of the NHQ project in StarTech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?

Which of the following plans provides measures for disseminating status report to personnel and the public?

What is the order of the steps in the incident cycle?

You work as a Security Professional for uCertify Inc. You are working on a Disaster Recovery Plan (DRP). Which of the following are basic functions of DRP?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the rights that are given to the person who has processed data?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following elements of the PDCA (Plan-Do-Check-Act) methodology describes the objectives and processes required to deliver results according to the customer requirements and the organization's policies?

Andrew is the CEO of uCertify Inc. He wants to improve the resources and revenue of the company. He uses the PDCA methodology to accomplish the task. Which of the following are the phases of the PDCA methodology?

Each correct answer represents a complete solution. Choose all that apply.

David works as the Network Administrator for Blue Well Inc. One of his tasks is to develop and maintain risk management plan. Which of the following are the objectives of risk management plan?

Each correct answer represents a complete solution. Choose all that apply.

An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?

You work as an Information Security Manager for uCertify Inc. You are working on a project related to communications and operations security. Which of the following controls of the ISO standard deals with equipment security?

Which of the following is used to shift the impact of a threat to a third party, together with the ownership of the response?

Which of the following statements about incremental backup are true?

Each correct answer represents a complete solution. Choose two.

Which of the following phases of the PDCA model is the monitoring and controlling phase of the Information Security Management System (ISMS)?

Service Level Agreement (SLA) provides one service for all customers of that service. Which of the following are the contents included by SLAs?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Which of the following standards of information security deals with the employees handling personal data in an organization?

Which of the following states that a user should never be given more privileges than are required to carry out a task?

Which of the following roles is responsible for the review and risk analysis of all the contracts on regular basis?

How many modules are there in FaultTree+?

Which of the following international information security standards is concerned with anticipating and responding to information security breaches?

Qualitative risk analysis includes judgment, intuition, and experience. Which of the following methods are used to perform qualitative risk analysis?

Each correct answer represents a complete solution. Choose all that apply.

The stronger points of CRAMM assist prioritization by providing a countermeasure with high priority if some conditions are met. Which of the following are these conditions?

Each correct answer represents a complete solution. Choose all that apply.

You work as an Information Security Manager for uCertify Inc. You are working on a project related to communications and operations management. Which of the following controls of the ISO standard is concerned with operational procedures and responsibilities?

Which of the following is expressly set up to attract and trap people who attempt to penetrate other people's computer systems?

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to assign ownership of some assets of the organization. Which of the following statements correctly describe the responsibilities of an asset owner?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following tasks are performed by Information Security Management?

Each correct answer represents a complete solution. Choose all that apply.

You work as an Information Security Manager for uCertify Inc. You are working on communication and organization management. You need to create the documentation on change management.

Which of the following are the main objectives of change management?

Each correct answer represents a complete solution. Choose all that apply.

Cigital Risk Management Method was developed by Gary McGraw of Cigital and John Viega of Stonewall Software, and it defines software security risk management process. Choose and re-order the risk management steps that are included in this method.

John works as a Security Administrator for uCertify Inc. As per his past experience, he wants to make a policy stating that any hardware devices containing information about the organization should be destroyed properly before they are thrown. After applying this policy, John will be able to ensure that the information on the devices will not fall into the hands of unauthorized persons after properly discarding the devices.

Which of the following types of policies is John going to create?

Which of the following tools can be used to detect steganography?

Which of the following are steps of vulnerability management programs?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are security design principles required for information protection?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following terms refers to the time duration during which a system or service is unavailable?

Which of the following is used to align and realign IT Services to changing business needs by identifying and implementing improvements to IT services?

You work as an Information Security Manager for uCertify Inc. You are working on the documentation of ISMS. Which of the following steps are concerned with the development of ISMS?

Each correct answer represents a complete solution. Choose all that apply.

Sam uses Monte Carlo simulation to quantitatively assess cost and schedule risks of his project during planning processes. During risk monitoring and control, Sam repeats the technique, but it leads to different results. Which of the following cannot be the reason for the difference in results?

What does CRAMM stand for?

Mark works as a Network Security Administrator for uCertify Inc. He wants to implement a firewall technique over the network to inspect each packet passing through the network and to accept or reject it, based on user-defined rules. Which of the following types of firewall techniques is implemented by Mark to accomplish the task?

Which of the following policies defines the acceptable methods of remotely connecting a system to the internal network?

Which of the following types of viruses is placed into the first sector of the hard drive?

Which of the following paragraphs of the Turnbull Report stated that a company's system of internal control will include information and communication processes?

Which of the following is the method of hiding data within another media type such as graphic or document?

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

You work as a Security Administrator for uCertify Inc. You need to install a honeypot inside network firewalls to monitor and track hackers. What should you install on the system before deploying the honeypot?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Security Administrator for uCertify Inc. You are working on the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. Which of the following should you include in your plan?

Each correct answer represents a complete solution. Choose all that apply.

You work as an Information Security Manager for uCertify Inc. You are working on an asset management plan for protecting software tools used in your organization. Which of the following are included in Software Asset Management (SAM)?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Security Professional for uCertify Inc. You have been assigned the task to calculate the Recovery Time Objective for particular outage duration. Which of the following should be included in the Recovery Time Objective?

Each correct answer represents a complete solution. Choose all that apply.

You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Mark works as a Software Developer for TechNet Inc. He has recently been fired, as he was caught doing some illegal work in the organization. Before leaving the organization, he decided to retaliate against the organization. He deleted some of the system files and made some changes in the registry files created by him. Which of the following types of attacks has Mark performed?

Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?

In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?

You work as a Network Security Administrator for uCertify Inc. Your organization has set up a new Internet connection in place of the previous one. It is your responsibility to ensure that employees use the Internet only for official purposes. While reviewing Internet usages, you find that a few people have traversed and downloaded some inappropriate and illegal information. You want to make a policy to stop all these activities in the future. Which of the following policies will you implement to accomplish the task?

Which of the following paragraphs of the Turnbull Report stated that a company's internal control system encompasses the policies, processes, tasks, behaviors, and other aspects of the company?

Which of the following statements is true about annualized loss expectancy?

Mark works as a System Administrator for uCertify Inc. He is responsible for securing the network of the organization. He is configuring some of the advanced features of the Windows firewall so that he can block the client machine from responding to pings. Which of the following advanced setting types should Mark change for accomplishing the task?

Which of the following statements are true about Regulation of Investigatory Powers Act 2000?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?

Which of the following should be considered while calculating the costs of the outage?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the basics of Business Continuity Management?

Each correct answer represents a complete solution. Choose all that apply.

You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?

The disciplined and structured process, that integrates information security and risk management activities into the System Development Life Cycle, is provided by the risk management framework.

Choose the appropriate RMF steps.

A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee's verification in the organization?

Which of the following is the element used in the technology of encrypting and decrypting the text in cryptography?

Which of the following surveys found that the smaller organizations had had a better understanding of their information assets?

You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to make a document on the usage of information assets. Which of the following controls of the ISO standard deals with the documentation and implementation of rules for the acceptable use of information assets?