Quiz # 7 | Chapters 4 & 8
Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore? a. 2 b. 3 c. 1 d. 4
2 - will need to perform Sunday full back up and Wednesday differential back up
True or False? Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).
False
True or False? A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
True
True or False? A personnel safety plan should include an escape plan.
True
Which one of the following is an example of a direct cost that might result from a business disruption? a. Damaged reputation b. Facility repair c. Lost market share d. Lost customers
b. Facility repair
Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer? a. Mobile b. Supervisory Control and Data Acquisition (SCADA) c. Mainframe d. Embedded
b. Supervisory Control and Data Acquisition (SCADA)
What term describes the risk that exists after an organization has performed all planned countermeasures and controls? a. Transparent risk b. Business risk c. Residual risk d. Total risk
c. Residual Risk
True or False? The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
True or False? The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.
True
Which one of the following is the best example of an authorization control? a. Access control lists b. One-time password c. Digital certificate d. Biometric device
a. Access control lists
What term describes the longest period of time that a business can survive without a particular critical system? a. Maximum tolerable downtime (MTD) b. Recovery point objective (RPO) c. Emergency operations center (EOC) d. Recovery time objective (RTO)
a. Maximum tolerable downtime (MTD)
What level of technology infrastructure should you expect to find in a cold site alternative data center facility? a. No technology infrastructure b. Hardware and data that mirror the primary site c. Basic computer hardware d. Hardware that mirrors the primary site, but no data
a. No technology infrastructure
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation? a. 18 b. 11 c. 15 d. 13
d. 13
What is a key principle of risk management programs? a. Apply controls in ascending order of risk. b. Security controls should be protected through the obscurity of their mechanisms. c. Risk avoidance is superior to risk mitigation. d. Don't spend more to protect an asset than it is worth
d. Don't spend more to protect an asset than it is worth
True or False? A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
False
Which formula is typically used to describe the components of information security risks? a. Risk = Threat X Vulnerability b. Risk = Likelihood X Vulnerability c. Risk = Vulnerability X Cost d. Risk = Threat X Likelihood
a. Risk = Threat X Vulnerability
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered? a. Vulnerability b. Impact c. Risk d. Threat
a. Vulnerability
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation? a. Warm site b. Hot site c. Primary site d. Cold site
a. Warm site
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario? a. Full interruption test b. Checklist test c. Simulation test d. Parallel test
d. Parallel test
Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take? a. Avoid b. Transfer c. Accept d. Reduce
d. Reduce