Information Security Questions - Set 3

Where should resource requirements for information security initially be identified?

In the strategy - it must define the requirements for the resources.

95. Which of the following would NOT be on a list of parties to notify in the event of a disaster-related emergency: a. Civil authorities b. Utilities c. Shareholders d. Customers

b. Utilities

79. The activity that is concerned with the continuation of business operations is: a. Emergency Response Procedures b. Disaster Recovery Planning c. Business Continuity Planning d. Business Impact Analysis

c. Business Continuity Planning

91. The purpose of a server cluster includes all of the following EXCEPT: a. Improve an application's availability b. Increase an application's capacity c. Increase an application's data storage d. Provide fault tolerance

c. Increase an application's data storage

94. The first priority for disaster response should be: a. Backup media b. Paper records c. Personnel safety d. Remote access

c. Personnel safety

81. An organization is about to start its first disaster recovery planning project. The project manager is responsible for choosing project team members. Which staff members should be chosen for this project? a. The project should use outsourced technical experts b. The least experienced team members c. The most experienced team members d. The project should use outsourced disaster recovery planning experts.

c. The most experienced team members

96. Why is disaster recovery-related training a vital component in a DRP project? a. The plan will be able to be certified b. Recovery is performed by outside organizations c. The personnel who are most familiar with systems may be unavailable during a disaster d. Personnel may be unfamiliar with recovery procedures

c. The personnel who are most familiar with systems may be unavailable during a disaster

76. The primary reason for classifying disasters as natural or man-made is: a. To correctly determine their probable impact b. To correctly determine their probability of occurrence c. To classify different types of events to better understand them d. To determine which contingency plans need to be carried out

c. To classify different types of events to better understand them

87. The purpose of a parallel test is: a. To determine the ability to perform live business transactions on backup systems instead of on production systems b. To determine the ability for a recovery test to be interrupted c. To determine the ability to perform live business transactions on production systems and backup systems at the same time d. To determine the ability for the last minute substitution of a recovery team

c. To determine the ability to perform live business transactions on production systems and backup systems at the same time

88. The greatest risk related to a cutover test is: a. If backup servers do not function correctly, the test will fail b. A cutover test tests only the live load and not the switchover c. A cutover test tests only the switchover and not the live load d. If backup servers do not function correctly, critical business processes may fail

d. If backup servers do not function correctly, critical business processes may fail

84. Benefits from disaster recovery and business continuity planning include all of the following EXCEPT: a. Improved system resilience b. Process improvements c. Improved market advantage d. Improved performance

d. Improved performance

78. The primary impact of a pandemic on an organization is: a. Significant disruptions of public utilities b. Significant disruptions of transportation systems c. Large numbers of casualties that reduce the demand for services d. Long periods of employee absenteeism that impact the organization's ability to provide services

d. Long periods of employee absenteeism that impact the organization's ability to provide services

98. The definition of Recovery Point Objective (RPO) is: a. The location of the recovery site b. The maximum amount of downtime c. The method used to recover backup data d. The maximum amount of data loss

d. The maximum amount of data loss

93. An organization that is performing a disaster recovery planning project has determined that it needs to have on-site electric power available for as long as ten days, in the event of an electric utility failure. The best approach for this requirement is: a. Uninterruptible power supply (UPS) and power distribution unit (PDU) b. Electric generator c. Uninterruptible power supply (UPS) d. Uninterruptible power supply (UPS) and electric generator

d. Uninterruptible power supply (UPS) and electric generator

Data Security Responsibility in an Organization

Data Custodians - Includes ensuring that appropriate security measures are maintained and are consistent with organizational policy. Executive management - Hold overall responsibility for protection of the information assets. Data owners - Determine data classification levels for information assets so that appropriate levels of controls can be provided to meet the requirements relating to confidentiality, integrity and availability. IT Developers - responsible for Implementation of information security in products

83. In what sequence should a disaster recovery planning project be performed? a. Business Impact Analysis, Maximum Tolerable Downtime, Recovery Point Objective, Recovery Time Objective, training, testing b. Survey business processes, threat and risk analysis, develop recovery targets, criticality analysis c. Project plan, risk assessment, statements of impact, criticality analysis, recovery targets, test recovery plans d. Project plan, Business Impact Analysis, develop recovery plans, train personnel, test recovery plans

Project plan, Business Impact Analysis, Develop recovery plans, Train personnel, Test recovery plans

When is access control is most effective?

When it ensures all user activities are uniquely identifiable for accountability purposes.

90. An organization that is building a disaster recovery capability needs to re- engineer its application servers to meet new recovery requirements of 40- hour RPO and 24-hour RTO. Which of the following approaches will best meet this objective? a. Active/Passive server cluster with replication b. Tape backup and restore to a hot site c. Tape backup and restore to a cold site d. Server cluster with shared storage

a. Active/Passive server cluster with replication

77. For the purpose of business continuity and disaster recovery planning, the definition of a "disaster" is: a. Any event that impairs the ability of an organization to continue operating b. Any natural event that impairs the ability of an organization to continue operating c. Any man-made event that impairs the ability of an organization to continue operating d. Any event that impairs the ability of an organization's IT systems to continue operating

a. Any event that impairs the ability of an organization to continue operating

82. At the beginning of a disaster recovery planning project, the project team will be compiling a list of all of the organization's most important business processes. This phase of the project is known as: a. Business Impact Analysis b. Risk Analysis c. Business Process Analysis d. Determination of maximum tolerable downtime (MTD)

a. Business Impact Analysis

97. Why is it important to understand the cost of downtime of critical business processes? a. Management will be able to make decisions about the cost of mitigating controls and contingency plans b. Management will be able to determine which processes are the most critical c. Management will be able to establish a training budget d. Management will be able to compare recovery costs with those in similar organizations

a. Management will be able to make decisions about the cost of mitigating controls and contingency plans

86. The purpose of a cutover test is: a. To determine the ability to perform live business transactions on backup systems instead of on production systems b. To determine the ability for a recovery test to be interrupted c. To determine the ability to perform live business transactions on production systems and backup systems at the same time d. To determine the ability for the last minute substitution of a recovery team

a. To determine the ability to perform live business transactions on backup systems instead of on production systems

92. The purpose of off-site media storage is: a. To protect media from damage in the event of a disaster b. To protect media from theft c. To provide additional storage not available on-site d. To meet regulatory requirements for media protection

a. To protect media from damage in the event of a disaster

89. A project team has just completed building the organization's business continuity plan. Which of the following tests should be performed first? a. Walkthrough b. Simulation c. Parallel test d. Cutover test

a. Walkthrough

80. The main reason that a DRP project should have executive support and approval is: a. A DRP project is very expensive b. A DRP project requires significant adjustments in the allocation of resources c. A DRP project requires the redesign of all in-scope IT systems d. A DRP project requires the redesign of all in-scope business processes

b. A DRP project requires significant adjustments in the allocation of resources

85. The types of BCP and DRP tests are: a. Document review, walkthrough, parallel test, cutover test b. Document review, walkthrough, simulation, parallel test, cutover test c. Document review, walkthrough, sanity test, parallel test, cutover test d. Walkthrough, simulation, parallel test, cutover test, live test

b. Document review, walkthrough, simulation, parallel test, cutover test

100. A DRP project team has determined that the RTO for a specific application shall be set to 180 minutes. Which option for a recovery system will best meet the application's recovery needs? a. Hot standby systems and tape recovery b. Server clustering and data replication c. Warm standby systems and tape recovery d. Cold site and tape recovery

b. Server clustering and data replication

99. The definition of Recovery Time Objective (RTO) is: a. The location of the recovery site b. The maximum amount of downtime c. The method used to recover backup data d. The maximum amount of data loss

b. The maximum amount of downtime