212-89

A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?A . Procedure to identify security funds to hedge riskB . Procedure to monitor the efficiency of security...

Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user’s information and system. These programs may unleash dangerous programs that may erase the unsuspecting user’s disk and send the victim’s credit card numbers and passwords to a stranger.A ....

Which policy recommends controls for securing and tracking organizational resources:A . Access control policyB . Administrative security policyC . Acceptable use policyD . Asset control policyView AnswerAnswer: D

An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:A . It helps calculating intangible losses to the organization due to incidentB ....

An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?A . Loss of goodwillB . Damage to corporate reputationC ....

Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:A . (Probability of Loss) X (Loss)B . (Loss) / (Probability of Loss)C . (Probability of Loss) / (Loss)D . Significant Risks X...

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?A . Creating new business processes to maintain profitability after incidentB . Providing a standard for testing the...

An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular job role requires the use of those resources. Which of the following is NOT a fundamental element of access...

In a qualitative risk analysis, risk is calculated in terms of:A . (Attack Success + Criticality) C(Countermeasures)B . Asset criticality assessment C (Risks and Associated Risk Levels)C . Probability of Loss X LossD . (Countermeasures + Magnitude of Impact) C (Reports from prior risk assessments)View AnswerAnswer: C

Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part...