Which of the following fields of management focuses on establishing and maintaining consistency of a system’s or product’s performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?
- A . Configuration management
- B . Risk management
- C . Procurement management
- D . Change management
Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.
- A . TLS
- B . PGP
- C . S/MIME
- D . IPSec
You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident.
Which of the following steps of an incident handling process was performed by the incident response team?
- A . Containment
- B . Eradication
- C . Preparation
- D . Identification
Which of the following is the process performed between organizations that have unique hardware or software that cannot be maintained at a hot or warm site?
- A . Cold sites arrangement
- B . Business impact analysis
- C . Duplicate processing facilities
- D . Reciprocal agreements
Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?
- A . Data diddling
- B . Wiretapping
- C . Eavesdropping
- D . Spoofing
Which of the following penetration testing phases involves reconnaissance or data gathering?
- A . Attack phase
- B . Pre-attack phase
- C . Post-attack phase
- D . Out-attack phase
Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. The impact might be financial or operational.
Which of the following are the objectives related to the above phase in which Mark is involved? Each correct answer represents a part of the solution. Choose three.
- A . Resource requirements identification
- B . Criticality prioritization
- C . Down-time estimation
- D . Performing vulnerability assessment
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?
- A . Business continuity plan
- B . Disaster recovery plan
- C . Continuity of Operations Plan
- D . Contingency plan
Which of the following protocols is used with a tunneling protocol to provide security?
- A . FTP
- B . IPX/SPX
- C . IPSec
- D . EAP
Which of the following subphases are defined in the maintenance phase of the life cycle models?
- A . Change control
- B . Configuration control
- C . Request control
- D . Release control
Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?
- A . Non-repudiation
- B . Confidentiality
- C . Authentication
- D . Integrity
Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.
- A . It performs vulnerability/threat analysis assessment.
- B . It identifies and generates IA requirements.
- C . It provides data needed to accurately assess IA readiness.
- D . It provides for entry and storage of individual system data.
Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application.
Which of the following laws are used to protect a part of software?
- A . Code Security law
- B . Trademark laws
- C . Copyright laws
- D . Patent laws
Which of the following is the best method to stop vulnerability attacks on a Web server?
- A . Using strong passwords
- B . Configuring a firewall
- C . Implementing the latest virus scanner
- D . Installing service packs and updates
Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?
- A . Managed level
- B . Defined level
- C . Fundamental level
- D . Repeatable level
Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?
- A . Emergency-management team
- B . Damage-assessment team
- C . Off-site storage team
- D . Emergency action team
Which of the following security models dictates that subjects can only access objects through applications?
- A . Biba-Clark model
- B . Bell-LaPadula
- C . Clark-Wilson
- D . Biba model
Which of the following relies on a physical characteristic of the user to verify his identity?
- A . Social Engineering
- B . Kerberos v5
- C . Biometrics
- D . CHAP
Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.
- A . Data downloading from the Internet
- B . File and object access
- C . Network logons and logoffs
- D . Printer access
You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly.
What type of security audit do you need to conduct to resolve the problem?
- A . Operational audit
- B . Dependent audit
- C . Non-operational audit
- D . Independent audit
Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?
- A . Gramm-Leach-Bliley Act
- B . Computer Fraud and Abuse Act
- C . Computer Security Act
- D . Digital Millennium Copyright Act
SIMULATION
Fill in the blank with an appropriate phrase.________ models address specifications, requirements, and design, verification and validation, and maintenance activities.
You are the project manager of the GHE Project.
You have identified the following risks with the characteristics as shown in the following figure:
How much capital should the project set aside for the risk contingency reserve?
- A . $142,000
- B . $232,000
- C . $41,750
- D . $23,750
Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two.
- A . It can be achieved by installing service packs and security updates on a regular basis.
- B . It is used for securing the computer hardware.
- C . It can be achieved by locking the computer room.
- D . It is used for securing an operating system.
Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.
- A . Editor
- B . Custodian
- C . Owner
- D . Security auditor
- E . User
Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."
- A . Monitor and Control Risks
- B . Identify Risks
- C . Perform Qualitative Risk Analysis
- D . Perform Quantitative Risk Analysis
Walter is the project manager of a large construction project. He’ll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk.
What should Walter also update in this scenario considering the risk event?
- A . Project contractual relationship with the vendor
- B . Project management plan
- C . Project communications plan
- D . Project scope statement
You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project.
Where should you document the proposed responses and the current status of all identified risks?
- A . Risk management plan
- B . Lessons learned documentation
- C . Risk register
- D . Stakeholder management strategy
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.
- A . Vulnerability Assessment and Penetration Testing
- B . Security Certification and Accreditation (C&A)
- C . Change and Configuration Control
- D . Risk Adjustments
Which of the following can be prevented by an organization using job rotation and separation of duties policies?
- A . Collusion
- B . Eavesdropping
- C . Buffer overflow
- D . Phishing
Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution.
Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply.
- A . Names of the victims
- B . Location of each incident
- C . Nature of harassment
- D . Date and time of incident
Which of the following types of evidence is considered as the best evidence?
- A . A copy of the original document
- B . Information gathered through the witness’s senses
- C . The original document
- D . A computer-generated record
What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.
- A . Troubleshooting
- B . Investigation
- C . Upgradation
- D . Backup
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
- A . SSAA
- B . FITSAF
- C . FIPS
- D . TCSEC
Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?
- A . Vulnerability analysis
- B . Cost-benefit analysis
- C . Gap analysis
- D . Requirement analysis
A contract cannot have provisions for which one of the following?
- A . Subcontracting the work
- B . Penalties and fines for disclosure of intellectual rights
- C . A deadline for the completion of the work
- D . Illegal activities
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc.
Which of the following risk management techniques is your company using?
- A . Risk mitigation
- B . Risk transfer
- C . Risk acceptance
- D . Risk avoidance
You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose of the security awareness, training and education program.
What will be your answer?
- A . It improves the possibility for career advancement of the IT staff.
- B . It improves the security of vendor relations.
- C . It improves the performance of a company’s intranet.
- D . It improves awareness of the need to protect system resources.
You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data.
What is this called?
- A . Availability
- B . Encryption
- C . Integrity
- D . Confidentiality
What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?
- A . Scope Verification
- B . Project Management Information System
- C . Integrated Change Control
- D . Configuration Management System
Electronic communication technology refers to technology devices, such as computers and cell phones, used to facilitate communication.
Which of the following is/are a type of electronic communication? Each correct answer represents a complete solution. Choose all that apply.
- A . Internet telephony
- B . Instant messaging
- C . Electronic mail
- D . Post-it note
- E . Blogs
- F . Internet teleconferencing
You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project.
A teaming agreement is an example of what risk response?
- A . Mitigation
- B . Sharing
- C . Acceptance
- D . Transference
Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?
- A . HIPAA
- B . COPPA
- C . FERPA
- D . GLBA
Which of the following steps is the initial step in developing an information security strategy?
- A . Perform a technical vulnerabilities assessment.
- B . Assess the current levels of security awareness.
- C . Perform a business impact analysis.
- D . Analyze the current business strategy.
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.
- A . It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
- B . It determines the actions and behaviors of a single individual within a system
- C . It ensures that modifications are not made to data by unauthorized personnel or processes.
- D . It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.
Which of the following contract types is described in the statement below? "This contract type provides no incentive for the contractor to control costs and hence is rarely utilized."
- A . Cost Plus Fixed Fee
- B . Cost Plus Percentage of Cost
- C . Cost Plus Incentive Fee
- D . Cost Plus Award Fee
Ned is the program manager for his organization and he’s considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples.
What type of a document should Ned send to the vendor?
- A . IFB
- B . RFQ
- C . RFP
- D . RFI
Against which of the following does SSH provide protection? Each correct answer represents a complete solution. Choose two.
- A . IP spoofing
- B . Broadcast storm
- C . Password sniffing
- D . DoS attack
What is a stakeholder analysis chart?
- A . It is a matrix that documents stakeholders’ threats, perceived threats, and communication needs.
- B . It is a matrix that identifies all of the stakeholders and to whom they must report to.
- C . It is a matrix that documents the stakeholders’ requirements, when the requirements were created, and when the fulfillment of the requirements took place.
- D . It is a matrix that identifies who must communicate with whom.
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?
- A . Disaster Recovery Plan
- B . Continuity of Operations Plan
- C . Contingency Plan
- D . Business Continuity Plan
You are a project manager of a large construction project. Within the project you are working with several vendors to complete different phases of the construction. Your client has asked that you arrange for some of the materials a vendor is to install next week in the project to be changed.
According to the change management plan what subsystem will need to manage this change request?
- A . Cost
- B . Resources
- C . Contract
- D . Schedule
Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?
- A . The Configuration Manager
- B . The Supplier Manager
- C . The Service Catalogue Manager
- D . The IT Service Continuity Manager
In which of the following SDLC phases is the system’s security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?
- A . Initiation Phase
- B . Development/Acquisition Phase
- C . Implementation Phase
- D . Operation/Maintenance Phase
Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?
- A . Malicious Communications Act (1998)
- B . Anti-Cyber-Stalking law (1999)
- C . Stalking Amendment Act (1999)
- D . Stalking by Electronic Communications Act (2001)
Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?
- A . CSIRT
- B . CERT
- C . FIRST
- D . FedCIRC
Which of the following statements is related with the first law of OPSEC?
- A . If you are not protecting it (the critical and sensitive information), the adversary wins!
- B . If you don’t know what to protect, how do you know you are protecting it?
- C . If you don’t know about your security resources you could not protect your network.
- D . If you don’t know the threat, how do you know what to protect?
Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes.
Who decides the category of a change?
- A . The Problem Manager
- B . The Process Manager
- C . The Change Manager
- D . The Service Desk
- E . The Change Advisory Board
Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?
- A . Direct
- B . Circumstantial
- C . Incontrovertible
- D . Corroborating
Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?
- A . PROTECT Act
- B . Sexual Predators Act
- C . Civil Rights Act of 1991
- D . The USA Patriot Act of 2001
Which of the following policies helps reduce the potential damage from the actions of one person?
- A . CSA
- B . Risk assessment
- C . Separation of duties
- D . Internal audit
The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes.
Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose three.
- A . Request for Change
- B . Service Request Management
- C . Change
- D . Forward Schedule of Changes
Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?
- A . Initial analysis, request for service, data collection, data reporting, data analysis
- B . Initial analysis, request for service, data collection, data analysis, data reporting
- C . Request for service, initial analysis, data collection, data analysis, data reporting
- D . Request for service, initial analysis, data collection, data reporting, data analysis
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
- A . The Service Level Manager
- B . The Configuration Manager
- C . The IT Security Manager
- D . The Change Manager
James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes.
According to James, which of the following maturity levels of software CMM focuses on the continuous process improvement?
- A . Repeatable level
- B . Defined level
- C . Initiating level
- D . Optimizing level
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
- A . Patent
- B . Utility model
- C . Snooping
- D . Copyright
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location.
However, budget is an issue.
Which of the following is most appropriate for this client?
- A . Cold site
- B . Off site
- C . Hot site
- D . Warm site
Which of the following is a process of monitoring data packets that travel across a network?
- A . Password guessing
- B . Packet sniffing
- C . Shielding
- D . Packet filtering
Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources.
In which of the following types of office sites is he working?
- A . Mobile site
- B . Warm site
- C . Cold site
- D . Hot site
You are documenting your organization’s change control procedures for project management.
What portion of the change control process oversees features and functions of the product scope?
- A . Configuration management
- B . Product scope management is outside the concerns of the project.
- C . Scope change control system
- D . Project integration management
Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?
- A . Spam
- B . Patent
- C . Artistic license
- D . Phishing