Tag - 212-89 exam

Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:A . (Probability of Loss) X (Loss)B . (Loss) / (Probability of Loss)C . (Probability of Loss) / (Loss)D . Significant Risks X...

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?A . Creating new business processes to maintain profitability after incidentB . Providing a standard for testing the...

An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular job role requires the use of those resources. Which of the following is NOT a fundamental element of access...

In a qualitative risk analysis, risk is calculated in terms of:A . (Attack Success + Criticality) C(Countermeasures)B . Asset criticality assessment C (Risks and Associated Risk Levels)C . Probability of Loss X LossD . (Countermeasures + Magnitude of Impact) C (Reports from prior risk assessments)View AnswerAnswer: C

Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part...

Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of an IRT?A . Links the appropriate technology to the incident to ensure that the foundation’s offices are returned to normal operations as...

When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?A . All access rights of the employee to physical locations, networks, systems, applications and data should be disabledB . The organization should enforce separation of dutiesC . The access...

Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?A . An insider intentionally deleting files from a workstationB . An attacker redirecting user to a malicious website and infects his system with TrojanC ....

The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup...

Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical...