- All Exams Instant Download
What is the expected outcome of security awareness in support of a security awareness program?
What is the expected outcome of security awareness in support of a security awareness program?A . Awareness activities should be used to focus on security concerns and respond to those concerns accordinglyB . Awareness is not an activity or part of the training but rather a state of persistence to...
Which of the following is the GREATEST impact on security for the network?
A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade. Which of the following is the GREATEST impact on security...
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions thatA . determine the risk of a business interruption occurringB . determine the technological dependence of the business processesC . Identify the operational impacts of a business interruptionD . Identify the financial impacts...
Which one of the following affects the classification of data?
Which one of the following affects the classification of data?A . Assigned security labelB . Multilevel Security (MLS) architectureC . Minimum query sizeD . Passage of timeView AnswerAnswer: D
When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?A . Only when assets are clearly definedB . Only when standards are definedC . Only when controls are put in placeD . Only procedures...
Which of the following is a characteristic of an internal audit?
Which of the following is a characteristic of an internal audit?A . An internal audit is typically shorter in duration than an external audit.B . The internal audit schedule is published to the organization well in advance.C . The internal auditor reports to the Information Technology (IT) departmentD . Management...
Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?
An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?A . Implement packet filtering on the network...
Which one of the following data integrity models assumes a lattice of integrity levels?
Which one of the following data integrity models assumes a lattice of integrity levels?A . Take-GrantB . BibaC . Harrison-RuzzoD . Bell-LaPadulaView AnswerAnswer: B
What should be implemented to BEST achieve the desired results?
A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results. What should be implemented to BEST achieve the desired results?A . Configuration Management Database (CMDB)B . Source code...
From a security perspective, which of the following assumptions MUST be made about input to an application?
From a security perspective, which of the following assumptions MUST be made about input to an application?A . It is testedB . It is loggedC . It is verifiedD . It is untrustedView AnswerAnswer: D
