- All Exams Instant Download
The goal of a Business Impact Analysis (BIA) is to determine which of the following?
The goal of a Business Impact Analysis (BIA) is to determine which of the following?A . Cost effectiveness of business recoveryB . Cost effectiveness of installing software security patchesC . Resource priorities for recovery and Maximum Tolerable Downtime (MTD)D . Which security measures should be implementedView AnswerAnswer: C
What principle requires that a user be given no more privilege then necessary to perform a job?
What principle requires that a user be given no more privilege then necessary to perform a job?A . Principle of aggregate privilege.B . Principle of most privilege.C . Principle of effective privilege.D . Principle of least privilege.View AnswerAnswer: D
Which of the following are functions that are compatible in a properly segregated environment?
Which of the following are functions that are compatible in a properly segregated environment?A . Application programming and computer operationB . Systems programming and job control analysisC . Access authorization and database administrationD . Systems development and systems maintenanceView AnswerAnswer: D
Which cryptographic algorithm is used to create the user's public key?
FOR THIS QUESTION, REFER TO THE FOLLOWING INFORMATION The security practitioner is charged with implementing e-mail security using a cryptographic standard of the security practitioner’s choice. The security practitioner chooses an open Pretty Good Privacy (PGP) implementation. Which cryptographic algorithm is used to create the user's public key?A . ElGamalB...
Which of the following is not a valid reason to use external penetration service firms rather than corporate resources?
Which of the following is not a valid reason to use external penetration service firms rather than corporate resources?A . They are more cost-effectiveB . They offer a lack of corporate biasC . They use highly talented ex-hackersD . They insure a more complete reportingView AnswerAnswer: C
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?A . Install mantraps at the building entrancesB . Enclose the personnel entry area with polycarbonate plasticC . Supply a duress alarm for personnel exposed to the...
What is the main concern with single sign-on?
What is the main concern with single sign-on?A . Maximum unauthorized access would be possible if a password is disclosed.B . The security administrator's workload would increase.C . The users' password would be too hard to remember.D . User access rights would be increased.View AnswerAnswer: A Explanation: A major concern...
Which one of the following is a characteristic of a penetration testing project?
Which one of the following is a characteristic of a penetration testing project?A . The project is open-ended until all known vulnerabilities are identified.B . The project schedule is plotted to produce a critical path.C . The project tasks are to break into a targeted system.D . The project plan...
A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?
A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?A . ApplicationB . TransportC . NetworkD . Data LinkView AnswerAnswer: A
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?A . Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be takenB . Technical teams will understand the testing objectives, testing strategies applied, and...
