1.
What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?
Correct Answer
A. Systems diagramming
Explanation
Cap 2
2.
In a CPMT, a(n) ____ should be a high-level manager with influence and resources that can be used to support the project team, promote the objectives of the CP project, and endorse the results that come from the combined effort.
Correct Answer
D. Champion
Explanation
Cap 2
3.
The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.
Correct Answer
B. Pen/Trap Statute
Explanation
Cap 5
4.
____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up.
Correct Answer
A. Follow-on incidents
Explanation
Cap 9
5.
Information assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction.
Correct Answer
A. Availability
Explanation
Cap 1
6.
____ ensures that only those with the rights and privileges to access information are able to do so.
Correct Answer
A. Confidentiality
Explanation
Cap 1
7.
____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
Correct Answer
A. Mitigation
Explanation
Cap 1
8.
A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organizatio.
Correct Answer
A. Business impact analysis (BIA)
Explanation
Cap 1
9.
Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.
Correct Answer
A. Integrity
Explanation
Cap 1
10.
A(n) ____ is used to anticipate, react to, and recover from events that threaten the security of information and information assets in an organization; it is also used to restore the organization to normal modes of business operations;
Correct Answer
A. Contingency plan
Explanation
Cap 1
11.
The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.
Correct Answer
A. C.I.A. triangle
Explanation
Cap 1
12.
____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
Correct Answer
A. Acceptance
Explanation
Cap 1
13.
The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.
Correct Answer
A. Trespass
Explanation
Cap 1
14.
A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.
Correct Answer
A. Threat
Explanation
Cap 1
15.
A(n) ____ is a plan or course of action used by an organization to convey instructions from its senior management to those who make decisions, take actions, and perform other duties on behalf of the organization.
Correct Answer
A. Policy
Explanation
Cap 1
16.
____ (sometimes referred to as avoidance) is the risk control strategy that attempts to prevent the exploitation of a vulnerability.
Correct Answer
A. Defense
Explanation
Cap 1
17.
____ is the process of moving an organization toward its vision.
Correct Answer
A. Strategic planning
Explanation
Cap 1
18.
A(n) ____ attack&seeks$to*denyiilegitimate@users\access[to>services0byXeither tying up a server's available resources or causing it to shut down.
Correct Answer
A. DoS
Explanation
Cap 1
19.
A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
Correct Answer
A. Incident
Explanation
Cap 1
20.
A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made.
Correct Answer
D. Disaster recovery plan
Explanation
Cap 1
21.
____ assigns a risk rating or score to each information asset. Although this number does not mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.
Correct Answer
D. Risk assessment
Explanation
Cap 1
22.
____ hack systems to conduct terrorist activities through network or Internet pathways.
Correct Answer
D. Cyberterrorists
Explanation
Cap 1
23.
A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.
Correct Answer
C. Business continuity plan
Explanation
Cap 1
24.
____ is a risk control approach that attempts to shift the risk to other assets, other processes, or other organizations.
Correct Answer
A. Transference
Explanation
Cap 1
25.
The ____ job functions and organizational roles focus on protecting the organization's information systems and stored information from attacks.
Correct Answer
B. Information security management and professionals
Explanation
Cap 2
26.
The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.
Correct Answer
A. Mission/business processes
Explanation
Cap 2
27.
The ____ is used to collect information directly from the end users and business managers.
Correct Answer
C. Facilitated data-gathering session
Explanation
Cap 2
28.
A manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.
Correct Answer
C. Work-around procedure
Explanation
Cap 2
29.
The first major business impact analysis task is to analyze and prioritize the organization's business processes based on their relationships to the organization's ____.
Correct Answer
B. Mission
Explanation
Cap 2
30.
Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?
Correct Answer
B. System logs
Explanation
Cap 2
31.
The elements required to begin the ____ process are a planning methodology; a policy environment to enable the planning process; an understanding of the causes and effects of core precursor activities, and access to financial and other resources.
Correct Answer
C. Contingency planning
Explanation
Cap 2
32.
In a CPMT, a(n) ____ leads the project to make sure a sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed.
Correct Answer
C. Project manager
Explanation
Cap 2
33.
The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.
Correct Answer
D. Information technology management and professionals
Explanation
Cap 2
34.
Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.
Correct Answer
A. Community of interest
Explanation
Cap 2
35.
Companies may want to consider budgeting for contributions to employee loss expenses (such as funerals) as well as for counseling services for employees and loved ones as part of ____
Correct Answer
B. Crisis management budgeting
Explanation
Cap 2
36.
The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.
Correct Answer
A. Contingency planning policy
Explanation
Cap 2
37.
The ____ is an investigation and assessment of the impact that various events or incidents can have on the organization.
Correct Answer
D. Business impact analysis
Explanation
Cap 2
38.
The ____ is the point in time, determined by the business unit, from which systems and data can be recovered after an outage.
Correct Answer
D. Recovery point objective
Explanation
Cap 2
39.
The final component to the CPMT planning process is to deal with ____.
Correct Answer
C. Budgeting for contingency operations
Explanation
Cap 2
40.
A CPMT should include _____ who can oversee the security planning of the project and provide information on threats, vulnerabilities, and recovery requirements needed in the planning process.
Correct Answer
B. Information security managers
Explanation
Cap 2
41.
To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of ____.
Correct Answer
A. Redundant equipment
Explanation
Cap 2
42.
The ____ is the period of time within which systems, applications, or functions must be recovered after an outage.
Correct Answer
C. Recovery time objective
Explanation
Cap 2
43.
One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.
Correct Answer
B. Collaboration diagram
Explanation
Cap 2
44.
____ are used for recovery from disasters that threaten on-site backups.
Correct Answer
C. Data archives
Explanation
Cap 3
45.
Considered to be the traditional "lock and copy" approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.
Correct Answer
D. Legacy backup applications
Explanation
Cap 3
46.
A ____ is a synonym for a virtualization application.
Correct Answer
C. Hypervisor
Explanation
Cap 3
47.
____ uses a number of hard drives to store information across multiple drive units.
Correct Answer
C. RAID
Explanation
Cap 3
48.
An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.
Correct Answer
C. Disk-to-disk-to-cloud
Explanation
Cap 3
49.
A(n) ____ is an agreement in which the client agrees not to use the vendor's services to compete directly with the vendor, and for the client not to use vendor information to gain a better deal with another vendor.
Correct Answer
B. Covenant not to compete
Explanation
Cap 3
50.
A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.
Correct Answer
C. Statement of indemnification
Explanation
Cap 3