NEW QUESTION 1
Which of the following statements are true about a hot site? Each correct answer represents a complete solution. Choose all that apply.

• A. It can be used within an hour for data recovery.
• B. It is cheaper than a cold site but more expensive than a worm site.
• C. It is the most inexpensive backup site.
• D. It is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data.

Answer: AD

NEW QUESTION 2
Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

• A. Managed level
• B. Defined level
• C. Fundamental level
• D. Repeatable level

Answer: C

NEW QUESTION 3
Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

• A. UDP port 161
• B. TCP port 443
• C. TCP port 110
• D. UDP port 1701

Answer: D

NEW QUESTION 4
Which of the following statements about the availability concept of Information security management is true?

• A. It determines actions and behaviors of a single individual within a system.
• B. It ensures reliable and timely access to resources.
• C. It ensures that unauthorized modifications are not made to data byauthorized personnel or processes.
• D. It ensures that modifications are not made to data by unauthorized personnel or processe

Answer: B

NEW QUESTION 5
Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choose all that apply.

• A. Performing quality control
• B. Recreating and analyzing the problem
• C. Developing the changes and corresponding tests
• D. Establishing the priorities of requests

Answer: ABC

NEW QUESTION 6
Which of the following is a variant with regard to Configuration Management?

• A. A CI thathas the same name as another CI but shares no relationship.
• B. A CI that particularly refers to a hardware specification.
• C. A CI that has the same essential functionality as another CI but a bit different in some small manner.
• D. A CI that particularly refers to a software versio

Answer: C

NEW QUESTION 7
Which of the following liabilities is a third-party liability in which an individual may be responsible for an
action by another party?

• A. Relational liability
• B. Engaged liability
• C. Contributory liability
• D. Vicarious liability

Answer: D

NEW QUESTION 8
Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

• A. IFB
• B. RFQ
• C. RFP
• D. RFI

Answer: D

NEW QUESTION 9
Which of the following laws is defined as the Law of Nations or the legal norms that has developed through the customary exchanges between states over time, whether based on diplomacy or aggression?

• A. Customary
• B. Tort
• C. Criminal
• D. Administrative

Answer: A

NEW QUESTION 10
Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.

• A. Confidentiality
• B. Integrity
• C. Availability
• D. Privacy

Answer: ABC

NEW QUESTION 11
Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

• A. Child Pornography Prevention Act (CPPA)
• B. USA PATRIOT Act
• C. Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)
• D. Sexual Predators Act

Answer: D

NEW QUESTION 12
Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?

• A. WinHex
• B. Vedit
• C. Device Seizure
• D. FAR system

Answer: D

NEW QUESTION 13
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

• A. Project contractual relationship with the vendor
• B. Project management plan
• C. Project communications plan
• D. Project scope statement

Answer: B

NEW QUESTION 14
Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

• A. Emergency-management team
• B. Damage-assessment team
• C. Off-site storage team
• D. Emergency action team

Answer: D

NEW QUESTION 15
You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel).
What is this an example of?

• A. The principle of maximum control.
• B. The principle of least privileges.
• C. Proper use of an ACL.
• D. Poor resource managemen

Answer: B

NEW QUESTION 16
Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

• A. Utility model
• B. Cookie
• C. Copyright
• D. Trade secret

Answer: D

NEW QUESTION 17
Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

• A. Determining what level of classification the information requires
• B. Running regular backups and routinely testing the validity of the backup data
• C. Controlling access, adding and removing privileges for individual users
• D. Performing data restoration from the backups when necessary

Answer: BCD

NEW QUESTION 18
You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?

• A. Configuration identification
• B. Physical configuration audit
• C. Configuration control
• D. Functional configuration audit

Answer: B

NEW QUESTION 19
Which of the following statements is true about auditing?

• A. It is used to protect the network against virus attacks.
• B. It is used to track user accounts for file and object access, logon attempts, etc.
• C. It is used to secure the network or the computers on the network.
• D. It is used to prevent unauthorized access to network resource

Answer: B

NEW QUESTION 20
Which of the following rate systems of the Orange book has no security controls?

• A. D-rated
• B. C-rated
• C. E-rated
• D. A-rated

Answer: A

NEW QUESTION 21
Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

• A. Configuration management
• B. Risk management
• C. Procurement management
• D. Change management

Answer: A

NEW QUESTION 22
Which of the following is the best method to stop vulnerability attacks on a Web server?

• A. Using strong passwords
• B. Configuring a firewall
• C. Implementing the latest virus scanner
• D. Installing service packs and updates

Answer: D

NEW QUESTION 23
Which of the following penetration testing phases involves reconnaissance or data gathering?

• A. Attack phase
• B. Pre-attack phase
• C. Post-attack phase
• D. Out-attack phase

Answer: B

NEW QUESTION 24
Which of the following security models focuses on data confidentiality and controlled access to classified information?

• A. Bell-La Padula model
• B. Take-Grant model
• C. Clark-Wilson model
• D. Biba model

Answer: A

NEW QUESTION 25
What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

• A. Maintain and Monitor
• B. Organization Vulnerability
• C. Define Policy
• D. Baseline the Environment

Answer: ACD

NEW QUESTION 26
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each correct answer represents a part of the solution. Choose three.

• A. Protect an organization from major computer services failure.
• B. Minimizethe risk to the organization from delays in providing services.
• C. Guarantee the reliability of standby systems through testing and simulation.
• D. Maximize the decision-making required by personnel during a disaste

Answer: ABC

NEW QUESTION 27
Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

• A. 18 U.S.
• B. 1362
• C. 18 U.S.
• D. 1030
• E. 18 U.S.
• F. 1029
• G. 18 U.S.
• H. 2701
• I. 18 U.S.
• J. 2510

Answer: A

NEW QUESTION 28
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

• A. Risk mitigation
• B. Risk transfer
• C. Risk acceptance
• D. Risk avoidance

Answer: B

NEW QUESTION 29
......