Description
SEC 340 Quiz Week 2 DeVry
(TCOs 1, 2, 4) A targeted solution to misuse of a specific vulnerability is called a(n) _____.
Exploit
Vulnerability
Control
Safeguard
(TCOs 1, 2, 4) The risk that remains after a control has been applied is called _____.
Pure risk
Residual risk
Dynamic risk
Static risk
(TCOs 1, 2, 4) Which part of the contingency plan provides detailed scenarios of the potential impact of each type of attack?
Incident response plan
Business impact analysis
Disaster recovery plan
Business continuity plan
(TCOs 1, 2, 4) Which is not a role of the contingency planning management team?
Obtaining commitment and support from senior management
Writing the contingency plan document
Conducting the business impact analysis
Conducting the risk assessment
(TCOs 1, 2, 4) Who should set the policy for the contingency planning process?
Executive management
CIO
Contingency planning management team
Incident response team
(TCOs 1, 2, 4) Which of the following is a method or source for collecting data for the BIA?
Online questionnaires
Focus groups
Application and system logs
All of the above
(TCOs 3, 5) Which of the following is not a possible IR team structure model? (TCOs 3, 5) Which of the following is not a possible IR team structure model?
Central IR team
Distributed IR teams
Decentralized IR team
Coordinating IR team
(TCOs 3, 5) The responsibility for creating an organization’s IR plan rests with the _____.
Chief information security officer (CISO)
Chief security officer
Chief executive officer
Chief planning officer
(TCOs 3, 5) An actual incident that occurs but is not reported is called a _____.
False positive
True positive
False negative
True negative
(TCOs 3, 5) An IDS that monitors traffic on a network segment is called a(n) _____.
Switched-port analysis
Application-based IDS
Host-based IDS
Network-based IDS
(TCOs 3, 5) The _____ should provide the incident response plan as its first deliverable.
Emergency response team
Incident response team
IR planning committee
None of the above
(TCOs 3, 5) Which of the following starts with admitting there is a problem?
Crisis intervention
Risk management
Risk assessment
Successful execution of a business continuity plan
(TCOs 3, 5) Confidentiality, integrity, and availability reflect upon the relative _____ of an information system.
Accessibility
Security
Patch level
None of the above
(TCOs 3, 5) Confidentiality refers to the way in which an information system is capable of identifying those who _____.
Do not have the right to know and access information
Are able to audit the system
Created files on that system
Are the system owners
(TCOs 3, 5) Which of the following is not a problem associated with risk management?
It is a distraction
It is expensive
It is not effective
It can be too effective
(TCO 1) The CNSS model of _____ evolved from a concept known as the CIA triangle.
Information assurance
Information technology
Information security
Security standards
(TCO 1) A threat is a category of all of the following except for what?
Objects
Persons
All of the above
None of the above
(TCOs 2, 4) The _____ takes up where the risk assessment process leaves off.
Risk assessment analysis
Business impact analysis
Qualitative evaluation
Business management board
(TCO 5) When a non-event is categorized as an actual incident, it is also known as a _____.
False negative
False positive
Reliable indicator
Threat vector
(TCO 5) False positives or noise often result from which of the following causes in an incident collection candidate?
Placement
Policy
Awareness
All of the above
DeVry Courses helps in providing the best essay writing service. If you need 100% original papers for SEC 340 Quiz Week 2 DeVry, then contact us through call or live chat.
SEC 340 Quiz Week 2 DeVry
Reviews
There are no reviews yet.