Question 1

0.5 out of 0.5 points

Which of the following determines the scope of the breach of confidentiality,

integrity, and availability of information and information assets?
Answer
Selected Answer:

b.
incident damage assessment

Correct Answer:

b.
incident damage assessment

Question 2

0 out of 0.5 points

In which level of planning are budgeting, resource allocation, and manpower

critical components?

Correct Answer:

c.
tactical

Question 3

0.5 out of 0.5 points

A risk assessment is performed during which phase of the SecSDLC?

Answer
Selected Answer:

c.
analysis

Correct Answer:

c.
analysis

Question 4

0.5 out of 0.5 points

Which of the following is a tool that can be useful in resolving the issue of
what business function is the most critical?
Answer
Selected Answer:

a.
weighted analysis tool

Correct Answer:

a.
weighted analysis tool

Question 5

0 out of 0.5 points

Which of the following set the direction and scope of the security process and
provide detailed instruction for its conduct?
Answer
Selected Answer:

a.
technical controls

Correct Answer:

d.
managerial controls

Question 6

0.5 out of 0.5 points

What are the two general methods for implementing technical controls?
Answer
Selected Answer:

a.
access control lists and configuration rules

Correct Answer:

a.
access control lists and configuration rules

Question 7

0 out of 0.5 points

What is the last stage of the business impact analysis?

Answer
Selected Answer:

b.
identify resource requirements

Correct Answer:

c.
prioritize resources associated with the business
processes

Question 8

0.5 out of 0.5 points

Which of the following is a disadvantage of the individual policy organization

approach?
Answer
Selected Answer:

d.
can suffer from poor policy enforcement

Correct Answer:

d.
can suffer from poor policy enforcement

Question 9

0 out of 0.5 points

Answer
Question
usually a documented way to circumvent
controls or take advantage of weaknesses in
control systems

Correct
Match
i.
exploit

Selected
Match
a.
operational

controls
the process of moving an organization towards
its vision by accomplishing its mission

an act that is an intentional or unintentional

attempt to compromise the information and/or
the systems that support it
assigns a comparative risk rating or score to
each specific information asset

measures that use or implement a technical

solution to reduce risk of loss in an organization

individual who determines the level of

classification associated with data
measures that deal with the functionality of
security in an organization

c.
strategic
planning

c.
strategic
planning

h.

i.

attack

exploit

j.

j.

risk
assessment
g.
technical
controls

b.
data owner
a.
operational
controls

risk
assessment
f.
risk
managemen
t
d.
threat agent
g.
technical
controls

associated with assessing risks and then

f.
b.
implementing or repairing controls to assure the
risk
data owner
confidentiality, integrity, and availability of
managemen
information
t
a specific instance or component that
represents a danger to an organizations assets
the impetus for a project that is the result of a
carefully developed planning strategy

Question 10

0 out of 0.5 points

d.

h.

threat agent attack

e.
plan-driven

e.
plan-driven

Answer
Question

Correct
Match

the difference between the time needed to

g.
complete the critical path and the time needed
slack time
to arrive at completion using any other path
a mechanism that provides information about
a supplicant that wants to be granted access
to a known entity
a process for identifying and controlling the
resources applied to the project

a state that occurs when the quantity or

quality of project deliverables is expanded
from the original project plan
a process that determines if a user has been
specifically and explicitly authorized by the
proper authority to perform a function
the protection of information and its critical
characteristics

the management function dedicated to the

structuring of resources to support the
accomplishment of objectives
a specialized area of security that
encompasses protecting the organizations
ability to carry out its operational activities
without interruption or compromise
the process of validating a supplicants
purported identity, thus ensuring that the
entity requesting access is the entity it claims
to be
a quality or state of being whole, complete,
and uncorrupted

f.

Selected
Match
g.
slack time
j.

identification authenticatio
n
d.

d.

project
project
management management
c.
scope creep
a.

c.
scope creep
f.

authorization identification
i.
information
security
h.
organizing
e.
Operations
security
j.

i.
information
security
h.
organizing
e.
Operations
security
a.

authenticatio authorization
n
b.

b.

integrity

integrity

Question 11

0.5 out of 0.5 points

Which of the following functions of Information Security Management seeks

to dictate certain behavior within the organization through a set of
organizational guidelines?
Answer
Selected Answer:

b.
policy

Correct Answer:

b.
policy

Question 12

0 out of 0.5 points

The management of human resources must address many complicating factors;

which of the following is NOT among them?

Correct Answer:

c.
All workers operate at approximately the same level of
efficiency

Question 13

0 out of 0.5 points

Which of the following is NOT a knowledge area in the Project Management

knowledge body?
Answer
Selected Answer:

b.
Quality

Correct Answer:

c.
Technology

Question 14

0.5 out of 0.5 points

In which model in the SecSDLC does the work products of each phase fall
into the next phase to serve as its starting point?
Answer
Selected Answer:

b.
waterfall

Correct Answer:

b.
waterfall

Question 15

0.5 out of 0.5 points

Which of the following is true about a hot site?

Answer
Selected
Answer:

Correct
Answer:

a.
It duplicates computing resources, peripherals, phone
systems, applications, and workstations.
a.
It duplicates computing resources, peripherals, phone
systems, applications, and workstations.

Question 16

0.5 out of 0.5 points

Which of the following is the process that develops, creates, and implements
strategies for the accomplishment of objectives?
Answer

Selected Answer:

a.
planning

Correct Answer:

a.
planning

Question 17

0.5 out of 0.5 points

Which function of InfoSec Management encompasses security personnel as

well as aspects of the SETA program?
Answer
Selected Answer:

c.
people

Correct Answer:

c.
people

Question 18

0 out of 0.5 points

Which of the following should be included in an InfoSec governance

program?
Answer
Selected
Answer:

Correct
Answer:

Question 19

0 out of 0.5 points

d.
An InfoSec project management assessment from an
outside consultant
b.
An InfoSec risk management methodology

In the WBS approach, the project plan is first broken down into tasks placed
on the WBS task list. The minimum attributes that should be identified for
each task include all but which of the following?
Answer
Selected
Answer:

a.
The common or specialized skills needed to perform the
task

Correct Answer:

d.
The number of people and other resources needed for
each task

Question 20

0.5 out of 0.5 points

Which of the following explicitly declares the business of the organization

and its intended areas of operations?
Answer
Selected Answer:

b.
mission statement

Correct Answer:

b.
mission statement