Beruflich Dokumente
Kultur Dokumente
2. In the absence of CISO or CEO, who has the authority of decision making for corporate security
policies?
a.
b.
c.
d.
6. Match the Appropriate B1, B2, B3 and B4 in the Context Of Business Resumption Process.
a. B1 - Contingency Planning B2 - Incident Response B3 - Disaster Recovery B4 - Business
Continuity
b. B1 - Incident Response B2 - Contingency Planning B3 - Business Continuity B4 -Disaster
Recovery
c. B1 - Disaster Recovery B2 - Business Continuity B3 - Incident Response B4 -Contingency
Planning
d. B1 - Business Continuity B2 - Disaster Recovery B3 - Incident Response B4 -Contingency
Planning
Reviewer FCNS AY 2014 - 2015
Page 1
FORESEC
FORENSIC AND E-BUSINESS SECURITY
7. Alan has been deployed to conduct a Risk Assessment to the Department of Defense VPN networks.
While doing so Alan discovered a severe Risk Area on the IT Processing which the management has
no knowledge about. Which of the following should an Information Security manager use to BEST
convey a sense of urgency to the management?
a.
b.
c.
d.
8. Risk Identification is a vital step towards Risk Assessment and Treatment plan. Which of the Activities
below could help an IT organization to detect potential risk before its escalation to exposure? ( Select
the BEST Answer that applies )
a.
b.
c.
d.
Gap Analysis
Forensic Investigation
Penetration Testing
Impact Analysis
9. BMG has a distinctive and advanced Disaster Recovery Solution for its Business. What would be the
primary concern of BMG prior to the design of the Disaster Recovery Site?
a.
b.
c.
d.
Virtualization Technology
Physical Location
Cryptographic Mechanism
Load Balancing
10. Primary role the Information Security Manager in the process of Information Classification denotes
which of the following?
a. Defining and ratifying the classification structure of information assets
b. Checking if Information Assets has been classified properly
c. Securing Information assets in accordance of their classification
d. Deciding the classification levels applied to the organizations information assets
11. Protecting Customers Credit Card Details and other personal information in a public portal is crucial
to the major services provided online. Which of the following would the best compliance regulation
that discusses this factor?
a.
b.
c.
d.
PCI-DSS
TIA942
ISO 9001
ISO 27001
12. What are the objectives of emergency actions taken at the beginning stage of a disaster?
Specifically Preventing injuries and loss of life.
a. mitigating damage
b. relocating operations
c. determining damage
d. protecting evidence
13.
In the corporate structure of organisations, who is held accountable for General Security Planning
a. CIO - Chief Information Officer
b. CISO - Chief Information Security Officer
c. CTO - Chief Technology Officer
d. CEO - Chief Executive Officer
Page 2
FORESEC
FORENSIC AND E-BUSINESS SECURITY
14. Making sure that the data is accessible when and where it is needed is which of the following?
a.
b.
c.
d.
Accountability
Integrity
Confidentiality
Availability
15. Who is ultimately responsible for ensuring that information is categorized and that specific
protective measures are taken?
a.
b.
c.
d.
Data Custodian
Data Owner
Data Manager
Data Administrator
16. What is the definition of an pre engaged service for possible operational risk
a. Service Level Management
b. Reciprocal Agreement
c. Operational Agreement
d. Security Agreement
17. Risk Assessment Should be carried out in?
a.
b.
c.
d.
some workplaces
all workplaces
only large workplaces
only high risk workplaces
18. Which of the following is a policy that would force all users to organize their areas as well as help
reducing the risk of possible data theft?
a. Clean Desk Policy
b. Password Behaviors
c. Data Handling
d. Data Disposal
19. Centrally authenticating multiple systems and applications against a federated user database is an
example of?
a. Access Control List
b. Single Sign On
c. Smart Card
d. Common Access Card
20. From the context of Cyber Security Cost, Which among the below are best suited as "Spilt Over Effect".
a. Additional Cost
b. Hidden Cost
c. Capital Investment
d. Cost Benefit
Reviewer FCNS AY 2014 - 2015
Page 3
FORESEC
FORENSIC AND E-BUSINESS SECURITY
21. The deliberate planting of apparent flaws in a system for the purpose of detecting attempted
penetrations or confusing an intruder about which flaws to exploit is called?
a. enticement
b. cracking
c. alteration
d. re-direction
22. It has been discovered that a former member of the IT department who switched to the
development team still has administrative access to many major network infrastructure devices
and servers. Which of the following mitigation techniques should be implemented to help reduce
the risk of this event recurring?
a.
b.
c.
d.
DLP
Change management notifications
Regular user permission and rights reviews
Incident management and response policy
23. Which of the following Security model focuses on mitigation of the treat for the "Confidentiality"
risk?
a. CLARIK WILSON MODEL
b. CHINESE FIREWALL MODEL
c. BIBA
d. BELL LA Padula
24. Which of the security concepts does BIBA compliments?
a. Availability
b. Integrity
c. Authenticity
d. Confidentiality
25. When disposing magnetic storage media, all of the following methods ensure that data is
unreadable, EXCEPT:
a. removing the volume header information
b. writing random data over the old file
c. physical alteration of media
d. degaussing the disk or tape
26. The Following Answers below depict the mitigation strategy of RISK. Which of the answers BEST suit
the RISK TRANSFER category?
a. DRP - Disaster Recovery Plan
b. Total Avoidance
c. Insurance Purchase
d. Outsourcing
Reviewer FCNS AY 2014 - 2015
Page 4
FORESEC
FORENSIC AND E-BUSINESS SECURITY
27. Who authorises the Information Security Governance initiative program in a corporate
organization?
a. CISO - Chief Information Security Officer
b. CIO - Chief Information Officer
c. CTO - Chief Technology Officer
d. CEO - Chief Executive Officer
28. It is MOST important that INFOSEC architecture being aligned with which of the following?
a. IT Plans
b. INFOSEC Best Practices
c. Business Objectives and Goals
d. Industrial Best Practices
29. It is important that information about an ongoing computer crime investigation be: ( Select the
appropriate answer )
a. Replicated to a backup system to ensure availability.
b. Limited to as few people as possible.
c. Destroyed as soon after trial as possible.
d. Reviewed by upper management before being released.
30. Risk "ALE" - Annual Loss Expectancy is best represented in which of the following below?
a. Gross loss expectancy x loss frequency
b. Single loss expectancy x annualized rate of occurrence
c. Asset value x loss expectancy
d. Single loss expectancy x annualized rate of occurrence x gross loss expectancy
Page 5