Beruflich Dokumente
Kultur Dokumente
5
1. Which of the following terms best defines the sum of protection
mechanisms inside the computer, including hardware, firmware, and
software?
A. Trusted system
B. Security kernel
C. Trusted computing base
D. Security perimeter
10. Which of the following terms best describes a computer that uses more
than one CPU in parallel to execute instructions?
A. Multiprocessing
B. Multitasking
C. Multithreading
D. Parallel running
12. Which of the following terms best describes the primary concern of the
Biba security model?
A. Confidentiality
B. Reliability
C. Availability
D. Integrity
14. Which of the following terms best describes the primary concern of the
Bell-LaPadula security model?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
Ch. 6
1. Which of the following statements is not true about the BCP and DRP?
A. Both plans deal with security infractions after they occur.
B. Both plans describe preventative, not reactive, security procedures.
C. The BCP and DRP share the goal of maintaining “business as usual”
activities.
D. They belong to the same domain of the Common Body of Knowledge.
3. Place the following steps of the BCP in the correct sequence: (a) create
the BIA; (b) obtain signoff of the tested BCP; (c) identify the scope of the
BCP; (d) write the BCP:
A. a, c, d, b
B. c, b, a, d
C. c, a, d, b
D. d, b, c, a
5. Which of the following statements best describes the purpose of the BIA?
A. The purpose of the BIA is to create a document that helps
management understand the impact a disruptive event would have on
the business.
B. The purpose of the BIA is to define a strategy that minimizes the
effect of disturbances and to allow for the resumption of business
processes.
C. The purpose of the BIA is to emphasize the organization’s commitment
to employees and vendors.
D. The purpose of the BIA is to work with executive management to
develop a DRP.
6. The scope definition of the BCP should include all of the following except:
A. Prioritizing critical business processes
B. Calculating the value and cost of continuing important business
processes
C. Performing a dry run of emergency fire and medical evacuation
procedures
D. Assessing the cost to the business if critical services were disrupted
14. Which of the following statements best describes a mobile unit site?
A. A mobile unit site is a convenient means for employees to give blood.
B. A mobile unit site is a fully equipped recovery site on wheels.
C. A mobile unit site is a SWAT team that provides first-response
services.
D. A mobile unit site is a backup power supply, typically a diesel or
gasoline generator.
15. Which of the following statements best describes the primary goal of the
DRP?
A. The primary goal of the DRP is to alarm employees as a call to arms.
B. The primary goal of the DRP is to protect the image of the
organization.
C. The primary goal of the DRP is to educate employees about emergency
evacuation procedures.
D. The primary goal of the DRP is to reassure employees that the
organization puts their safety above all else.
16. Which of the following is considered the most extensive type of disaster
recovery testing?
A. Checklists
B. Full interruption
C. Simulation
D. Parallel testing
Ch. 7
1. Business losses that result from computer crime are difficult to estimate
for which of the following reasons?
A. Companies are not always aware that their computer systems have
been compromised.
B. Companies are sometimes reluctant to report computer crime because
it is bad advertising.
C. Losses are often difficult to quantify.
D. All of the above.
6. The computer criminal who calls a help desk trying to obtain another
user’s password is most likely a _____.
A. Dumpster diver
B. Black-hat hacker
C. Social engineer
D. Spammer
11. The Patent and Trademark Office (PTO) resisted patenting software for
years for what primary reason?
A. Software was too intangible.
B. Software was the product of scientific truth or mathematical
expressions.
C. The average shelf life of software was estimated to be less than the
lifespan of a patent (17 years).
D. It was too interconnected with the computer’s operating system.
13. Which of the following is not one of the FTC’s four Fair Information
Practices?
A. Individuals should be given the choice of opting out when sharing
personal information.
B. Personal information should be accurate and stored securely.
C. Websites must have 100 percent availability, in case users want to
change their personal information.
D. Websites must tell users how their personal information will be used
and notify them of any changes to that policy.
14. Which of the following statements best reflects the European Union Data
Protection Directive of 1998?
A. The United States was exempted from privacy standards in the E.U.
B. The directive’s goal was to standardize privacy protection among the
E.U. members.
C. It resulted in the Safe Harbor Privacy Principles that allowed the
United States to meet minimum privacy controls in the European
Union.
D. Both B and C are correct.
16. Which of the following statements best describes the intentions of the
(ISC)2 Code of Ethics?
A. The (ISC)2 Code of Ethics helps certificate holders resolve dilemmas
related to their practice.
B. The (ISC)2 Code of Ethics provides guidance on encouraging good
behavior.
C. The (ISC)2 Code of Ethics provides guidance on discouraging poor
behavior.
D. All of the above.
18. Which of the following is not one of the provisions of the (ISC)2 Code of
Ethics?
A. Act honorably, responsibly, and legally.
B. Provide thorough and competent service to your customers and peers.
C. Judge not, lest you be judged.
D. Strive to protect society and its components.