quiz.docx
Page 1
Multilply Choice Questions
Question 1.1. (TCOs 1, 2, 4) A targeted solution to misuse of a specific vulnerability is called a(n) _____. (Points : 5)
|
exploit
vulnerability
control
safeguard
|
Question 2.2. (TCOs 1, 2, 4) Which of the following is not a basic component of risk management? (Points : 5)
|
Risk identification
Risk control
Mitigation
All of the above
|
Question 3.3. (TCOs 1, 2, 4) Which of the following is not one of the four basic risk control strategies? (Points : 5)
|
Acknowledgement
Transference
Mitigation
Acceptance
|
Question 4.4. (TCOs 1, 2, 4) Who is responsible for obtaining senior management commitment and support at the outset of the planning process? (Points : 5)
|
Emergency management team
Disaster recovery team
Contingency planning management team
Incident response team
|
Question 5.5. (TCOs 1, 2, 4) The first step in the business impact analysis is to identify and prioritize _____. (Points : 5)
|
business unit analysis
threat attacks
attack success scenario development
damage assessment
|
Question 6.6. (TCOs 1, 2, 4) The _____ analysis provides information about systems and the threats they face. (Points : 5)
|
business unit
vulnerability
business impact
threat attack
|
Question 7.7. (TCOs 3, 5) Which of the following is not a possible IR team structure model? (Points : 5)
|
Central IR team
Distributed IR teams
Decentralized IR team
Coordinating IR team
|
Question 8.8. (TCOs 3, 5) The responsibility for creating an organization's IR plan rests with the _____. (Points : 5)
|
Chief information security officer (CISO)
Chief security officer
Chief executive officer
Chief planning officer
|
Question 9.9. (TCOs 3, 5) An actual incident that occurs but is not reported is called a _____. (Points : 5)
|
false positive
true positive
false negative
true negative
|
Question 10.10. (TCOs 3, 5) Scanning a network for active systems and services is called _____. (Points : 5)
|
footprinting
fingerprinting
doorknob rattling
window checking
|
|