312-76 Exam Questions

Which of the following processes helps the organization to identify appropriate controls for reducing or eliminating risk during the risk mitigation process?

Which of the following components in a TCB acts as the boundary that separates the TCB from the remainder of the system?

Which of the following TCB components is a hardware, firmware, and software element that implements the reference monitor concept?

Which of the following terms describes the annually expected financial loss to an organization from a threat?

Which of the following processes is NOT included in the risk mitigation?

Which of the following processes is used by organizations to set the risk tolerance, identify the potential risks, and prioritize the tolerance for risk?

Which of the following security procedures is related to the SDLC's implementation?

Which of the following security procedures is NOT related to the SDLC's disposition?

Which of the following terms describes the determination of the effect of changes to the information system on the security of the information system?

Which of the following individuals considers risk management in IT planning, budgeting, and meeting system performance requirements?

Which of the following values must ensure that the Maximum Tolerable Period of Disruption (MTPD) for each activity is not exceeded?

Which of the following values specifies the acceptable latency of data that will be recovered?

Which of the following events occurs in a system when there is a TCB failure and the recovery procedures cannot return the system to a secure state?

In which of the following scenarios is database backup transferred to a remote site in a bulk transfer fashion?

Which of the following sites is a non-mainstream alternative to a traditional recovery site?

Which of the following is a compromise between hot and cold sites?

Which of the following types of storage requires some direct human action in order to make access to the storage media physically possible?

Which of the following steps has the goal to reduce the level of risk to the IT system and its data to an acceptable level?

Who among the following has the ultimate responsibility for the protection of the organization's information?

Which of the following Tier 1 policies will identify who is responsible for what?

Which of the following global (Tier 1) policies de?nes what speci?cally the policy is going to address?

Which of the following tasks is prioritized the most by the information security strategy?

Which of the following actions can be performed by using the principle of separation of duties?

Which of the following functions is performed by change control?

Which of the following is a category of an automated Incident detection process?

Which of the following workforces works to handle the incidents in an enterprise?

Which of the following sets of incident response practices is recommended by the CERT/CC?

Which of the following processes helps the business units to understand the impact of a disruptive event?

Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

Which of the following sources is the best for developing Recovery Time Objectives (RTO)?

Which of the following processes hides one set of IP addresses used for internal traffic only while exposing a second set of addresses to external traffic?

Which of the following types of controls focuses on stopping a security breach from taking place in the ?rst place?

Which of the following types of control gives an instance of the audit log?

Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms?

Which of the following systems commonly resides on a discrete network segment and monitors the traffic on that network segment?

Which of the following systems helps to detect the "abuse of privileges" attack that does not actually involve exploiting any security vulnerability?

A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal de...

You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following...

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activ...

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of...

Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some server...

Which of the following measurements of a disaster recovery plan are aimed at avoiding an event from occurring?

Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?

Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

Which of the following sub-processes of IT Service Continuity Management is used to make sure that all members of IT staff with responsibilities for fighting disasters are aware of...

Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmet...

Which of the following cryptographic system services assures the receiver that the received message has not been altered?

Which of the following statements about a certification authority (CA) is true?

Which of the following are some of the parts of a project plan? Each correct answer represents a complete solution. Choose all that apply.

You work as a Network administrator for Infonet Inc. The company has 135 Windows XP Professional computers and twenty Windows 2003 Server computers. You want to specify the number...