dumpspedia logo
David works as the Chief Information Security Officer for uCertify Inc. Which of the following are the responsibilities that should be handled by David?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is used to align and realign IT Services to changing business needs by identifying and implementing improvements to IT services?
Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?
Which of the following is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory?
Risk analysis provides a great deal of useful information. It has four main objectives. Which of the following is not an objective of risk analysis?
Which of the following Acts, enacted in the United States, amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?
You work as a Security Administrator for uCertify Inc. You have been assigned the task to provide a solution based on high reliability combined with high performance. Which of the following will you use to accomplish the task?
You work as an Information Security Manager for uCertify Inc. The company has made a contract with a third party software company to make a software program for personal use. You have been assigned the task to share organization's personal requirements regarding the tool to the third party using a non disclosure agreement (NDA). Which of the following is the purpose of using NDA?
Sam works as the Chief Information Security Officer for Blue Well Inc. There are a number of teams for the security purposes. Which of the following are the types of teams of which Sam can be a part of?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following Acts is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals?
Which of the following types of viruses is placed into the first sector of the hard drive?
Which of the following should be considered while calculating the costs of the outage?
Each correct answer represents a complete solution. Choose all that apply.
Which formula will you use to calculate the estimated average cost of 1 hour of downtime?
Which of the following formulas is used to represent the annualized loss expectancy (ALE)?
Which of the following standards was made in 1995 by the joint initiative of the Department of Trade and Industry in the United Kingdom and leading UK private-sector businesses?
You work as an Information Security Manager for uCertify Inc. You are working on the documentation of ISMS. Which of the following steps are concerned with the development of ISMS?
Each correct answer represents a complete solution. Choose all that apply.
David works as the Network Administrator for Blue Well Inc. One of his tasks is to develop and maintain risk management plan. Which of the following are the objectives of risk management plan?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee's verification in the organization?
Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months and six months already passed. Management asks Mark that how often the project team is participating in the risk reassessment of this project. What should Mark tell management if he is following the best practices for risk management?
Service Level Agreement (SLA) provides one service for all customers of that service. Which of the following are the contents included by SLAs?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are social engineering techniques?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?
Which of the following tasks are accomplished in the Act phase of the PDCA cycle?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the valid reasons for the occurrence of Drive-by download?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You need to create the documentation on information security management system (ISMS). Which of the following is the governing principle behind ISMS?
Which of the following are the steps of the process of risk assessing?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Administrator for uCertify Inc. You are responsible for selecting the access control method that will be used for kiosk system software. Your manager wants to have full access to all information about all categories, but the visitors can access only general information about the organization. Which of the following types of access controls is suitable to accomplish this task?
Which of the following pillars of Basel II is concerned with maintenance of regulatory capital intended for three major components of risk that a bank faces, which are credit risk, operational risk, and market risk?
Which of the following are computer clusters that are implemented primarily for the purpose of providing high availability of services which the cluster provides?
An employee of your company has stolen some files and records. Which of the following security standards is concerned with this event?
You work as an Information Security Manager for uCertify Inc. You are working on a project related to communications and operations security. Which of the following controls of the ISO standard deals with equipment security?
Which of the following is used to shift the impact of a threat to a third party, together with the ownership of the response?
Andrew is the CEO of uCertify Inc. He wants to improve the resources and revenue of the company. He uses the PDCA methodology to accomplish the task. Which of the following are the phases of the PDCA methodology?
Each correct answer represents a complete solution. Choose all that apply.
You are consulting with a small budget conscious accounting firm. Each accountant keeps individual records on their PC and checks them in and out of a server. They are concerned about losing data should the server hard drive crash. Which of the following RAID levels would you recommend?
Which of the following concepts or terms states that changes related to one requirement, i.e., scope, time, or cost, will at least influence one other element?
You work as an Information Security Manager for uCertify Inc. You have been assigned the task to establish ISO standards for your organization. Which of the following standards provides guidelines on specifications and use of measurement techniques for the assessment of the effectiveness of an implemented information security management system and controls?
You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee's verification in the organization?
You work as a System Administrator for uCertify Inc. You have been given the task to create a new corporate policy. Which of the following approaches must be followed to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
A honey pot is a computer trap that is used to attract potential intruders or attackers. Which of the following are some advantages of honey pots?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the rights that are given to the person who has processed data?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following phases of the PDCA model is the controlling and maintaining phase of the Information Security Management System (ISMS)?
David is the owner of Blue Well Inc. The company provides courier services. He decides that it is time to draw up risk analysis for his information system. This includes an inventory of threats and risks. What is the relation among threat, risk, and risk analysis?
Which of the following plans provides measures for disseminating status report to personnel and the public?
The guidelines that are defined in the ISO/IEC 27002:2005 standard deal with which of the following aspects of information security?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Network Security Administrator for uCertify Inc. He wants to implement a firewall technique over the network to inspect each packet passing through the network and to accept or reject it, based on user-defined rules. Which of the following types of firewall techniques is implemented by Mark to accomplish the task?
Which of the following surveys found that the smaller organizations had had a better understanding of their information assets?
You work as the Network Security Administrator for uCertify Inc. The organization is using an intranet to distribute information to its employees. A database residing on the network contains employees' information, such as employee name, designation, department, phone extension, date of birth, date of joining, etc. You are concerned about the security because the database has all information about employees, which can help an unauthorized person to recognize an individual. Which Personally Identifiable Information should be removed from the database so that the unauthorized person cannot identify an individual?
You work as a Security Administrator for uCertify Inc. You have installed ten separate applications for your employees to work. All the applications require users to log in before working on them; however, this takes a lot of time. Therefore, you decide to use SSO to resolve this issue. Which of the following are the other benefits of Single Sign-On (SSO)?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following defines the interdependent relationships among the internal support groups of an organization working to support a Service Level Agreement?
Which of the following is a Restrict Anonymous registry value that allows users with explicit anonymous permissions?
David works as the Chief Information Security Officer for uCertify Inc. Which of the following are the responsibilities that should be handled by David?
Each correct answer represents a complete solution. Choose all that apply.
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
Which of the following is expressly set up to attract and trap people who attempt to penetrate other people's computer systems?
Mark is hired as an Information Security Officer for BlueWell Inc. He wants to draw the attention of the management towards the significance of integrating information security in the business processes.
Which of the following tasks should he perform first to accomplish the task?
Which of the following paragraphs of the Turnbull Guidance provide clear description of the principles of a risk treatment plan?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Software Developer for TechNet Inc. He has recently been fired, as he was caught doing some illegal work in the organization. Before leaving the organization, he decided to retaliate against the organization. He deleted some of the system files and made some changes in the registry files created by him. Which of the following types of attacks has Mark performed?
You work as a Security Administrator for uCertify Inc. You have been assigned the task to apply a data availability solution based on a striped disk array without redundancy. Which of the following will you use to accomplish the task?
Fill in the blank with an appropriate phrase.
The______ is concerned with rebuilding production processing and determining the criticality of data.
NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want information on security policies. Which of the following are some of its critical steps?
Each correct answer represents a complete solution. Choose two.
You work as a Security Administrator for uCertify Inc. You have made a plan to increase the security of the organization and you want to show this to the CEO of the organization. But, you do not want to share this information with others. Therefore, you want to classify this information.
Which of the following will be the suitable classification to accomplish the task?
Which of the following is used to shift the impact of a threat to a third party, together with the ownership of the response?
Which of the following is a technique for a threat, which creates changes to the project management plan?
Disaster recovery plan consists of various tiers for identifying the methods of recovering mission-critical computer systems that are necessary to support business continuity. All these tiers provide a simple method to define current service levels and associated risks. Choose and re-order the tiers of disaster recovery plan.
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to create a document following the Business Model of information security to provide guidelines for information assets. Which of the following are the elements of the Business Model for information security?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a fast-emerging global sector that advises individuals and corporations on how to apply the highest ethical standards to every aspect of their business?
In which of the following does CRAMM provide assistance?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to make a document on the usage of information assets. Which of the following controls of the ISO standard deals with the documentation and implementation of rules for the acceptable use of information assets?
You work as an Information Security Manager for uCertify Inc. You are working on the documentation of control A.10.1.1. What is the purpose of control A.10.1.1?
Which of the following tasks are performed by Information Security Management?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Network Security Administrator for uCertify Inc. An employee of the organization comes to Mark and tells him that a few months ago, the employee had filled an online bank form due to some account related work. Today, when again visiting the site, the employee finds that some of his personal information is still being displayed in the webpage. Which of the following types of cookies should be disabled by Mark to resolve the issue?
A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the things included by sensitive system isolation?
Each correct answer represents a complete solution. Choose all that apply.
Business Continuity Planning (BCP) determines the risks to the organizational processes and creates policies, plans, and procedures in order to minimize the impact of those risks. What are the different steps in the Business Continuity Planning process?
Each correct answer represents a part of the solution. Choose all that apply.
You work as a Network Administrator for uCertify Inc. The organization has constructed a cafeteria for their employees and you are responsible to select the access control method for the cafeteria.
There are a few conditions for giving access to the employees, which are as follows:
1. Top level management can get access any time.
2. Staff members can get access during the specified hours.
3. Guests can get access only in working hours.
Which of the following access control methods is suitable to accomplish the task?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following are information assets?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following information security standards deals with the protection of the computer facilities?
Which of the following is the process of restoring a previous copy of the data to a known point of consistency?
Which of the following sections come under the ISO/IEC 27002 standard?
Each correct answer represents a complete solution. Choose all that apply.
Sam works as the Security Administrator for Blue Well Inc. He has to develop controls as the countermeasures to risks. Which of the following are the types of controls that Sam may employ for security?
Each correct answer represents a complete solution. Choose all that apply.
The usage of pre-numbered forms for initiating a transaction is an example of which of the following types of control?
You work as an Information Security Officer for uCertify Inc. You need to create an asset management plan differentiating fixed assets from inventory items. How will you differentiate assets from inventory items?
Which of the following plans provides measures and capabilities for recovering a major application or general support system?
Fill in the blank with the appropriate term.
________ is a powerful and low-interaction open source honeypot.
Which of the following are the variables on which the structure of Service Level Agreement depends?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is used for secure financial transactions over the Internet?
Victor wants to send an encrypted message to his friend. He is using a steganography technique to accomplish his task. He takes a cover object and changes it accordingly to hide information.
This secret information is recovered only when the algorithm compares the changed cover with the original cover. Which of the following steganography methods is Victor using to accomplish his task?
Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?
Mark works as an Office Assistant for uCertify Inc. He is responsible for managing office documents. Today, after opening a word document, Mark noticed that the other opened documents are closed suddenly. After reopening those documents, Mark found some modifications in the documents. He contacted his Security Administrator and came to know that there is a virus program installed in the operating system. Which of the following types of virus has attacked the operating system?
You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee's verification in the organization?
Which of the following is one of the mechanisms available for administrators to employ for replicating the databases containing the DNS data across a set of DNS servers?
The stronger points of CRAMM assist prioritization by providing a countermeasure with high priority if some conditions are met. Which of the following are these conditions?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Project Manager for uCertify Inc. You are working on an asset management plan.
You need to make the documentation on every single process related to asset management.
Which of the following is an example of asset management?
Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?
Which of the following are the valid reasons for the occurrence of Drive-by download?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following terms refers to the time duration during which a system or service is unavailable?
Which of the following are the limitations of Redundant Array of Inexpensive Disks (RAID)?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You are making the documentation on control A.7.2. Which of the following are the main objectives of control A.7.2?
Each correct answer represents a complete solution. Choose all that apply.
You work as a CRO for uCertify Inc. You and your team are involved in the pre-assessment phase of the risk governance framework. One of your newly joined team member wants to know the steps involved in the pre-assessment phase. Choose and reorder the steps performed in the pre-assessment phase.
You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Which of the following standards of information security deals with the employees handling personal data in an organization?
You work as a Security Administrator for uCertify Inc. The organization has signed a legal contract with another company for maintaining network security. According to the contract, both companies can share any confidential material, knowledge, or information with one another for certain purposes, but they cannot share these with others. Which of the following terms best describes this agreement?
Sam works as a Project Manager for Blue Well Inc. He is working on a new project. He wants to access high level risks for the project. Which of the following steps should Sam take in order to accomplish the task?
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where
significant color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?
Which of the following are the primary rules defined for RBAC?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following attacks can be mitigated by providing proper training to the employees in an organization?
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is
likely to increase?
You work as an Information Security Manager for uCertify Inc. You are working on a software asset management plan to provide backup for Active Directory. Which of the following data is required to be backed up for this purpose?
You work as an Information Security Manager for uCertify Inc. You are working on an asset management plan for protecting software tools used in your organization. Which of the following are included in Software Asset Management (SAM)?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following policies defines the acceptable methods of remotely connecting a system to the internal network?
You work as a Security Professional for uCertify Inc. You have been assigned the task to calculate the Recovery Time Objective for particular outage duration. Which of the following should be included in the Recovery Time Objective?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You need to install a honeypot inside network firewalls to monitor and track hackers. What should you install on the system before deploying the honeypot?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Network Security Administrator for uCertify Inc. He has installed IDS for matching incoming packets against known attacks. Which of the following types of intrusion detection techniques is being used?
Which of the following is used to hide the existence of a message from a third party?
You work as a Security Administrator for uCertify Inc. You have been assigned a task for helping employees in determining appropriate technical security measures available for electronic information that is deemed sensitive. Which of the following policies will you apply to accomplish the task?
You work as a Network Security Administrator for uCertify Inc. Your organization has set up a new Internet connection in place of the previous one. It is your responsibility to ensure that employees use the Internet only for official purposes. While reviewing Internet usages, you find that a few people have traversed and downloaded some inappropriate and illegal information. You want to make a policy to stop all these activities in the future. Which of the following policies will you implement to accomplish the task?
Which of the following is the method of hiding data within another media type such as graphic or document?
What is the name given to the system that guarantees the coherence of information security in the organization?
Which formula will you use to calculate the estimated average cost of 1 hour of downtime?
Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?
TESTED 15 Sep 2025