Andy works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. Choose and reorder the required steps that he will take to accomplish the BIA phase.
Select and Place:
Drag and drop the various SSE-CMM levels at the appropriate places.
Select and Place:
You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization's overall security by turning employees among numerous job positions. Which of the following steps will you perform to accomplish the task?
A. Job rotation
B. Job responsibility
C. Screening candidates
D. Separation of duties
Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?
A. Expected breach
B. Actual breach
C. Anticipatory breach
D. Nonperforming breach
Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?
A. WinHex
B. Vedit
C. Device Seizure
D. FAR system
You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security awareness campaign?
A. Target system administrators and the help desk.
B. Provide technical details on exploits.
C. Provide customized messages for different groups.
D. Target senior managers and business process owners.
You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of?
A. The principle of maximum control.
B. The principle of least privileges.
C. Proper use of an ACL.
D. Poor resource management.
Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.
A. Clark-Biba model
B. Clark-Wilson model
C. Bell-LaPadula model
D. Biba model
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?
A. Business continuity plan
B. Disaster recovery plan
C. Continuity of Operations Plan
D. Contingency plan
Which of the following protocols is used with a tunneling protocol to provide security?
A. FTP
B. IPX/SPX
C. IPSec
D. EAP
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.
A. Vulnerability Assessment and Penetration Testing
B. Security Certification and Accreditation (CandA)
C. Change and Configuration Control
D. Risk Adjustments
You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose of the security awareness, training and education program. What will be your answer?
A. It improves the possibility for career advancement of the IT staff.
B. It improves the security of vendor relations.
C. It improves the performance of a company's intranet.
D. It improves awareness of the need to protect system resources.
You are documenting your organization's change control procedures for project management. What portion of the change control process oversees features and functions of the product scope?
A. Configuration management
B. Product scope management is outside the concerns of the project.
C. Scope change control system
D. Project integration management
Which of the following statements about Due Care policy is true?
A. It is a method used to authenticate users on a network.
B. It is a method for securing database servers.
C. It identifies the level of confidentiality of information.
D. It provides information about new viruses.
Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?
A. SLA
B. NDA
C. Non-price competition
D. CNC