Questions 1-50 – Flashcards

Question ____ is the process of moving an organization toward its vision.

Question A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made.

Question ____ is the process of examining, documenting, and assessing the security posture of an organization's information technology and the risks it faces.

Question The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.

Question A Disaster Recovery Plan (DR plan) deals with identifying, classifying, responding to, and recovering from an incident.

Question ____ is a risk control approach that attempts to shift the risk to other assets, other processes, or other organizations.

Question Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.

Question ____ hack systems to conduct terrorist activities through network or Internet pathways.

Question Intellectual property (IP) includes trade secrets, copyrights, trademarks, and patents.

Question ____ ensures that only those with the rights and privileges to access information are able to do so.

Question ____ (sometimes referred to as avoidance) is the risk control strategy that attempts to prevent the exploitation of a vulnerability.

Question A(n) ____ is used to anticipate, react to, and recover from events that threaten the security of information and information assets in an organization; it is also used to restore the organization to normal modes of business operations;

Question A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.

Question A ____ attack seeks to deny legitimate users access to services by either tying up a server's available resources or causing it to shut down.

Question A(n) ____ is a plan or course of action used by an organization to convey instructions from its senior management to those who make decisions, take actions, and perform other duties on behalf of the organization.

Question ____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

Question A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.

Question A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.

Question An asset can be logical, such as a Web site, information, or data; or an asset can be physical, such as a person, computer system, or other tangible object.

Question ____ assigns a risk rating or score to each information asset. Although this number does not mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.

Question ____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.

Question The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.

Question An enterprise information security policy (EISP) addresses specific areas of technology and contains a statement on the organization's position on each specific area.

Question The vision of an organization is a written statement of an organization's purpose.

Question A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.

Question Information assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction.

Question Effective contingency planning begins with effective policy.

Question The first major business impact analysis task is to analyze and prioritize the organization's business processes based on their relationships to the organization's ____.

Question Team leaders from the subordinate teams, including the IR, DR, and BC teams, should not be included in the CPMT.

Question The recovery time objective (RTO) downtime metric is the defined as the point in time to which lost systems and data can be recovered after an outage as determined by the business unit.

Question A weighted analysis table can be useful in resolving the issue of which business function is the most critical to the organization.

Question Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.

Question The ____ is the period of time within which systems, applications, or functions must be recovered after an outage.

Question The ____ is the point in time, determined by the business unit, from which systems and data can be recovered after an outage.

Question What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?

Question The ____ is used to collect information directly from the end users and business managers.

Question The ____ job functions and organizational roles focus on protecting the organization's information systems and stored information from attacks.

Question A business impact analysis (BIA) identifies threats, vulnerabilities, and potential attacks to determine what controls can protect the information.

Question The final component to the CPMT planning process is to deal with ____.

Question In a CPMT, a(n) ____ should be a high-level manager with influence and resources that can be used to support the project team, promote the objectives of the CP project, and endorse the results that come from the combined effort.

Question A manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.

Question The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.

Question The elements required to begin the ____ process are a planning methodology; a policy environment to enable the planning process; an understanding of the causes and effects of core precursor activities, and access to financial and other resources.

Question In a CPMT, a(n) ____ leads the project to make sure a sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed.

Question The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.

Question One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.:

Question The ____ is an investigation and assessment of the impact that various events or incidents can have on the organization.

Question To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of ____.

Question The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.

Question Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?