Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

What is a common drawback or weakness of a vulnerability scanner? A high false-n

ID: 3840305 • Letter: W

Question

What is a common drawback or weakness of a vulnerability scanner?

A high false-negative error rate

A high false-positive error rate

A low false-negative error rate

A low false-positive error rate

  

QUESTION 5

What can be used to ensure confidentiality of sensitive data?

Hashing

Digital signature

Non-repudiation

Encryption

  

QUESTION 6

You have identified the MAO for a system. You now want to specify the time required for a system to be recovered. What is this?

Recovery time objectives

Recovery point objectives

Maximum acceptable outage

BIA time

  

QUESTION 7

Which element of an incident response plan involves obtaining and preserving evidence?

Preparation

Identification

Containment

Eradication

QUESTION 8

Of the following, what is critical for any DRP?

Budget

Alternate locations

Third-party backup software

Fuel for generators

QUESTION 9

Three common controls used to protect the availability of information are:

Redundancy, backups and access controls.

Encryption, file permissions and access controls.

Access controls, logging and digital signatures.

Hashes, logging and backups.

QUESTION 10

A major disruption has forced you to move operations to an alternate location. The disruption is over and you need to begin normalizing operations. What operations should you move back tothe original location first?

Mission-essential personnel

Most critical business functions

non-mission-essential personnel

Least critical business functions

  

QUESTION 11

What type of control is an intrusion detection system (IDS)?

Corrective

Detective

Preventative

Recovery

QUESTION 12

Vulnerability management begins with an understanding of cybersecurity assests and their locations, which can be accomplished by:

Vulnerability scanning.

Penetration Testing.

Maintaining an asset inventory.

Using command line tools.

QUESTION 13

Attackers attempt a DoS attack on servers in your organization. The CIRT responds and mitigates the attack. What should be the last step that the CIRT will complete in response to this incident?

Document the Incident.

Contain the threat.

Report the Incident.

Attack the attacker.

  

QUESTION 14

You are performing a cost-benefit analysis. You want to determine if a countermeasure should be used.

Which of the following formulas should you apply?

Projected benefits - Cost of countermeasure

Loss before countermeasure - Loss after countermeasure

Loss after countermeasure - Loss before countermeasure

Cost of countermeasure - Projected benefits

QUESTION 15

A business impact analysis (BIA) includes a maximum allowable outage (MAO). The MAO is used to determine the amount of time in which a system must  be recovered. What term  is used in the DRP instead of the MAO?

Recovery action  item  (RAI)

Recovery time objective (RTO)

Critical business function (CBF)

DRP action  item (DRPAI)

QUESTION 16

What determines if an organization is governed by HIPAA?

If employees handle health-related information

If it is a federal agency

If it receives E-Rate funding

It it is registered with the Securities and Exchange commission

QUESTION 17

A major disruption has forced you to move operations to an alternate location. The disruption  is over and you need to begin normalizing  operations. You have rebuilt several servers at the primary location. What should you do?

Test the servers for three to five days before bringing them online.

Bring the servers online and turn off the alternate location servers.

Run the servers concurrently with the alternate location for three to five days.

Test the servers and then turn off the servers at the alternate location.

  

QUESTION 18

Mission-critical business functions are considered vital to an organization. What are they derived from?

Executive leadership

Critical success factors

Employees

Critical IT resources

QUESTION 19

Logon identifiers help ensure that users cannot deny taking a specific action such as deleting a file. What is that called?

Non-repudiation

PKI

Encryption

Digital signature

QUESTION 20

What can you use to determine the priority of countermeasures?

Best guess method

Disaster recovery plan

Threat/vulnerability matrix

Cost-benefit analysis

QUESTION 21

Which three elements of the current threat landscapes have provided increased levels of access and connectivity, and therefore increased opportunities for cybercrime?

Text messaging, Bluetooth technology and SIM cards

Web applications, botnets and primary malware

Financial gains, intellectual property and politics

Cloud computing, social media and mobile computing

QUESTION 22

You are considering an alternate location for a DRP You want to use a business location that is already running non-critical business functions as the alternate location. This location has most of the equipment needed. What type of site is this?

Hot site

Warm site

DRP site

Cold site

QUESTION 23

What management program can be implemented to ensure that the configuration of systems is not modified without formal approval?

Change management

Configuration management

Process analysis

GAP analysis

QUESTION 24

After an incident has been verified, you need to ensure that it doesn't spread to other systems. What is this called?

Containment

Incident response

Spread avoidance

Impact and priority calculation

QUESTION 25

The number and types of layers needed for defense in depth are a function of:

Asset value, criticality, reliability of each control and degree of exposure.

Threat agents, governance, compliance and mobile device policy.

Network configuration, navigation controls, user interface and VPN traffic.

Isolation, segmentation, internal controls and external controls.

  

QUESTION 26

What can you do to show that the BCP will work as planned?

BCP exercises

BCP testing

BCP training

BCP planning

  

QUESTION 27

What type of approach does a BIA use?

Best-guess approach

Top-down approach where CBFs are examined first

Middle-tier approach

Bottom-up approach where servers or services are examined first

  

QUESTION 28

In an attack, the container that delivers the exploit to the target is called what?

Attack vector

Malware

Payload

Rootkit

A high false-negative error rate

A high false-positive error rate

A low false-negative error rate

A low false-positive error rate

Explanation / Answer

What is a common drawback or weakness of a vulnerability scanner ?

Ans : A High false-positive rate :

A network based vulnerability scanning it reports vulnerabilies when none exist.

QUESTION 5

What can be used to ensure confidentiality of sensitive data?

Ans :Encryption

QUESTION 6

You have identified the MAO for a system. You now want to specify the time required for a system to be recovered. What is this?

Ans :Maximum acceptable outage

MAO is the time frame which specifes the time reqired for a system to be recovered

QUESTION 7

Which element of an incident response plan involves obtaining and preserving evidence?

Ans :Containment

QUESTION 8

Of the following, what is critical for any DRP?

Ans : Budget

QUESTION 9

Three common controls used to protect the availability of information are:

Ans :Redundancy, backups and access controls

QUESTION 10

A major disruption has forced you to move operations to an alternate location. The disruption is over and you need to begin normalizing operations. What operations should you move back tothe original location first?

Ans :Least critical business functions

QUESTION 11

What type of control is an intrusion detection system (IDS)?

Ans : Detective

As IDS detects and gives warning when the violation of security policies of the enterprise occurs, it

is a detective control

QUESTION 12

Vulnerability management begins with an understanding of cybersecurity assests and their locations, which can be accomplished by:

Ans :Maintaining an asset inventory

QUESTION 13

Attackers attempt a DoS attack on servers in your organization. The CIRT responds and mitigates the attack. What should be the last step that the CIRT will complete in response to this incident?

Ans :Report the Incident

QUESTION 14

You are performing a cost-benefit analysis. You want to determine if a countermeasure should be used.

Which of the following formulas should you apply?

Ans :Projected benefits - Cost of countermeasure

If its value is positive then contermeasure provides cost-benifits.

QUESTION 15

A business impact analysis (BIA) includes a maximum allowable outage (MAO). The MAO is used to determine the amount of time in which a system must be recovered. What term is used in the DRP instead of the MAO?

Ans :Recovery time objective (RTO)

QUESTION 16

What determines if an organization is governed by HIPAA?

Ans :If employees handle health-related information

QUESTION 17

A major disruption has forced you to move operations to an alternate location. The disruption is over and you need to begin normalizing operations. You have rebuilt several servers at the primary location. What should you do?

Ans : Test the servers for three to five days before bringing them online.

QUESTION 18

Mission-critical business functions are considered vital to an organization. What are they derived from?

Ans :Critical success factors

QUESTION 19

Logon identifiers help ensure that users cannot deny taking a specific action such as deleting a file. What is that called?

Ans :Non-repudiation

QUESTION 20

What can you use to determine the priority of countermeasures?

Ans :Cost-benefit analysis

QUESTION 21

Which three elements of the current threat landscapes have provided increased levels of access and connectivity, and therefore increased opportunities for cybercrime?

Ans :Cloud computing, social media and mobile computing

QUESTION 22

You are considering an alternate location for a DRP You want to use a business location that is already running non-critical business functions as the alternate location. This location has most of the equipment needed. What type of site is this?

Ans :Hot site

QUESTION 23

What management program can be implemented to ensure that the configuration of systems is not modified without formal approval?

Ans :Configuration management

QUESTION 24

After an incident has been verified, you need to ensure that it doesn't spread to other systems. What is this called?

Ans :Containment

QUESTION 25

The number and types of layers needed for defense in depth are a function of:

Ans :Network configuration, navigation controls, user interface and VPN traffic

QUESTION 26

What can you do to show that the BCP will work as planned?

Ans :      BCP testing

QUESTION 27

What type of approach does a BIA use?

Ans : Top-down approach where CBFs are examined first

QUESTION 28

In an attack, the container that delivers the exploit to the target is called what?

Ans : Payload

Related Questions

What is T? Researchers wanted to measure the effect of alcohol on the developmen
Question #3291641
What is TRUE about a genome that has been cut with a restriction endonuclease? W
Question #70475
What is Tristate? Answer A. Not related to the course. B. The joining point of t
Question #1812730
What is UN Sustainable Developement Goal? I don\'t really understand what they a
Question #1188759
What is VNTR profiling? 1. What is VNTR profiling? d) VNTR profiling is a form o
Question #252507
What is Watchover\'s expected net interest income at year-end? (Enter your answe
Question #2751395
What is Web-caching? Why is Web-caching important especially for big corporation
Question #3904069
What is \"5 Forces\" of Starbucks base on facts in this case study? 1. Threat of
Question #392489
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
What is a common criticism of traditional testing? Traditional tests do not test
Next
What is a common effect of official recordkeeping on the reporting of household

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.