A. Auditing is a required factor to sustain and enforce accountability. 29

Answers to Assessment Test 
li
30.
A. Identification of priorities is the first step of the business impact assessment process.
31.
D. Natural events that can threaten organizations include earthquakes, floods, hurricanes, 
tornados, wildfires, and other acts of nature as well. Thus options A, B, and C are correct 
because they are natural and not man-made.
32.
A. Hot sites provide backup facilities maintained in constant working order and fully 
capable of taking over business operations. Warm sites consist of preconfigured hardware 
and software to run the business, neither of which possesses the vital business information. 
Cold sites are simply facilities designed with power and environmental support systems but 
no configured hardware, software, or services. Disaster recovery services can facilitate and 
implement any of these sites on behalf of a company.
33.
C. Trademarks are used to protect the words, slogans, and logos that represent a company 
and its products or services.
34.
C. Written documents brought into court to prove the facts of a case are referred to as 
documentary evidence.
35.
A. The purpose of a military and intelligence attack is to acquire classified information. 
The detrimental effect of using such information could be nearly unlimited in the hands of 
an enemy. Attacks of this type are launched by very sophisticated attackers. It is often very 
difficult to ascertain what documents were successfully obtained. So when a breach of this 
type occurs, you sometimes cannot know the full extent of the damage.
36.
D. Scanning incidents are generally reconnaissance attacks. The real damage to a system 
comes in the subsequent attacks, so you may have some time to react if you detect the 
scanning attack early.
37.
B. A turnstile is a form of gate that prevents more than one person from gaining entry at a 
time and often restricts movement to one direction. It is used to gain entry but not exit, or 
vice versa.
38.
D. Secondary verification mechanisms are set in place to establish a means of verifying the 
correctness of detection systems and sensors. This often means combining several types of 
sensors or systems (CCTV, heat and motion sensors, and so on) to provide a more complete 
picture of detected events.
39.
B. A spamming attack (sending massive amounts of unsolicited email) can be used as a 
type of denial-of-service attack. It doesn’t use eavesdropping methods so it isn’t sniffing. 
Brute-force methods attempt to crack passwords. Buffer overflow attacks send strings of 
data to a system in an attempt to cause it to fail.
40.
D. A behavior-based IDS can be labeled an expert system or a pseudo-artificial intelligence 
system because it can learn and make assumptions about events. In other words, the 
IDS can act like a human expert by evaluating current events against known events. A 
knowledge-based IDS uses a database of known attack methods to detect attacks. Both 
host-based and network-based systems can be either knowledge-based, behavior-based, or a 
combination of both.

Security Governance 
Through Principles 
and Policies
The CISSP exam ToPICS Covered In 
ThIS ChaPTer InClude:
✓

Download 19,3 Mb.

Do'stlaringiz bilan baham: