Answers to Assessment Test
li
30.
A. Identification of priorities is the first step of the business impact assessment process.
31.
D. Natural events that can threaten organizations include earthquakes, floods,
hurricanes,
tornados, wildfires, and other acts of nature as well. Thus options A, B, and C are correct
because they are natural and not man-made.
32.
A. Hot sites provide backup facilities maintained in constant
working order and fully
capable of taking over business operations. Warm sites consist of preconfigured hardware
and software to run the business, neither of which possesses the vital business information.
Cold sites are simply facilities designed with power and environmental support systems but
no
configured hardware, software, or services. Disaster recovery services can facilitate and
implement any of these sites on behalf of a company.
33.
C. Trademarks are used to protect the words, slogans, and logos
that represent a company
and its products or services.
34.
C. Written documents brought into court to prove the facts of a case are referred to as
documentary evidence.
35.
A. The purpose of a military and intelligence attack is to acquire classified information.
The detrimental effect of using such information could be nearly unlimited in the hands of
an enemy. Attacks of this type are launched by very sophisticated attackers. It is often very
difficult to ascertain what documents were successfully obtained.
So when a breach of this
type occurs, you sometimes cannot know the full extent of the damage.
36.
D. Scanning incidents are generally reconnaissance attacks. The real damage to a system
comes in the subsequent attacks, so you may have some time to react if you detect the
scanning attack early.
37.
B. A turnstile is a form of gate that prevents more than one person
from gaining entry at a
time and often restricts movement to one direction. It is used to gain entry but not exit, or
vice versa.
38.
D. Secondary verification mechanisms are set in place to establish a means of verifying the
correctness of detection systems and sensors. This often means combining several types of
sensors or systems (CCTV,
heat and motion sensors, and so on) to provide a more complete
picture of detected events.
39.
B. A spamming attack (sending massive amounts of unsolicited email) can be used as a
type of denial-of-service attack. It doesn’t use eavesdropping methods so it isn’t sniffing.
Brute-force methods attempt to crack passwords. Buffer overflow attacks send strings of
data to a system in an attempt to cause it to fail.
40.
D. A behavior-based IDS can be labeled an expert system or a pseudo-artificial
intelligence
system because it can learn and make assumptions about events. In other words, the
IDS can act like a human expert by evaluating current events against known events. A
knowledge-based IDS uses a database of known attack methods to detect attacks. Both
host-based and network-based systems can be either knowledge-based, behavior-based, or a
combination of both.
Security
Governance
Through Principles
and Policies
The CISSP exam ToPICS Covered In
ThIS ChaPTer InClude:
✓
Do'stlaringiz bilan baham: