Question 1

1. Classifying all data in an organization may be impossible. There has been an explosion in the amount of unstructured data, logs, and other data retained in recent years. Trying to individually inspect and label terabytes of data is expensive, time consuming, and not productive. Different approaches can be employed to reduce this challenge. Which of the following is not one these approaches?

		Classify only the data that is most vital and contains the highest risk to the organization
		Classify data by point of origin or storage location.
		Classify data at use or time of inception.
		Classify all forms of data no matter the risk to the organization.

Question 2

1. Of all the needs that an organization might have to classify data, there are three that are most prevalent. Which of the following is the least common?

		Protect information
		Retain information
		Recover information
		Transfer information

Question 3

1. . It is necessary to retain information for two significant reasons: legal obligation and business needs. Data that occupies the class of __________ is comprised of records that are required to support operations, such as customer and vendor records.

		regulated
		business
		temporary
		unstructured

Question 4

1. The National Security Information document EO 12356 explains the U.S. military classification scheme of Top Secret, Secret, Confidential, Sensitive but Unclassified, and Unclassified. Which of the following would be reasonably expected to cause grave damage to national security in the event of unauthorized disclosure?

		Top Secret
		Secret
		Confidential
		Sensitive but Unclassified

Question 5

1. The term __________ denotes data that is being stored on devices like a universal serial bus (USB) thumb drive, laptop, server, DVD, CD, or server. The term __________ denotes data that exists in a mobile state on the network, such as data on the Internet, wireless networks, or a private network.

		data at rest, data in transit
		data in transit, data at rest
		data on record, data in motion
		data in transit, data on record

Question 6

1. In policies regarding the __________ of data, standards must make sure that the data cannot be reconstructed.

		creation
		storage
		use
		destruction

Question 7

1. Risk management is a both a governance process and a model that seeks consistent improvement. A series of steps must be followed every time a new risk emerges. Which of the following is not one of these steps?

		Prioritize the risk; align the risk to strategic objectives.
		Identify an appropriate response to risk, which might mandate policy adjustment.
		Identify residual risks; it is not necessary to determine the cause.
		Assess the risk to measure the impact to the organization.

Question 8

1. Of the risk management strategies, __________ refers to sharing the risk with an outside party, whereas __________ refers to reducing or eliminating the risk by applying controls.

		risk avoidance, risk acceptance
		risk acceptance, risk avoidance
		risk mitigation, risk transference
		risk transference, risk mitigation

Question 9

1. When implementing a patch, it is recommended that there be a back-out strategy in place in case the patch creates complications.

True

False

Question 10

1. Quality assurance is a real-time preventive control.

True

False

Question 11

1. Gathering forensic evidence is defined as collecting and preserving the information that can be used to reconstruct events.

True

False

Question 12

1. As part of an incident response team (IRT), the information security representative has intimate knowledge of the systems and configurations.

True

False

Question 13

1. The disaster recovery plan (DRP) provides the documentation and policies necessary for an organization to gain recovery of its IT assets following a significant outage.

True

False

Question 14

1. While incident response procedures should be tested, incident response policies cannot be tested.

True

False

Question 15

1. The initial step in creating a business continuity and security response plan is a __________, which can be used to assemble the business and security responses in order to diminish losses.

		business assessment
		component assessment
		component priority
		business impact analysis

Question 16

1. In a business impact analysis (BIA), the phase of defining the business's components and the component priorities has several objectives. Which of the following is not one of the objectives?

		Identify all business functions and processes within the business.
		Define each BIA component
		Institute recovery time frames for the components with the highest priority only.
		Determine the financial and service impact if the component were not available.

Question 17

1. An incident response team (IRT) utilizes particular tools and techniques to gather forensic evidence. A __________ articulates the manner used to document and protect evidence.

		classification log
		chain of custody
		severity level
		data log report

Question 18

1. The incident response team (IRT) report that is ultimately generated for executive management must educate all stakeholders regarding exploited risks. Which of the following is least likely to be addressed in the report?

		How the incident started
		Which vulnerabilities were exploited
		How effective the response was
		Who failed to detect the incident, if applicable

Question 19

1. Which of the following departments plays a significant role in communicating with news media regarding an incident?

		Senior management
		Public relations (PR)
		Legal
		Human resources (HR)

Question 20

1. To measure the effectiveness of the incident response team (IRT), which of the following does not need to be evaluated?

		Number of incidents
		Financial impact to the organization
		Tests provided to employees to gauge their response to incidents
		Number of repeat incidents