Escolar Documentos
Profissional Documentos
Cultura Documentos
Primary role of the Information Security Manager in the process of Information Classification
denotes which of the following ?
a. Deciding the classification levels applied to the organizations information assets
b. Checking if Information Assets has been classified properly
c.
Integrity
Authenticity
d. Confidentiality
4. What is the definition of an pre engaged service for possible operational risk ?
a. Operational Agreement
b.
c.
Reciprocal Agreement
Security Agreement
Page 1 of 11
FCNS FORESEC For Review
6. What are the objectives of emergency actions taken at the beginning stage of a disaster?
Specifically Preventing injuries and loss of life.
a. relocating operations
b. protecting evidence
c.
mitigating damage
d. determining damage
7. Which of the following is the least important information to record when logging a security
violation?
a. Types of Violation
b.
c.
User Name
User Id
Patriot Act
Eavesdroping Act
d.
10. Which of the following is a policy that would force all users to organize their areas as well as help
reducing the risk of possible data theft ?
a. Password Behaviours
b. Data Disposal
c.
d.
Data Handling
Clean Desk Policy
Page 2 of 11
FCNS FORESEC For Review
11. The deliberate planting of apparent flaws in a system for the purpose of detecting attempted
penetrations or confusing an intruder about which flaws to exploit is called ?
a. Redirection.
b. Cracking.
c.
Enticement.
d. Alteration.
12. When disposing magnetic storage media, all of the following methods ensure that data is
unreadable, EXCEPT:
a.
Page 3 of 11
FCNS FORESEC For Review
c.
Economic feasibility
b. Practical Feasibility
c.
Technology Feasbility
d. Manpower Feasibility
17. In the corporate structure of organisations, who is held accountable for Information Security
Planning ?
a. CEO Chief Execurite Officer
b.
c.
Capital Investment
b. Hidden Cost
c.
Additional Cost
d. Cost Benefit
19. What type of access control where the security clearance of a subject must match the security
classification of an object?
a. Relational
b.
c.
Mandatory
Administrative
d. Discretionary
20. As a part of Security Compliance, Companies are advised to conduct Security Risk Assessment
and Review on a regular Basis. Which of the following is the MAIN reason for performing Risk
assessment on a continuous basis ?
a. Management needs to be continually informed about the emerging risk
b.
Page 4 of 11
FCNS FORESEC For Review
c.
d. Justification of the security budget must be continually made aware to Board of investments
21. Who is ultimately responsible for ensuring that information is categorized and that specific
protective measures are taken?
a. Data Manager
b.
c.
Data Owner
Data Custodian
d. Data Administrator
22. It is MOST important that INFOSEC architecture being aligned with which of the following ?
a. Industrial Best Practices
b. IT Plans
c.
d.
23. Cisco's lawsuit against Hwa Wei has been a common talk among IT companies. Which of the
following is the Cisco's lawsuit primarily filed against ?
a.
Intellectual Property
b. Copyright Issue
c.
Trademark Issue
d. Patent
24. Which of the following attacks manifested as an embedded HTML image object or Javascript
TAG in an email ?
a.
b. Adware
c.
Exceptional Handling
Page 5 of 11
FCNS FORESEC For Review
c.
d. DLP
27. The Following Answers below depict the mitigation strategy of RISK. Which of the answers BEST
suit the RISK TRANSFER category ?
a. DRP Disaster Recovery Plan
b. Total Avoidance
c.
Insurance Purchase
d. Outsourcing
28. It is important that information about an ongoing computer crime investigation be: ( Select the
appropriate answer )
a. Destroyed as soon after trial as possible.
b. Replicated to a backup system to ensure availability.
c.
d.
29. Downloading Pirated Blue Ray Movies from the torrent sites are a direct violation of which Legal
Clause ?
a. FBI Copyright ACT Disclaimer
b.
c.
Page 6 of 11
FCNS FORESEC For Review
31. The Chart below explains the common reason of Data Loss Risk. From you understanding what
are the major agents threatening Hardware Malfunction risk area?
Image 1
a. Non Compliance
b.
c.
Lack of Failover
Poor Maintenance Practice
Hybrid DRP
Page 7 of 11
FCNS FORESEC For Review
d. Cold Site
35. Risk Identification is a vital step towards Risk Assessment and Treatment plan. Which of the
Activities below could help an IT organization to detect potential risk before its escalation to
exposure ? ( Select the BEST Answer that applies )
a. Gap Analysis
b. Impact Analysis
c.
Forensic Investigation
d.
Penetration Testing
36. Which of the following Security model focuses on mitigation of the treat for the
"Confidentiality"risk?
a. CLARIK WILSON MODEL
b.
c.
BIBA
BELL LA Padula
38. BMG has a distinctive and advanced Disaster Recovery Solution for its Business. What would be
the primary concern of BMG prior to the design of the Disaster Recovery Site ?
Image 1
a. Virtualization Technology
b. Crytographic Mechanism
c.
d.
Load Balancing
Physical Location
39. Making sure that the data is accessible when and where it is needed is which of the following?
a. Confidentiality
b. Integrity
c.
Accountability
Page 8 of 11
FCNS FORESEC For Review
d.
Availability
40. Centrally authenticating multiple systems and applications against a federated user database is
an example of ?
a. Smart Card
b. Access Control List
c.
d.
41. The typical POSDC planning phase focuses on the 3 important phase of planning. Select the best
suited answer based on the actual POSDC order ?
a. Organizing > Leading > Controlling > Planning
b.
c.
Supplemental
Discretionary
43. Protecting Customers Credit Card Details and oher personal information in a public portal is
crucial to the major services provided online. Which of he following would the best compliance
regulation that discusses this factor ?
a.
PCIDSS
b. TIA942
c.
ISO 9001
d. ISO 27001
44. Which choice below most accurately describes a business continuity ?
a. A program that implements the mission, vision, and strategic goals of the organization
b. A standard that allows for rapid recovery during system interruption and data loss
c.
Ongoing process to ensure that the necessary steps are taken to identify the impact of
potential losses and maintain viable recovery
Page 9 of 11
FCNS FORESEC For Review
47. Who authorises the Information Security Governance initiative program in a corporate
organisation ?
a.
Page 10 of 11
FCNS FORESEC For Review
c.
Mobile Phone
d. Email
50. Which of the security concepts does BIBA compliments ?
a. Availability
b. Authenticity
c.
Integrity
d. Confidentiality
Page 11 of 11
FCNS FORESEC For Review