Managers UPDATED ACTUAL Exam
Questions and CORRECT Answers
Of the risk mitigation steps, in which step does management determine the most cost-effective
control(s) for reducing risk to the organization's mission? - CORRECT ANSWER - Step 4:
Select Controls
Which site is fully equipped, requiring only a short setup time due to restoring data backups and
configurations? - CORRECT ANSWER - Hot
Data classification directly impacts which of the following? - CORRECT ANSWER - All
of the above
A self-replicating program that requires user intervention to spread, and is typically comprised of
a replication element and a payload is a(n)? - CORRECT ANSWER - Virus
In managing risks, eliminating the asset's exposure to risk, or eliminating the asset altogether,
describes which one of the following? - CORRECT ANSWER - Avoid
Which type of analysis is often expressed as: annual loss expectancy = (asset value x exposure
factor) x annual rate of occurrence? - CORRECT ANSWER - Quantitative Analysis
Covert security testing (white hat testing) involves testing without the knowledge of the
organization's IT staff. - CORRECT ANSWER - False
People, information, and technology are examples of? - CORRECT ANSWER - Assets
Providing a basis for trust between organizations that depend on the information processed,
stored, or transmitted by those systems is an Assurance "Expectation." - CORRECT
ANSWER - False
, Judgmental Valuation is considering variables such as technical complexity, control procedures
in place, and financial loss. - CORRECT ANSWER - False
Low humidity within a server room could result in a static electricity build-up/discharge. -
CORRECT ANSWER - True
Network architecture and configurations are part of which category of vulnerabilities? -
CORRECT ANSWER - Design Vulnerabilities
Which of the following does an effective monitoring program NOT include? - CORRECT
ANSWER - Security impact analyses on proposed or actual changes to the information
system and its environment of operation
Which of the following technical controls place servers that are accessible to the public in a
special network? - CORRECT ANSWER - De-Militarized Zone
A locking mechanism which is controlled by a mechanical key pad is known as? - CORRECT
ANSWER - Cipher lock
The risk equation is Risk = Threat x (Likelihood + Impact) x Vulnerability? - CORRECT
ANSWER - False
Which of the following families of controls belongs to the technical class of controls? -
CORRECT ANSWER - Identification and Authentication
NAT is a network address translation which makes a bridge between a local network and the
Internet and maps network ports. - CORRECT ANSWER - False
Which one of the following is a challenge of determining impact and risk? - CORRECT
ANSWER - All of the above