What plan often starts with a business impact analysis (BIA)? DRP

What plan often starts with a business impact analysis (BIA)?
DRP
BCP
ACP
EAP

What is the best definition of risk?
Risk is a timed event.
Risk is the likelihood that a loss will occur.
Risk is the loss of life.
Risk is the loss of equipment.

Which could be included in the computer incident recovery team (CIRT) plans?
BIA
DRP
Member responsibilities
BCP

The seven domains of a typical IT infrastructure are:
User, Workstation, LAN, LAN-to-WAN, Remote Access, WAN, System/Application
User, Workstation, LAN, LAN-to-MAN, Remote Access, MAN, System/Application
User, Computer, LAN, LAN-to-WAN, Remote Access, WAN, System/Application
User, Computer, LAN, LAN-to-WAN, Local Access, WAN, System/Application

What categories does alternate sites fall into when developing a disaster recovery plan?
Local, remote, offshore
Hot, warm, cold
Internal, external, remote
Top, middle, bottom

What item could you use to identify the organization’s mission-critical systems?
Critical outage times
PCI DSS review
Critical business functions
Disaster recovery plan

What is a POAM?
Project objectives and milestones
Project of action milestones
Plan of action and milestones
Planned objectives and milestones

What is the best method to use when evaluating two or more countermeasures to mitigate the same risk?
CBA
CIA
COP
CAP

What permissions would you assign to grant users only the rights and permissions they need to perform their job?
Grant all
Limited rights
Separation of duties
Least privilege

What is the common automated vulnerability assessment tool used to perform scans?
Nessus
Superscan
Dogpile
ScanHelp

Your organization has just been fined for a HIPAA violation, what is the maximum fine that can be levied?
$25,000
$250,000
$2,500,000
$25,000,000

Complete the formula for risk: Risk = __________.
Vulnerability X Mitigation
Threat X Exploit
Threat X Vulnerability
Threat / Vulnerability

Controls to minimize risks in information technology components have been applied. What is the remaining risk called?
Remaining risk
Residual risk
Mitigated risk
Managed risk

What alternate term is used in place of the maximum acceptable outage (MAO) that can be used in the disaster recovery plan (DRP)?
CBF
RTO
RAI
DRPAI

What type control has been approved by management but has not been installed yet?
Technical control
Physical control
Procedural control
Planned control

A company wants to know what the impact will be if a critical information technology database fails. What should they use?
BCC
BCP
BIA
DRP

What is a threat assessment?
Solves the mitigation effects from BIA
Determines the CIA for the system
Surveys the fixes of all assets
Identifies and evaluates potential loss

Accurate data is paramount in the risk assessment. What indicator should be included in the risk assessment report in reference to accurate data?
Uncertainty level
Validity level
Accuracy level
Probability level

What best explains the relationship of threats and vulnerabilities?
Threat, attack, vulnerability, assessment
Threat, attack, vulnerability, loss or impact
Threat, attack, vulnerability, mitigation
Threat, attack vulnerability, testing

When planning a risk assessment, what are the key items that need to be initially identified?
Assets, software, vulnerabilities, exploits
Assets, exploits, vulnerabilities, countermeasures
Assets, threats, vulnerabilities, countermeasures
Assets, people, vulnerability, exploits