Section 2 - Test

Descripción

1 Security X Test sobre Section 2 - Test, creado por J Garner el 05/08/2018.
J Garner
Test por J Garner, actualizado hace más de 1 año
J Garner
Creado por J Garner hace más de 6 años
43
0

Resumen del Recurso

Pregunta 1

Pregunta
The combination of the probability of an event and its consequence (ISO/IEC 73). ___ is/are mitigated through the use of controls or safeguards.
Respuesta
  • Risk
  • Threat
  • Asset
  • Vulnerability

Pregunta 2

Pregunta
Anything that is capable of acting against an asset in a manner that can result in harm.
Respuesta
  • Risk
  • Threat
  • Asset
  • Vulnerability

Pregunta 3

Pregunta
Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation
Respuesta
  • Risk
  • Threat
  • Asset
  • Vulnerability

Pregunta 4

Pregunta
A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events.
Respuesta
  • Risk
  • Threat
  • Asset
  • Vulnerability

Pregunta 5

Pregunta
The risk level or exposure without taking into account the actions that management has taken or might take
Respuesta
  • Inherent Risk
  • Residual Risk

Pregunta 6

Pregunta
Which breadcrumb is correct when framing an approach to risk management?
Respuesta
  • Threat Source initiates > Threat Events exploits > Vulnerability causing > Adverse Impact producing > Organization Risk
  • Threat Source initiates > Vulnerability causing > Threat Events exploits > Adverse Impact producing > Organization Risk
  • Threat Events exploits >Threat Source initiates > Vulnerability causing > Adverse Impact producing > Organization Risk
  • Threat Events exploits > Vulnerability causing > Threat Source initiates > Adverse Impact producing > Organization Risk

Pregunta 7

Pregunta
Approach to developing risk scenarios is based on describing risk events that are specific to cybersecurity-related situations, typically hypothetical situations envisioned by the people performing the job functions in specific processes.
Respuesta
  • Top-down Approach
  • Bottom-up Approach

Pregunta 8

Pregunta
Approach to scenario development is based on understanding business goals and how a risk event could affect the achievement of those goals. Under this model, the risk practitioner looks for the outcome of events that may hamper business goals identified by senior management.
Respuesta
  • Top-down Approach
  • Bottom-up Approach

Pregunta 9

Pregunta
The ___ approach is suited to general risk management of the company, because it looks at both IT- and non- IT-related events. A benefit of this approach is that because it is more general, it is easier to achieve management buy-in even if management usually is not interested in IT. The ___ approach also deals with the goals that senior managers have already identified as important to them.
Respuesta
  • Top-down Approach
  • Bottom-down Approach

Pregunta 10

Pregunta
The ____ approach can be a good way to identify scenarios that are highly dependent on the specific technical workings of a process or system, which may not be apparent to anyone who is not intimately involved with that work but could have substantial consequences for the organization.
Respuesta
  • Top-down Approach
  • Bottom-down Approach

Pregunta 11

Pregunta
___ is used to calculate the risk that an organization faces based on the number of events that may occur within a given time period.
Respuesta
  • Threat
  • Impact
  • Likelihood
  • Vulnerabilty

Pregunta 12

Pregunta
Failure to detect a ___ may be the result of its absence, or it may be a false negative arising from configurations of a tool or improper performance of a manual review.
Respuesta
  • Vulnerability
  • Threat
  • Risk
  • Impact

Pregunta 13

Pregunta
Given the combination of unknown ___ and unknown ___, it is difficult of the cybersecurity professional to provide a comprehensive estimate of the likelihood of a successful attack.
Respuesta
  • Threat, Vulnerability
  • Asset, Threat
  • Vulnerability, Asset
  • Threat, Risk

Pregunta 14

Pregunta
Vulnerability assessments and penetration test provide the cybersecurity practitioner with valuable information on which to partially estimate the ___ .
Respuesta
  • Vulnerabilities
  • Risks
  • Threats
  • Likelihood

Pregunta 15

Pregunta
When using ___ rankings, the most important state is to rigorously define the meaning of each category and use definitions consistently throughout the assessment process.
Respuesta
  • Quantitative
  • Qualitative

Pregunta 16

Pregunta
For each identified threat, the ___ of harm expected to result should also be determined.
Respuesta
  • Risk
  • Vulnerability
  • Impact
  • Likelihood

Pregunta 17

Pregunta
Select all that apply: A number of methodologies are available to measure risk. Different industries and professions have adopted various tactics based upon the following criteria:
Respuesta
  • Risk tolerance
  • Size and scope of the environment in the question
  • Amount of data available
  • Risk appetite
  • Threat events
  • Threat impacts

Pregunta 18

Pregunta
It is particularly important to understand an organization's ___ when considering how to measure risk.
Respuesta
  • Risk management plan
  • Risk appetite
  • Risk tolerance
  • Risk assessment

Pregunta 19

Pregunta
There are three different approaches to implementing cybersecurity. Which three are they below
Respuesta
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based
  • Impact-based
  • Likelihood-based

Pregunta 20

Pregunta
An ___ approach simply implements security with no particular rationale or criteria. ___ implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards.
Respuesta
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Pregunta 21

Pregunta
Also known as standards-based security, this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security
Respuesta
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Pregunta 22

Pregunta
___ security relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs. The ___ approach is usually scenario-based.
Respuesta
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Pregunta 23

Pregunta
The ___ approach is usually scenario-based.
Respuesta
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Pregunta 24

Pregunta
___ have been known to breach security boundaries and perform malicious acts to gain a competitive advantage.
Respuesta
  • Cybercriminals
  • Corporations
  • Online social hackers
  • Script kiddies

Pregunta 25

Pregunta
Motivated by the desire for profit, these individuals are involved in fraudulent financial transactions
Respuesta
  • Cybercriminals
  • Cyberwarriors
  • Corporations
  • Hacktivists

Pregunta 26

Pregunta
Characterized by their willingness to use violence to achieve their goals, ___ frequently target critical infrastructures and government groups.
Respuesta
  • Cyberterrorists
  • Cybercriminals
  • Cyberwarriors
  • Nation states

Pregunta 27

Pregunta
Often likened to hacktivists, ___ , also referred to as cyberfighters, are nationally motivated citizens who may act on behalf of a political party or against another political party that threatens them.
Respuesta
  • Cyberwarriors
  • Cyberterrorists
  • Cybercriminals
  • Script kiddies

Pregunta 28

Pregunta
Although they typically have fairly low-tech methods and tools, dissatisfied current or former ___ represent a clear cybersecurity risk. All of these attacks are adversarial, but some are not related to APT cyberattacks.
Respuesta
  • Employees
  • Nation states
  • Online social hackers
  • Script kiddies

Pregunta 29

Pregunta
Although they often act independently, politically motivated hackers may target specific individuals or organizations to achieve various ideological ends.
Respuesta
  • Cyberterrorists
  • Hacktivists
  • Cyberwarriors
  • Cybercriminals

Pregunta 30

Pregunta
___ often target government and private entities with a high level of sophistication to obtain intelligence or carry out other destructive activities.
Respuesta
  • Nation states
  • Online social hackers
  • Hacktivists
  • Employees

Pregunta 31

Pregunta
Skilled in social engineering, these attackers are frequently involved in cyberbullying, identity theft and collection of other confidential information or credentials.
Respuesta
  • Script kiddies
  • Online social hackers
  • Hacktivists
  • Employees

Pregunta 32

Pregunta
___ are individuals who are learning to hack; they may work alone or with others and are primarily involved in code injections and distributed denial-of-service (DDoS) attacks.
Respuesta
  • Online social hackers
  • Employees
  • Script kiddies
  • Cybercriminals

Pregunta 33

Pregunta
The actual occurrence of a threat, or an activity by a threat agent (or adversary) against an asset.
Respuesta
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Pregunta 34

Pregunta
From an attacker’s point of view, the asset is a target, and the path or route used to gain access to the target (asset) is known as an
Respuesta
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Pregunta 35

Pregunta
There are two types of attack vectors: ingress and egress. Which one is known as data exfiltration?
Respuesta
  • Ingress
  • Egress

Pregunta 36

Pregunta
Which attack vector focuses on intrusion and hacking into systems?
Respuesta
  • Ingress
  • Egress

Pregunta 37

Pregunta
Employees that steal data from systems and networks is an example of which attack vector?
Respuesta
  • Ingress
  • Egress

Pregunta 38

Pregunta
The attacker must defeat any controls in place and/or use an ___ to take advantage of a vulnerability.
Respuesta
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Pregunta 39

Pregunta
The method used to deliver the exploit.
Respuesta
  • Target
  • Attack Vector
  • Attack
  • Attack Mechanism

Pregunta 40

Pregunta
An example of this can be a crafted malicious pdf, crafted by the attacker and delivered by email.
Respuesta
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Pregunta 41

Pregunta
Which order is correct for the attributes of an attack?
Respuesta
  • Attack Vector, Exploit, Vulnerability, Payload, Target (Asset)
  • Attack Vector, Exploit, Payload, Vulnerability, Target (Asset)
  • Attack Vector, Vulnerability, Payload, Exploit, Target (Asset)
  • Attack Vector, Vulnerability, Exploit, Payload, Target (Asset)

Pregunta 42

Pregunta
Usually the result of an error, malfunction or mishap of some sort.
Respuesta
  • Adversarial Threat Event
  • Nonadversarial Threat Event

Pregunta 43

Pregunta
Made by a human threat agent
Respuesta
  • Adversarial Threat Event
  • Nonadversarial Threat Event

Pregunta 44

Pregunta
The adversary gathers information using a variety of techniques, passive or active.
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 45

Pregunta
The adversary crafts the tools needed to carry out a future attack.
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 46

Pregunta
The adversary inserts or installs whatever is needed to carry out the attack.
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 47

Pregunta
The adversary takes advantage of information and systems in order to compromise them.
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 48

Pregunta
The adversary coordinates attack tools or performs activities that interfere with organizational functions.
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 49

Pregunta
The adversary causes an adverse impact.
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 50

Pregunta
The adversary continues to exploit and compromise the system
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 51

Pregunta
The adversary coordinates a campaign against the organization.
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 52

Pregunta
What is the correct order of the Threat Process?
Respuesta
  • Perform reconnaissance, Create attack tools, Exploit and compromise, Deliver malicious capabilities, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign
  • Perform reconnaissance, Create attack tools, Deliver malicious capabilities, Exploit and compromise, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign
  • Perform reconnaissance, Deliver malicious capabilities, Create attack tools, Exploit and compromise, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign
  • Perform reconnaissance, Deliver malicious capabilities, Create attack tools, Exploit and compromise, Conduct an attack, Maintain a presence or set of capabilities, Achieve results, Coordinate a campaign

Pregunta 53

Pregunta
Perform reconnaissance: The adversary gathers information using a variety of techniques, passive or active. Passive may include:
Respuesta
  • i. Sniffing network traffic ii. Using open source discovery of organizational information (news groups; company postings on IT design and IT architecture) iii. Google hacking
  • i. Scanning the network perimeter ii. Social engineering (fake phone calls, low-level phishing)

Pregunta 54

Pregunta
The following are examples of which attack process? a. Sniffing network traffic b. Using open source discovery of organizational information (news groups; company postings on IT design and IT architecture) c. Google hacking d. Scanning the network perimeter e. Social engineering (fake phone calls, low-level phishing)
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Pregunta 55

Pregunta
The following are examples of which attack process? a. Phishing or spear phishing attacks b. Crafting counterfeit websites or certificates c. Creating and operating false organizations and placing them in to the supply chain to inject malicious components
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Pregunta 56

Pregunta
The following are examples of which attack process? a. Introducing malware into organizational information systems b. Placing subverted individuals into privileged positions within the organization c. Installing sniffers or scanning devices on targeted networks and systems d. Inserting tampered hardware or critical components into organizational systems or supply chains
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Pregunta 57

Pregunta
The following are examples of which attack process? a. Split tunneling or gaining physical access to organizational facilities b. Exfiltrating data or sensitive information c. Exploiting multitenancy (i.e., multiple customers on shared resources) in a public cloud environment (e.g., attacking open public access points; application program interfaces [APIs]) d. Launching zero-day exploits
Respuesta
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Pregunta 58

Pregunta
The following are examples of which attack process? a. Communication interception or wireless jamming attacks b. Denial-of-service (DoS) or distributed DDoS attacks c. Remote interference with or physical attacks on organizational facilities or infrastructures d. Session-hijacking or man-in-the-middle attacks
Respuesta
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 59

Pregunta
The following are examples of which attack process? a. Obtaining unauthorized access to systems and/or sensitive information b. Degrading organizational services or capabilities c. Creating, corrupting or deleting critical data d. Modifying the control flow of information system (e.g., industrial control system, supervisory control and data acquisition (SCADA) systems)
Respuesta
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 60

Pregunta
The following are examples of which attack process? a. Obfuscating adversary actions or interfering with intrusion detection systems (IDSs) b. Adapting cyberattacks in response to organizational security measures
Respuesta
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 61

Pregunta
The following are examples of which attack process? a. Multi-staged attacks b. Internal and external attacks c. Widespread and adaptive attacks
Respuesta
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Pregunta 62

Pregunta
Which of the following is NOT a Nonadversarial Threat Event?
Respuesta
  • Mishandling of critical or sensitive information by authorized users
  • Incorrect privilege settings
  • Fire, flood, hurricane, windstorm or earthquake at primary or backup facilities
  • Introduction of vulnerabilities into software products
  • Viruses, Network Worms, Botnets
  • Pervasive disk errors or other problems caused by aging equipment

Pregunta 63

Pregunta
Software designed to gain access to targeted computer systems, steal information or disrupt computer operations.
Respuesta
  • DoS Attack
  • Malware
  • Social Engineering
  • Phishing

Pregunta 64

Pregunta
A piece of code that can replicate itself and spread from one computer to another. It requires intervention or execution to replicate and/or cause damage.
Respuesta
  • Spyware
  • Adware
  • Virus
  • Network Worm

Pregunta 65

Pregunta
A variant of the computer virus, which is essentially a piece of self-replicating code designed to spread itself across computer networks. It does not require intervention or execution to replicate.
Respuesta
  • Virus
  • Network Worm
  • Trojan Horse
  • Botnet

Pregunta 66

Pregunta
A piece of malware that gains access to a targeted system by hiding within a genuine application
Respuesta
  • Virus
  • Network Worm
  • Trojan Horse
  • Botnet

Pregunta 67

Pregunta
Derived from “robot network,” a large, automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as DoS.
Respuesta
  • Virus
  • Network Worm
  • Trojan Horse
  • Botnet

Pregunta 68

Pregunta
A class of malware that gathers information about a person or organization without the knowledge of that person or organization.
Respuesta
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Pregunta 69

Pregunta
Also called “hostage code,” a class of extortive malware that locks or encrypts data or functions and demands a payment to unlock them. Several types are available for every operating system
Respuesta
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Pregunta 70

Pregunta
A class of malware that secretly records user keystrokes and, in some cases, screen content.
Respuesta
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Pregunta 71

Pregunta
A class of malware that hides the existence of other malware by modifying the underlying operating system.
Respuesta
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Pregunta 72

Pregunta
Complex and coordinated attacks directed at a specific entity or organization. They require a substantial amount of research and time, often taking months or even years to fully execute.
Respuesta
  • Advanced persistent threats (APTs)
  • DoS Attack
  • Brute force attack
  • Cross-site scripting (XSS)

Pregunta 73

Pregunta
A means of regaining access to a compromised system by installing software or configuring existing software to enable remote access under attacker-defined conditions.
Respuesta
  • Advanced persistent threats (APTs)
  • Backdoor
  • Brute force attack
  • Man-in-the-middle attack

Pregunta 74

Pregunta
An attack made by trying all possible combinations of passwords or encryption keys until the correct one is found.
Respuesta
  • Buffer overflow
  • Advanced persistent threats (APTs)
  • Backdoor
  • Brute force attack

Pregunta 75

Pregunta
Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
Respuesta
  • Cross-site scripting (XSS)
  • Man-in-the-middle attack
  • Buffer overflow
  • Backdoor

Pregunta 76

Pregunta
A type of injection in which malicious scripts are injected into otherwise benign and trusted websites.
Respuesta
  • Structure Query Language (SQL) injection
  • Cross-site scripting (XSS)
  • DoS attack
  • Advanced persistent threats (APTs)

Pregunta 77

Pregunta
An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate.
Respuesta
  • Man-in-the-middle attack
  • Cross-site scripting (XSS)
  • Structure Query Language (SQL) injection
  • DoS attack

Pregunta 78

Pregunta
Any attempt to exploit social vulnerabilities to gain access to information and/or systems.
Respuesta
  • Spear phishing
  • Social engineering
  • Phishing
  • Spoofing

Pregunta 79

Pregunta
A type of email attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering.
Respuesta
  • Phishing
  • Spoofing
  • Spear phishing
  • Social engineering

Pregunta 80

Pregunta
An attack where social engineering techniques are used to masquerade as a trusted party to obtain important information such as passwords from the victim.
Respuesta
  • Phishing
  • Social engineering
  • Spear phishing
  • Spoofing

Pregunta 81

Pregunta
Faking the sending address of a transmission in order to gain illegal entry into a secure system.
Respuesta
  • Spoofing
  • Phishing
  • Social engineering
  • Spear phishing

Pregunta 82

Pregunta
An attack that consists of insertion or ‘injection’ of a SQL query via the input data from the client to the application.
Respuesta
  • Zero-day exploit
  • Structure Query Language (SQL) injection
  • Cross-site scripting (XSS)
  • Buffer overflow

Pregunta 83

Pregunta
A vulnerability that is exploited before the software creator/vendor is even aware of its existence.
Respuesta
  • Backdoor
  • Advanced persistent threats (APTs)—
  • DoS attack
  • Zero-day exploit

Pregunta 84

Pregunta
There are several attributes of good policies that should be considered: (select all that apply below)
Respuesta
  • Security policies should be an articulation of a well-defined information security strategy that captures the intent, expectations and direction of management.
  • Policies must be update/maintained on a frequent basis.
  • Policies must be clear and easily understood by all affected parties.
  • Policies should be short and concise, written in plain language.

Pregunta 85

Pregunta
Most organizations should create security policies ___ developing a security strategy.
Respuesta
  • Before
  • After

Pregunta 86

Pregunta
Communicate required and prohibited activities and behaviors.
Respuesta
  • Procedures
  • Policies
  • Standards
  • Guidelines

Pregunta 87

Pregunta
Interpret policies in specific situations.
Respuesta
  • Guidelines
  • Policies
  • Standards
  • Procedures

Pregunta 88

Pregunta
Provide details on how to comply with policies and standards.
Respuesta
  • Procedures
  • Guidelines
  • Standards
  • Policies

Pregunta 89

Pregunta
Provide general advice on issues such as “what to do in particular circumstances.” These are not requirements to be met but are strongly recommended.
Respuesta
  • Policies
  • Standards
  • Procedures
  • Guidelines

Pregunta 90

Pregunta
Which COBIT 5 information security policy set do the following items belong to: – Data classification and ownership – System classification and ownership – Resource utilization and prioritization – Asset life cycle management – Asset protection
Respuesta
  • Risk Management
  • Compliance
  • Communication and Operations
  • Asset Management

Pregunta 91

Pregunta
Which COBIT 5 information security policy set do the following items belong to: – At-work acceptable use and behavior, including privacy, Internet/email, mobile devices, BYOD, etc. – Offsite acceptable use and behavior, including social media, blogs
Respuesta
  • Communication and Operations
  • Compliance
  • Acquisition/Development/Maintenance
  • Rules of Behavior

Pregunta 92

Pregunta
Which COBIT 5 information security policy set do the following items belong to: – Information security within the life cycle, requirements definition and procurement/acquisition processes – Secure coding practices – Integration of information security with change and configuration management
Respuesta
  • Acquisition/Development/Maintenance
  • Risk Management
  • Rules of Behavior
  • Communication and Operations

Pregunta 93

Pregunta
Which COBIT 5 information security policy set do the following items belong to: Contract management
Respuesta
  • Risk Management
  • Vendor Management
  • Asset Management
  • Business Continuity and Disaster Recovery

Pregunta 94

Pregunta
Which COBIT 5 information security policy set do the following items belong to: – IT information security architecture and application design – Service level agreements
Respuesta
  • Compliance
  • Rules of Behavior
  • Communication and Operations
  • Acquisition/Development/Maintenance

Pregunta 95

Pregunta
Which COBIT 5 information security policy set do the following items belong to: – IT information security ___ assessment process – Development of metrics – Assessment repositories
Respuesta
  • Compliance
  • Asset Management
  • Risk Management
  • Business Continuity and Disaster Recovery

Pregunta 96

Pregunta
Which COBIT 5 information security policy set do the following items belong to: – Organizational risk management plan – Information risk profile
Respuesta
  • Asset Management
  • Communication and Operations
  • Acquisition/Development/Maintenance
  • Risk Management
Mostrar resumen completo Ocultar resumen completo

Similar

GCSE AQA Physics - Unit 2
James Jolliffe
GCSE AQA Chemistry - Unit 2
James Jolliffe
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
mustafizk
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
ktmoo.poppypoo
Sociological Research Methods
Jebbie
Chapter 3
Ryan Tram
Chapter 2
Ryan Tram
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
benadyl10
Chapter 4
Ryan Tram
Chapter 8
Ryan Tram
Chapter 6
Ryan Tram