Author: Anonymous

In a business impact analysis (BIA), the phase of defining the business’s components and the component priorities has several objectives. Which of the following is not one of the objectives?

A company is notified that its servers have been compromised to be a jumping-off point to attack a host of other companies. The company quickly activates an incident response team (IRT), which is unable to locate the breach. The company then seeks the services of an outside firm that specializes in forensic analysis and intrusions. The outside firm locates the source of the breach and wants to monitor the actions of the intruder. However, the outside firm is informed by the client’s legal counsel that the company does not agree with this course of action. Which of the following statements best captures the effectiveness of the company’s IRT policies?

Which the following is not one the policies concerned with LAN-to-WAN Domain filtering and connectivity?

True or False? A trusted timestamp is a LAN control standard that explains the need for trusted timestamps and timeservers for audit record production.

__________ is a term that refers to a user’s capability to authenticate once to access the network and then have automatic authentication on different applications and devices afterward.

Which of the following types of baseline documents is most likely created to serve the demands of the Workstation Domain?

A major software company finds that code has been executed on an infected machine in its operating system. As a result, the company begins working to manage the risk and eliminates the vulnerability 12 days later. Which of the following statements best describes the company’s approach?

The National Security Information document EO 12356 explains the U.S. military classification scheme of Top Secret, Secret, Confidential, Sensitive but Unclassified, and Unclassified. Which of the following would be reasonably expected to cause grave damage to national security in the event of unauthorized disclosure?

LAN Domain security policies center on issues concerning connectivity. Among the types of LAN control standards are __________, which describes the security requirements for identifying LAN-attached devices, and __________, which defines when and how a network is to be partitioned.

An important principle in information security is the concept of layered security, which is also called defense in depth. Which of the following is not an example of a layer of security?