Category: Uncategorized

A Contingency Planning (CP) team lead suggests bypassing the formal Business Impact Analysis (BIA) phase to proceed directly to drafting recovery plans, arguing that “we already intuitively know which systems are critical.” What is the MOST significant risk created by this shortcut?

Organizations implement various firewall architectures to protect their internal networks from external threats. Which of the following statements regarding these architectures is INCORRECT?

The three elements of a SETA program are security education, security training, and security awareness. Which statement BEST captures the key difference between training and awareness?

Organizations utilize several strategies to test their Contingency Plans (CP), ranging from desk checks to full-interruption tests. Which of the following statements CORRECTLY describes the trade-off between these testing approaches?

A vulnerability scanner identifies a critical CVE on a server that was classified as “acceptable risk” by a previous analyst 18 months ago. The current analyst seeks to reclassify it for immediate remediation. According to the “vulnerability assessment and remediation” domain of the Cybersecurity Maintenance Model, which of the following is the most appropriate perspective?

Organizations utilize various concepts to measure and maintain their security posture, including benchmarking, baselining, due care, and due diligence. Which of the following statements isINCORRECT?

Which of the following statements regarding the variables that shape an organization’s cybersecurity program is INCORRECT?

The Divine Comedy

An organization’s primary data center is destroyed by a fire. The BC team activates a pre-arranged facility with power, network connectivity, and empty server racks, but no pre-loaded hardware or data. The team must install, configure, and restore all systems from backups before operations can resume. What type of alternate site is this? 

Contingency planning (CP) consists of four primary components: the Business Impact Analysis (BIA), the Incident Response (IR) plan, the Disaster Recovery (DR) plan, and the Business Continuity (BC) plan. Which of the following statements regarding these components is INCORRECT?