212-89 Online Practice Questions and Answers

A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

A. Procedure to identify security funds to hedge risk

B. Procedure to monitor the efficiency of security controls

C. Procedure for the ongoing training of employees authorized to access the system

D. Provisions for continuing support if there is an interruption in the system or if the system crashes

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

A. Eradication

B. Containment

C. Identification

D. Data collection

An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

A. It helps calculating intangible losses to the organization due to incident

B. It helps tracking individual actions and allows users to be personally accountable for their actions

C. It helps in compliance to various regulatory laws, rules,and guidelines

D. It helps in reconstructing the events after a problem has occurred

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the infected hosts from the information system?

A. Configuring firewall to default settings

B. Inspecting the process running on the system

C. Browsing particular government websites

D. Sending mails to only group of friends

The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?

A. Full-level authority

B. Mid-level authority

C. Half-level authority

D. Shared-level authority

A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

A. Analysis

B. Preparation

C. Examination

D. Collection

The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:

A. Community Emergency Response Team (CERT)

B. Incident Response Team (IRT)

C. Security Incident Response Team (SIRT)

D. All the above

The typical correct sequence of activities used by CSIRT when handling a case is:

A. Log, inform, maintain contacts, release information, follow up and reporting

B. Log, inform, release information, maintain contacts, follow up and reporting

C. Log, maintain contacts, inform, release information, follow up and reporting

D. Log, maintain contacts, release information, inform, follow up and reporting

Incidents are reported in order to:

A. Provide stronger protection for systems and data

B. Deal properly with legal issues

C. Be prepared for handling future incidents

D. All the above

Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans

C. Contingency plan

D. All the above