Business Continuity and Disaster Recovery Planning
Exam Materials
Course Introduction
This course provides an in-depth exploration of strategies and best practices essential for maintaining business operations during and after major disruptions. Students will learn how to identify potential risks, develop effective business continuity plans, and implement disaster recovery solutions to minimize downtime and data loss. Through real-world case studies and hands-on exercises, participants will gain the practical skills needed to safeguard critical assets, ensure organizational resilience, and comply with industry standards and regulatory requirements. The course also covers the roles of incident response teams, communication protocols, and the integration of business continuity planning into overall risk management frameworks.
Recommended Textbook
Management of Information Security 5th Edition by Michael E. Whitman
Available Study Resources on Quizplus
12 Chapters
706 Verified Questions
706 Flashcards
Source URL: https://quizplus.com/study-set/2555 Page 2
Chapter 1: Introduction to the Management of Information Security
Available Study Resources on Quizplus for this Chatper
63 Verified Questions
63 Flashcards
Source URL: https://quizplus.com/quiz/50835
Sample Questions
Q1) Which of the following is not among the 'deadly sins of software security'?
A) Extortion sins
B) Implementation sins
C) Web application sins
D) Networking sins
Answer: A
Q2) Communications security involves the protection of which of the following?.
A) radio handsets
B) people, physical assets
C) the IT department
D) media, technology, and content
Answer: D
Q3) One form of online vandalism is ____________________ operations,which interfere with or disrupt systems to protest the operations,policies,or actions of an organization or government agency.
A) hacktivist
B) phreak
C) hackcyber
D) cyberhack
Answer: A
Page 3
To view all questions and flashcards with answers, click on the resource link above.
Chapter 2: Compliance: Law and Ethics
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/50836
Sample Questions
Q1) addresses violations harmful to society and is actively enforced and prosecuted by the state
A)criminal law
B)public law
C)ethics
D)Computer Security Act (CSA)
E)Electronic Communications Privacy Act
F)Cybersecurity Act
G) normative ethics
H) applied ethics
Answer: A
Q2) Which subset of civil law regulates the relationships among individuals and among individualsand organizations?
A) tort
B) criminal
C) private
D) public
Answer: C
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Governance and Strategic Planning for Security
Available Study Resources on Quizplus for this Chatper
52 Verified Questions
52 Flashcards
Source URL: https://quizplus.com/quiz/50837
Sample Questions
Q1) According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization plan the specifics of how it will reach its destination?
A) Initiating
B) Establishing
C) Acting
D) Learning
Answer: B
Q2) What is the first phase of the SecSDLC?
A) analysis
B) investigation
C) logical design
D) physical design
Answer: B
Q3) In ____________________ testing,security personnel simulate or perform specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities.
Answer: penetration
To view all questions and flashcards with answers, click on the resource link above.
5
Chapter 4: Information Security Policy
Available Study Resources on Quizplus for this Chatper
56 Verified Questions
56 Flashcards
Source URL: https://quizplus.com/quiz/50838
Sample Questions
Q1) Which type of security policy is intended to provide a common understanding of the purposes for which an employee can and cannot use a resource?
A) issue-specific
B) enterprise information
C) system-specific
D) user-specific
Q2) Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?
A) Policy Review and Modification
B) Limitations of Liability
C) Systems Management
D) Statement of Purpose
Q3) The champion and manager of the information security policy is called the ____________________.
Q4) In the bull's-eye model,the ____________________ layer is the place where threats from public networks meet the organization's networking infrastructure.
Q5) What are configuration rules? Provide examples.
Q6) What is a SysSP and what is one likely to include?
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Developing the Security Program
Available Study Resources on Quizplus for this Chatper
65 Verified Questions
65 Flashcards
Source URL: https://quizplus.com/quiz/50839
Sample Questions
Q1) GGG security is commonly used to describe which aspect of security?
A) technical
B) software
C) physical
D) theoretical
Q2) Which of the following variables is the most influential in determining how to structure an information security program?
A) Security capital budget
B) Organizational size
C) Security personnel budget
D) Organizational culture
Q3) The three methods for selecting or developing advanced technical training are by job category,by job function,and by ____________________.
Q4) Which of the following is an advantage of the user support group form of training?
A) Usually conducted in an informal social setting
B) Formal training plan
C) Can be live, or can be archived and viewed at the trainee's convenience
D) Can be customized to the needs of the trainee
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Risk Management: Identifying and Assessing Risk
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50840
Sample Questions
Q1) An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.
A) risk management
B) risk analysis
C) classification categories
D) risk identification
E) field change order
F) threat assessment
G) risk appetite
H) qualitative assessment
I) residual risk
J) ranked vulnerability risk worksheet
Q2) As each information asset is identified,categorized,and classified,a ________ value must also be assigned to it.
Q3) An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.is known as risk protection.
A)True
B)False
Q4) Classification categories must be ____________________ and mutually exclusive.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Risk Management: Controlling Risk
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50841
Sample
Questions
Q1) Once an organization has estimated the worth of various assets,what three questions must be asked to calculate the potential loss from the successful exploitation of a vulnerability?
Q2) Application of training and education is a common method of which risk control strategy?
A) mitigation
B) defense
C) acceptance
D) transferal
Q3) Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset.
A)True
B)False
Q4) Due care and due diligence occur when an organization adopts a certain minimum level of security-that is,what any prudent organization would do in similar circumstances.
A)True
B)False
Q5) What are the four phases of the Microsoft risk management strategy?
Q6) What are the four stages of a basic FAIR analysis?
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Security Management Models
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50842
Sample Questions
Q1) In information security,a framework or security model customized to an organization,including implementation details is known as a floorplan.
A)True
B)False
Q2) The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.
Q3) In the COSO framework,___________ activities include those policies and procedures that support management directives.
Q4) In a lattice-based access control,a restriction table is the row of attributes associated with a particular subject (such as a user).
A)True
B)False
Q5) The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know.
A)True
B)False
Q6) Access controls are build on three key principles. List and briefly define them.
To view all questions and flashcards with answers, click on the resource link above.
Page 10
Chapter 9: Security Management Practices
Available Study Resources on Quizplus for this Chatper
59 Verified Questions
59 Flashcards
Source URL: https://quizplus.com/quiz/50843
Sample Questions
Q1) Describe the three tier approach of the RMF as defined by NIST SP 800-37.
Q2) On what do measurements collected from production statistics greatly depend? Explain your answer.
Q3) A performance measure is an an assessment of the performance of some action or process against which future performance is assessed.
A)True
B)False
Q4) According to NIST SP 800-37,which of the following is the first step in the security controls selection process?
A) Categorize the information system and the information processed
B) Select an initial set of baseline security controls
C) Assess the security controls using appropriate assessment procedures
D) Authorize information system operation based on risk determination
Q5) Why must you do more than simply list the InfoSec measurements collected when reporting them? Explain.
Q6) ____________________ encompasses a requirement that the implemented standards continue to provide the required level of protection.
Q7) Compare and contrast accreditation and certification.
Page 11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Planning for Contingencies
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50844
Sample Questions
Q1) There are six key elements that the CP team must build into the DR Plan. What are three of them?
Q2) List the seven steps of the incident recovery process according to Donald Pipkin.
Q3) Describe the methodology an organization should follow in an investigation.
Q4) Which of the following is a possible indicator of an actual incident?
A) Unusual consumption of computing resources
B) Activities at unexpected times
C) Presence of hacker tools
D) Reported attacks
Q5) Discuss three of the five strategies that can be used to test contingency strategies.
Q6) Which of the following allows investigators to determine what happened by examining the results of an event-criminal,natural,intentional,or accidental?
A) Digital malfeasance
B) E-discovery
C) Forensics
D) Evidentiary procedures
Q7) When undertaking the BIA,what should the organization consider?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Personnel and Security
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50845
Sample Questions
Q1) Which of the following is NOT a CISSP concentration?
A) ISSAP
B) ISSTP
C) ISSMP
D) ISSEP
Q2) a technically qualified individual who may configure firewalls and IDPSs,implement security software,diagnose and troubleshoot problems,and coordinate with systemsand network administrators to ensure that security technical controls are properly implemented
A) Definers
B) Builders
C) security manager
D) security technician
E) systems programmer
F) ethics officer
G) CISSP
H) SSCP
I) SANS
J) CCE
Q3) Describe the SSCP certification. How does it compare to the CISSP?
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Protection Mechanisms
Available Study Resources on Quizplus for this Chatper
61 Verified Questions
61 Flashcards
Source URL: https://quizplus.com/quiz/50846
Sample Questions
Q1) Which of the following characteristics currently used today for authentication purposes is the LEAST unique?
A) Fingerprints
B) Iris
C) Retina
D) Face geometry
Q2) The intermediate area between trusted and untrusted networks is referred to as which of the following?
A) Unfiltered area
B) Semi-trusted area
C) Demilitarized zone
D) Proxy zone
Q3) What is a packet sniffer and how can it be used for good or nefarious purposes?
Q4) A(n)____________________ token uses a challenge-response system in which the server challenges the user with a number,that when entered into the token provides a response that provides access.
Q5) ____________________ is the determination of actions that an entity can perform in a physical or logical area.
Q6) What is asymmetric encryption?
14
To view all questions and flashcards with answers, click on the resource link above.