Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

• A.Incident response plan
• B.Disaster recovery plan (DRP)
• C.Business continuity plan (BCP)
• D.Business contingency plan

Comment: *

Name: *

Email: *

Verification: *

Penetration testing is MOST appropriate when a:

• A.new system is being designed.
• B.security policy is being developed
• C.new system is about to go live.
• D.security incident has occurred.

Comment: *

Name: *

Email: *

Verification: *

Data entry functions for a web-based application have been outsourced to a third-party service provider who will work from a remote site Which of the following issues would be of GREATEST concern to an information security manager?

• A.The application does not use a secure communications protocol
• B.The application is configured with restrictive access controls
• C.The business process has only one level of error checking
• D.Server-based malware protection is not enforced

Comment: *

Name: *

Email: *

Verification: *

When performing a business impact analysis (BIA), who should calculate the recovery time and cost estimates?

• A.Senior management
• B.Business continuity coordinator
• C.Business process owner
• D.Information security manager

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to ensure when developing escalation procedures for an incident response plan?

• A.Minimum regulatory requirements are maintained.
• B.Each process is assigned to a responsible party.
• C.Senior management approval has been documented.
• D.The contact list is regularly updated.

Comment: *

Name: *

Email: *

Verification: *