Question 1

Which activities are typically involved in executing an incident response plan?

Options :

A : Triage, forensics, remediation, and root cause analysis

B : Business continuity planning and disaster recovery planning

C : Incident escalation and decision tree development

D : Security awareness training and practicing incident response scenarios

Answer: A

Question 2

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?

Options :

A : Phase 2, Verification

B : Phase 3, Validation

C : Phase 1, Definition

D : Phase 4, Post Accreditation Phase

Answer: D

Question 3

What are the security advantages of virtualization, as described in the NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards"? Each correct answer represents a complete solution. Choose three

Options :

A : It increases capabilities for fault tolerant computing

B : It adds a layer of security for defense-in-depth

C : It decreases exposure of weak software

D : It decreases configuration effort

Answer: A,B,C

Question 4

What is qualitative risk analysis primarily based on?

Options :

A : Data from system logs

B : Threat analysis

C : Penetration tests

D : Expert judgment

Answer: D

Question 5

Quantitative risk assessment differs from qualitative risk assessment in that it predicts attacks based on what?

Options :

A : Penetration tests

B : Historical loss information

C : Projections based on qualitative factors

D : Zero-day loss information

Answer: B