Which of the following elements of the BCP process emphasizes on creating the scope and the additional elements required to define the parameters of the plan?
The scope and plan initiation process in BCP symbolizes the beginning of the BCP process. It emphasizes on creating the scope and the
additional elements required to define the parameters of the plan.
The scope and plan initiation phase embodies a check of the company's operations and support services. The scope activities include creating
a detailed account of the work required, listing the resources to be used, and defining the management practices to be employed.
Answer C is incorrect. The business impact assessment is a method used to facilitate business units to understand the impact of a
disruptive event. This phase includes the execution of a vulnerability assessment. This process makes out the mission-critical areas and
business processes that are important for the survival of business.
It is similar to the risk assessment process. The function of a business impact assessment process is to create a document, which is used to
help and understand what impact a disruptive event would have on the business.
Answer A is incorrect. The business continuity plan development refers to the utilization of the information collected in the Business
Impact Analysis (BIA) for the creation of the recovery strategy plan to support the critical business functions. The information gathered from
the BIA is mapped out to make a strategy for creating a continuity plan. The business continuity plan development process includes the areas
of plan implementation, plan testing, and ongoing plan maintenance. This phase also consists of defining and documenting the continuity
strategy.
Answer B is incorrect. The plan approval and implementation process involves creating enterprise-wide awareness of the plan, getting
the final senior management signoff, and implementing a maintenance procedure for updating the plan as required.
Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?
DITSCAP stands for DoD Information Technology Security Certification and Accreditation Process. The DoD Directive 5200.40 (DoD Information
Technology Security Certification and Accreditation Process) established the DITSCAP as the standard C&A process for the Department of
Defense. The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the
United States Department of Defense (DoD) for managing risk. DIACAP replaced the former process, known as DITSCAP, in 2006.
Answer B is incorrect. This DoD Directive is known as National Industrial Security Program Operating Manual.
Answer C is incorrect. This DoD Directive is known as Defense Information Management (IM) Program.
Answer A is incorrect. This DoD Directive is known as Management and Control of Information Requirements.
Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.
The owner of information delegates the responsibility of protecting that information to a custodian. The following are the responsibilities of a
custodian with regard to data in an information classification program:
Running regular backups and routinely testing the validity of the backup data
Performing data restoration from the backups when necessary
Controlling access, adding and removing privileges for individual users
Answer C is incorrect. Determining what level of classification the information requires is the responsibility of the owner.
Which of the following terms refers to the protection of data against unauthorized access?
Confidentiality is a term that refers to the protection of data against unauthorized access. Administrators can provide confidentiality by
encrypting data. Symmetric encryption is a relatively fast encryption method. Hence, this method of encryption is best suited for encrypting
large amounts of data such as files on a computer.
Answer A is incorrect. Integrity ensures that no intentional or unintentional unauthorized modification is made to data.
Answer C is incorrect. Auditing is used to track user accounts for file and object access, logon attempts, system shutdown etc. This
enhances the security of the network. Before enabling auditing, the type of event to be audited should be specified in the Audit Policy in User
Manager for Domains.
Copyright holders, content providers, and manufacturers use digital rights management (DRM) in order to limit usage of digital media and devices. Which of the following security challenges does DRM include? Each correct answer represents a complete solution. Choose all that apply.
The security challenges for DRM are as follows:
Key hiding: It prevents tampering attacks that target the secret keys. In the key hiding process, secret keys are used for
authentication, encryption, and node-locking.
Device fingerprinting: It prevents fraud and provides secure authentication. Device fingerprinting includes the summary of hardware
and software characteristics in order to uniquely identify a device.
OTA provisioning: It provides end-to-end encryption or other secure ways for delivery of copyrighted software to mobile devices.
Answer B is incorrect. Access control is not a security challenge for DRM.
Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits
Get All 357 Questions & Answers