212-89 exam

Which of the following is an appropriate flow of the incident recovery steps?A . System Operation-System Restoration-System Validation-System MonitoringB . System Validation-System Operation-System Restoration-System MonitoringC . System Restoration-System Monitoring-System Validation-System OperationsD . System Restoration-System Validation-System Operations-System MonitoringView AnswerAnswer: D

Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event’s occurrence, the harm it may cause and is usually denoted as Risk = ∑(events)X (Probability of occurrence) X?A . MagnitudeB . ProbabilityC . ConsequencesD . SignificanceView AnswerAnswer: A

A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency...

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?A . EradicationB . ContainmentC . IdentificationD . Data collectionView AnswerAnswer: B

Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the...

The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?A . Dealing with human resources department and various employee conflict behaviors.B . Using information gathered during...

US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?A . WeeklyB . Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency...

In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?A . Preventive and Detective controlsB . Detective and Disguised controlsC . Predictive and Detective controlsD . Preventive and predictive controlsView AnswerAnswer: A

A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good...

In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the system identified?A . Likelihood DeterminationB . Control recommendationC . System characterizationD . Control analysisView AnswerAnswer: C