You work as a Security Administrator for uCertify Inc. You have been assigned the task to verify the identity of the employees recruited in your organization. Which of the following components of security deals with an employee's verification in the organization?
You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?
Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.
You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Human resource security deals with the employees handling personal data in an organization. Which section of ISO 27002 describes human resource security?
Which of the following terms refers to the time duration during which a system or service is unavailable?
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
Which of the following formulas is used to represent the annualized loss expectancy (ALE)?
You work as an Information Security Manager for uCertify Inc. You need to make the documentation on change management. What are the advantages of change management?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Administrator for uCertify Inc. You are responsible for selecting the access control method that will be used for kiosk system software. Your manager wants to have full access to all information about all categories, but the visitors can access only general information about the organization. Which of the following types of access controls is suitable to accomplish this task?
John works as a Security Administrator for uCertify Inc. As per his past experience, he wants to make a policy stating that any hardware devices containing information about the organization should be destroyed properly before they are thrown. After applying this policy, John will be able to ensure that the information on the devices will not fall into the hands of unauthorized persons after properly discarding the devices.
Which of the following types of policies is John going to create?
Which of the following types of viruses is placed into the first sector of the hard drive?
Which of the following plans provides measures and capabilities for recovering a major application or general support system?
Which of the following is the element used in the technology of encrypting and decrypting the text in cryptography?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to make a document on the usage of information assets. Which of the following controls of the ISO standard deals with the documentation and implementation of rules for the acceptable use of information assets?
Which of the following are the two methods that are commonly used for applying mandatory access control?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following surveys found that the smaller organizations had had a better understanding of their information assets?
The usage of pre-numbered forms for initiating a transaction is an example of which of the following types of control?
You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Which of the following standards of information security deals with the employees handling personal data in an organization?
In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?
In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?
Which of the following states that a user should never be given more privileges than are required to carry out a task?
Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?
You are consulting with a small budget conscious accounting firm. Each accountant keeps individual records on their PC and checks them in and out of a server. They are concerned about losing data should the server hard drive crash. Which of the following RAID levels would you recommend?
By gaining full control of a router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack routers?
Each correct answer represents a complete solution. Choose all that apply.
You work as the Network Security Administrator for uCertify Inc. You are responsible for protecting your network from unauthorized access from both inside and outside the organization. For outside attacks, you have installed a number of security tools that protect your network. For internal security, employees are using passwords more than 8 characters; however, a few of them having the same designation often exchange their passwords, making it possible for others to access their accounts. There is already a policy to stop this practice, but still employees are doing so. Now, you want to stop this and ensure that this never happens again. Which of the following will be the best step to stop this practice?
Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?
You work as a System Administrator for uCertify Inc. You have been given the task to create a new corporate policy. Which of the following approaches must be followed to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn't know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password.
What type of attack has just occurred?
In which of the following social engineering attacks does an attacker first damage any part of the target's equipment and then advertise himself as an authorized person who can help fix the problem.
Which of the following laws or acts enforces the prohibition against cyber stalking?
Which of the following standard file formats is used by Apple's iPod to store contact information?
Which of the following are responsibilities of the Service Level Manager?
Each correct answer represents a complete solution. Choose all that apply.
Service Level Agreement (SLA) provides one service for all customers of that service. Which of the following are the contents included by SLAs?
Each correct answer represents a complete solution. Choose all that apply.
Disaster recovery plan consists of various tiers for identifying the methods of recovering mission-critical computer systems that are necessary to support business continuity. All these tiers provide a simple method to define current service levels and associated risks. Choose and re-order the tiers of disaster recovery plan.
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to create a document following the Business Model of information security to provide guidelines for information assets. Which of the following are the elements of the Business Model for information security?
Each correct answer represents a complete solution. Choose all that apply.
You are the Network Administrator for a school. You are concerned that end users' might accidentally have access to resources they do not require. What concept should you implement in your network security management to best address this concern?
David works as the Network Administrator for Blue Well Inc. He has been asked to perform risk analysis. He decides to perform it by using CRAMM. The CEO of the company wants to know the stronger points of CRAMM that is going to be used by David. Which of the following points will David tell the CEO of the organization?
Each correct answer represents a complete solution. Choose all that apply.
David works as the Manager for Tech Mart Inc. An incident had occurred ten months ago due to which the company suffered too much losses. David has been assigned the task to submit a report on the losses incurred by the company in a year. Which of the following should David calculate in order to submit the report containing annualized loss expectancy?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Officer. You are working on an asset management plan. You need to assign ownership of some assets to an employee. You are making a documentation to explain the responsibilities of an owner of the business asset. Which of the following areas should you include in your documentation?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Professional for uCertify Inc. You are working on a Disaster Recovery Plan (DRP). Which of the following are basic functions of DRP?
Each correct answer represents a complete solution. Choose all that apply.
A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Network Security Administrator for uCertify Inc. He has been assigned the task of installing a MySQL server. Mark wants to monitor only the data that is directed to or originating from the server and he also wants to monitor running processes, file system access and integrity, and user logins for identifying malicious activities. Which of the following intrusion detection techniques will Mark use to accomplish the task?
Which of the following is used for secure financial transactions over the Internet?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following are information assets?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a process of identifying and documenting project roles, responsibilities, and reporting relationships?
Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?
Which of the following are the basics of Business Continuity Management?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You are working on the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. Which of the following should you include in your plan?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You need to create the documentation on information security management system (ISMS). Which of the following is the governing principle behind ISMS?
Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?
Which of the following statements about incremental backup are true?
Each correct answer represents a complete solution. Choose two.
Which of the following are the variables on which the structure of Service Level Agreement depends?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the valid reasons for the occurrence of Drive-by download?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following security design principles supports comprehensive and simple design and implementation of protection mechanisms, so that an unintended access path does not exist or can be readily identified and eliminated?
Which of the following pillars of Basel II is concerned with maintenance of regulatory capital intended for three major components of risk that a bank faces, which are credit risk, operational risk, and market risk?
Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?
Which of the following are the purposes of security awareness, training, and education?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. The company has made a contract with a third party software company to make a software program for personal use. You have been assigned the task to share organization's personal requirements regarding the tool to the third party using a non disclosure agreement (NDA). Which of the following is the purpose of using NDA?
Which of the following are the rights that are given to the person who has processed data?
Each correct answer represents a complete solution. Choose all that apply.
DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.
TESTED 19 Aug 2025
