(ISC)² CISSP - Certified Information Systems Security Professional - Uma ajudinha nas perguntas da certificação em CISSP - Parte 5
quinta-feira, 8 de maio de 2014
Quinta parte do question dump para o CISSP
Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:
- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf
Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML
Question:
Business continuity plans address all of the following except:
A.Critical servers used on the company's LAN
B.The most critical devices housed in the main data center
C.Individual workstations that are used by operations personnel
D.The protection of cold sites at a remote location
Answer:
D.The protection of cold sites at a remote location
Explanation:
A BCP does not address the protection of cold sites at remote location.
Question:
Organizations should not view disaster recovery as:
A.A committed expense
B.A discretionary expense
C.An enforcement of legal statues
D.Compliance with regulations
Answer:
B.A discretionary expense
Explanation:
Businesses need to treat disaster recovery planning as a committed expense, much like insurance is a requirement. In many sectors, disaster recovery is a legal requirement.
Question:
Which of the following best describes a continuity of operations plan?
A.Establishes senior management and a headquarters after a disaster. Outlines roles and authorities, orders of succession, and individual role tasks.
B.Plan for systems, networks, and major applications recovery procedures after disruptions. A contingency plan should be developed for each major system and application.
C.Includes internal and external communications structure and roles. Identifies specific individuals who will communicate with external entities. Contains predeveloped statements that are to be released.
D.Focuses on malware, hackers, intrusions, attacks, and other security issues. Outlines procedures for incident response.
Answer:
A.Establishes senior management and a headquarters after a disaster. Outlines roles and authorities, orders of succession, and individual role tasks.
Explanation:
The continuity of operations plan establishes senior management and a headquarters after a disaster. It outlines roles and authorities, orders of succession, and individual role tasks.
Question:
Which of the following best describes a parallel test?
A.A scenario is established and individuals are gathered to go through each step of the plan.
B.Copies of the plan are handed out to representatives from each functional area.
C.Some systems are moved to the alternate site and installed to test processing procedures and compatibility.
D.Management gathers and goes through a structured walk-through test.
Answer:
C.Some systems are moved to the alternate site and installed to test processing procedures and compatibility.
Explanation:
When a parallel test is performed, the critical systems are taken to the site where they would need to perform in an actual disaster.
Question:
Which of the following is not a purpose to develop and implement a disaster recovery plan?
A.Provides procedures for emergency responses
B.Extends backup operations to include more than just backing up data
C.Provides steps for a post-disaster recovery
D.Outlines business functions and systems
Answer:
D.Outlines business functions and systems
Explanation:
The disaster recovery plan does not outline business functions and systems. Those are handled in the business impact analysis.
Question:
A reciprocal agreement is best described how?
A.A site that has some computers and environmental controls
B.A site that has fully redundant systems, software, and configurations
C.A site that is in use by another company already
D.An agreement that is enforceable
Answer:
C.A site that is in use by another company already
Explanation:
A reciprocal agreement is when one company promises another company that it can move in if a disaster hits. This agreement is not enforceable.
Question:
A business impact analysis (BIA) does not typically include:
A.Identifying the type and quantity of resources required for the recovery
B.Identifying critical business processes and the dependencies between them
C.Identifying organizational risks
D.Developing a mission statement
Answer:
D.Developing a mission statement
Explanation:
The development of a mission statement is normally performed before the BIA.
Question:
An off-site information processing facility:
A.Should have the same degree of physical access restrictions as the primary processing site
B.Should be located close to the originating site so that it can quickly be made operational
C.Should be easily identified from the outside for easy emergency access
D.Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive
Answer:
A.Should have the same degree of physical access restrictions as the primary processing site
Explanation:
An off-site information processing facility should have the same amount of physical control as the originating site.
Question:
Out of the following steps in the development of a disaster recovery plan, which is the second step?
A.Develop an information system contingency plan
B.Create contingency strategies
C.Conduct the business impact analysis (BIA)
D.Ensure plan testing, training, and exercises
Answer:
C.Conduct the business impact analysis (BIA)
Explanation:
The seven progressive steps are designed to be integrated into each stage of the system development life cycle.
- Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
- Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization's mission/business functions. A template for developing the BIA is provided to assist the user.
- Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
- Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
- Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system's security impact level and recovery requirements.
- Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
- Ensure plan maintenance. The plan should be a living document that is updated regularly.
Question:
An organization wants to gain a common understanding of functions that are critical to its survival. Which of the following will help the most?
A.Risk assessment
B.Business assessment
C.Disaster recovery plan
D.Business impact analysis
Answer:
D.Business impact analysis
Explanation:
A business impact analysis (BIA) is an assessment of an organization’s business functions to develop an understanding of their criticality, recovery time objectives, and resources needed.
Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.HTML
Parte 3: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_2.HTML
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.html
Parte 6: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_9.html
