100%(8)8 out of 8 people found this document helpful
This preview shows page 8 - 10 out of 12 pages.
QUESTION 811.It is important to conduct a nearly continuous evaluation of possible ______________ to guarantee that recovery estimates provided to customers are accurate and maintain credibility with customers.resourcesvulnerabilitiesdowntimesrisks10 points QUESTION 821.Based on your work in the lab, to which policy definition does the following policy statement apply? 10 points QUESTION 831.Because incidents can eventually become court cases, it is necessary that the actions of the IRT demonstrate due care, which requires steps or actions are taken to mitigate harm to another party.10 points QUESTION 841.The Security Content Automation Protocol (SCAP) was developed under the Federal Information Security Management ACT (FISMA) to institute minimum requirements, standards, and guidelines, and for tools used to scan systems. SCAP identifies two specifications for implementation: Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Score Systems (CVSS).
10 points QUESTION 851.Policies and standards are a collection of concrete definitions that describe acceptable and unacceptable human behavior. The questions related to_______________ are more appropriate for procedures or guidelines than policies or standards, which require detail that is more at the level of________________.where, when and how; what and whyhow; whatwhere and when; what, who and whywhere, when, and how; what, who, and why10 points QUESTION 861.Organizations seek to create a coherent set of documents that are stable and immune to the need for regularly adjustments. However, the types of policy documents can differ, depending on the organization. Which of the following is notone the reasons why these documents might vary from one organization to the next?10 points QUESTION 871.The main motivation for information security is overall good practice and commonsense. While compliance is important, it is necessary to be extremely mindful of other risks to security not covered by laws and regulations.10 points