F Exam
The three constraints in strategy development can be which of the following: - answer
Direct, consequential, or peripheral
Each of the following can be used in defining an organizations desired state except for: -
answer None of the above
An information security strategy is - answer The objectives of information security
coupled with the plans to achieve it
From the text and class, which one of the following is not an identified causes for
strategy failures: - answer Knowing the culture and the landscape of the organization
and the environment it operates in
The two general classes of constraints are: - answer Contextual and Operational
The two greatest issues or difficulties in developing strategy are: - answer Cultural and
Structural
The NIST Cyber Security Framework (CSF) and the Sherwood Applied Business
Security Architecture (SABSA) are both Security Architecture Frameworks and which of
the following answers best describes the characteristics of both frameworks - answer1.
NIST CSF and SABSA are technology neutral
2. SABSA is both technology and controls neutral
The amount of data transactions that are allowed to be lost following a computer failure
(i.e., duration of orphan data) is the - answerRecovery Point Objective
When the Recovery Point Objective (RPO) is very short, the best solution is -
answerData mirroring
In managing a cyber crisis, it requires expertise in which of the following - answer1.
Crisis Management
2. Cyber Security
What do business continuity plans build within a business? - answerA more resilient,
agile business
Event Damage Classifications as presented in class include the following except for: -
answerCaptain
, Classification of Services as presented in class include the following except for: -
answerMedium
Major areas of security concerns for cloud as presented in class include the following
except for: - answerNone of the above
When the Recovery Time Objective (RTO) is large, this is associated with: -
answerSensitive or nonsensitive services
The Minimum Cost associated with Disruption versus Recovery Costs is where the
Curve for Alternative Recovery Strategies and Service Downtime intersect. -
answerTrue
In case of a Business Continuity Plan/Disaster Recovery Planning, People's lives
always take first priority. - answerTrue
RACI is not a tool used in establishing Disaster Recovery Responsibilities. -
answerFalse
Data which is lost and never recovered is known as Orphan Data. - answerTrue
Recovery Point Objectives do not influence the Backup Periods. - answerFalse
One of the first steps in performing a Business Impact Analysis is to ask which business
processes are of strategic importance. - answerTrue
The first and most important Business Continuity Planning (BCP) test is the Desk-based
paper test. - answerTrue
GAP Analysis is not used when comparing current to desired level. - answerFalse
Infrastructure as a Service, Platform as a Service, Software as a Service are examples
of Cloud Service Models. - answerTrue
Disaster Recovery Plan determines the most crucial IT operations from the business
perspective. - answerFalse
The two types of metrics that were discussed/identified in class and they are: -
answerQuantitative, qualitative or some combinations of the two
In Module 2's "Principles for Information Security Practitioners" presentation six
principles were identified that aligned with Support the Business, which of the following
is not one of those six principles: - answerDeliver quality and value to Information
Technology
The three constraints in strategy development can be which of the following: - answer
Direct, consequential, or peripheral
Each of the following can be used in defining an organizations desired state except for: -
answer None of the above
An information security strategy is - answer The objectives of information security
coupled with the plans to achieve it
From the text and class, which one of the following is not an identified causes for
strategy failures: - answer Knowing the culture and the landscape of the organization
and the environment it operates in
The two general classes of constraints are: - answer Contextual and Operational
The two greatest issues or difficulties in developing strategy are: - answer Cultural and
Structural
The NIST Cyber Security Framework (CSF) and the Sherwood Applied Business
Security Architecture (SABSA) are both Security Architecture Frameworks and which of
the following answers best describes the characteristics of both frameworks - answer1.
NIST CSF and SABSA are technology neutral
2. SABSA is both technology and controls neutral
The amount of data transactions that are allowed to be lost following a computer failure
(i.e., duration of orphan data) is the - answerRecovery Point Objective
When the Recovery Point Objective (RPO) is very short, the best solution is -
answerData mirroring
In managing a cyber crisis, it requires expertise in which of the following - answer1.
Crisis Management
2. Cyber Security
What do business continuity plans build within a business? - answerA more resilient,
agile business
Event Damage Classifications as presented in class include the following except for: -
answerCaptain
, Classification of Services as presented in class include the following except for: -
answerMedium
Major areas of security concerns for cloud as presented in class include the following
except for: - answerNone of the above
When the Recovery Time Objective (RTO) is large, this is associated with: -
answerSensitive or nonsensitive services
The Minimum Cost associated with Disruption versus Recovery Costs is where the
Curve for Alternative Recovery Strategies and Service Downtime intersect. -
answerTrue
In case of a Business Continuity Plan/Disaster Recovery Planning, People's lives
always take first priority. - answerTrue
RACI is not a tool used in establishing Disaster Recovery Responsibilities. -
answerFalse
Data which is lost and never recovered is known as Orphan Data. - answerTrue
Recovery Point Objectives do not influence the Backup Periods. - answerFalse
One of the first steps in performing a Business Impact Analysis is to ask which business
processes are of strategic importance. - answerTrue
The first and most important Business Continuity Planning (BCP) test is the Desk-based
paper test. - answerTrue
GAP Analysis is not used when comparing current to desired level. - answerFalse
Infrastructure as a Service, Platform as a Service, Software as a Service are examples
of Cloud Service Models. - answerTrue
Disaster Recovery Plan determines the most crucial IT operations from the business
perspective. - answerFalse
The two types of metrics that were discussed/identified in class and they are: -
answerQuantitative, qualitative or some combinations of the two
In Module 2's "Principles for Information Security Practitioners" presentation six
principles were identified that aligned with Support the Business, which of the following
is not one of those six principles: - answerDeliver quality and value to Information
Technology
