Question 1. A targeted solution to misuse of a specific vulnerability is called a(n) _____.
exploit
vulnerability
control
safeguard
Question 2. Which of the following is not a basic component of risk management?
Risk identification
Risk control
Mitigation
All of the above
Question 3. Which of the following is not one of the four basic risk control strategies?
Acknowledgement
Transference
Mitigation
Acceptance
Question 4. Who is responsible for obtaining senior management commitment and support at the outset of the planning process?
Emergency management team
Disaster recovery team
Contingency planning management team
Incident response team
Question 5. The first step in the business impact analysis is to identify and prioritize _____.
business unit analysis
threat attacks
attack success scenario development
damage assessment
Question 6. The _____ analysis provides information about systems and the threats they face.
business unit
vulnerability
business impact
threat attack
Question 7. Which of the following is not a possible IR team structure model?
Central IR team
Distributed IR teams
Decentralized IR team
Coordinating IR team
Question 8. The responsibility for creating an organization's IR plan rests with the _____.
Chief information security officer (CISO)
Chief security officer
Chief executive officer
Chief planning officer
Question 9. An actual incident that occurs but is not reported is called a _____.
false positive
true positive
false negative
true negative
Question 10. Scanning a network for active systems and services is called _____.
footprinting
fingerprinting
doorknob rattling
window checking