| Question.21 In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed? (A) Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review. (B) Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement. (C) Ensure the business continuity policy, controls, processes, and procedures have been implemented. (D) Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established. |
21. Click here to View Answer
Correct Answer: C
| Question.22 What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment? (A) Service Organization Control (SOC) 1 Type 2 (B) Service Organization Control (SOC) 1 Type 1 (C) Service Organization Control (SOC) 2 Type 2 (D) Service Organization Control (SOC) 2 Type 1 |
22. Click here to View Answer
Correct Answer: D
| Question.23 A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization? (A) Organization loses control of their network devices. (B) Network is flooded with communication traffic by the attacker. (C) Network management communications is disrupted. (D) Attacker accesses sensitive information regarding the network topology. |
23. Click here to View Answer
Correct Answer: A
| Question.24 Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users’ internal control over financial reporting? A. Statement on Auditing Standards (SAS) 70 B. Service Organization Control 1 (SOC1) C. Service Organization Control 2 (SOC2) D. Service Organization Control 3 (SOC3) |
24. Click here to View Answer
Correct Answer: B
| Question.25 Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks? A. Scheduled team review of coding style and techniques for vulnerability patterns B. The regular use of production code routines from similar applications already in use C. Using automated programs to test for the latest known vulnerability patterns D. Ensure code editing tools are updated against known vulnerability patterns |
25. Click here to View Answer
Correct Answer: C