New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ECCouncil > Certified Ethical Hacker > 312-76

312-76 Disaster Recovery Professional Practice Test Question and Answers

Question # 4

A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

A.

Security law

B.

Privacy law

C.

Trademark law

D.

Copyright law

Full Access
Question # 5

Which of the following SSE-CMM security engineering Process Areas (PA) provides the security input?

A.

PA06

B.

PA09

C.

PA07

D.

PA08

Full Access
Question # 6

You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

A.

RAID-0

B.

RAID-1

C.

RAID-5

D.

RAID-10

Full Access
Question # 7

Which of the following backup sites is the best way for rapid recovery if you do not need the full recovery temporarily?

A.

Hot backup site

B.

Cold backup site

C.

Mobile backup site

D.

Warm backup site

Full Access
Question # 8

Which of the following backup sites is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data?

A.

Hot backup site

B.

Warm backup site

C.

Mobile backup site

D.

Cold backup site

Full Access
Question # 9

Which of the following policies is related to the backup of data?

A.

Backup policy

B.

Network security policy

C.

User password policy

D.

Privacy policy

Full Access
Question # 10

Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following?

Each correct answer represents a part of the solution. Choose all that apply.

A.

To verify configuration records and correct any exceptions

B.

To account for all IT assets

C.

To provide precise information support to other ITIL disciplines

D.

To provide a solid base only for Incident and Problem Management

Full Access
Question # 11

Which of the following actions can be performed by using the principle of separation of duties?

A.

Developing job descriptions

B.

Identifying critical positions

C.

Conducting background investigation

D.

Reducing the opportunity for fraud

Full Access
Question # 12

Which of the following cryptographic system services assures the receiver that the received message has not been altered?

A.

Authentication

B.

Non-repudiation

C.

Confidentiality

D.

Integrity

Full Access
Question # 13

Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing?

A.

Utility model

B.

Copyright

C.

Snooping

D.

Patent

Full Access
Question # 14

Fill in the blank with the appropriate number:

RAID-______is a combination of RAID-1 and RAID-0.

A.

10

Full Access
Question # 15

Which of the following cryptographic system services proves a user's identity?

A.

Confidentiality

B.

Non-repudiation

C.

Integrity

D.

Authentication

Full Access
Question # 16

You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes?

A.

Mitigation

B.

Sharing

C.

Exploiting

D.

Acceptance

Full Access
Question # 17

Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing?

A.

Utility model

B.

Patent

C.

Snooping

D.

Copyright

Full Access
Question # 18

You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this?

A.

Qualitative analysis

B.

Estimate activity duration

C.

Quantitative analysis

D.

Risk identification

Full Access
Question # 19

Which of the following control measures are considered while creating a disaster recovery plan?

Each correct answer represents a part of the solution. Choose three.

A.

Detective measures

B.

Supportive measures

C.

Corrective measures

D.

Preventive measures

Full Access
Question # 20

You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this?

A.

Quantitative analysis

B.

Estimate activity duration

C.

Risk identification

D.

Qualitative analysis

Full Access
Question # 21

Which of the following individuals incorporates risk assessment in training programs for the

organization's personnel?

A.

Chief information officer

B.

Information system security officer

C.

Functional manager

D.

Security awareness trainer

Full Access
Question # 22

Fill in the blank with the appropriate phrase.

__________________ is the process of obtaining access using legitimate credentials, and then attempting to leverage that into access to unauthorized system resources.

A.

Privilege escalation

Full Access
Question # 23

Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denial-of-service attacks, or unauthorized changes to system hardware, software, or data?

A.

Cyber Incident Response Plan

B.

Crisis Communication Plan

C.

Occupant Emergency Plan

D.

Disaster Recovery Plan

Full Access
Question # 24

Which of the following security procedures is NOT related to the SDLC's disposition?

A.

Media sanitation

B.

Information preservation

C.

Hardware and software disposal

D.

Security certification

Full Access
Question # 25

Which of the following types of storage requires some direct human action in order to make

access to the storage media physically possible?

A.

Near-line

B.

Off-line

C.

On-line

D.

Far-line

Full Access
Question # 26

Which of the following security procedures is related to the SDLC's implementation?

A.

Risk assessment

B.

Media sanitation

C.

Security accreditation

D.

Information preservation

Full Access
Question # 27

Which of the following types of attacks occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts?

A.

Password guessing attack

B.

Dictionary attack

C.

Man-in-the-middle attack

D.

Denial-of-service attack

Full Access
Question # 28

Which of the following sites is a non-mainstream alternative to a traditional recovery site?

A.

Warm site

B.

Hot site

C.

Mobile site

D.

Cold site

Full Access
Question # 29

Which of the following phases involves getting the final senior management signoff and creating enterprise-wide awareness of the plan?

A.

Business Impact Assessment

B.

Business Continuity Plan Development

C.

Plan Approval and Implementation

D.

Scope and Plan Initiation

Full Access
Question # 30

Which of the following processes identifies the threats that can impact the business continuity of operations?

A.

Business impact analysis

B.

Function analysis

C.

Requirement analysis

D.

Risk analysis

Full Access
Question # 31

Fill in the blank:

A______plan is a plan devised for a specific situation when things could go wrong.

A.

contingency

Full Access
Question # 32

Which of the following statements are true about an APW (Air Pressurized Water) extinguisher?

Each correct answer represents a complete solution. Choose all that apply.

A.

It is a golden color extinguisher that is filled with about 9.5 gallons (approx. 39 liters) of ordinary tap water.

B.

It uses water and pressure to stifle the heat of fire.

C.

It is also known as a class C fire extinguisher.

D.

It should never be used on grease fires, electrical fires, or class D fires.

Full Access
Question # 33

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

A.

The IT Service Continuity Manager

B.

The Configuration Manager

C.

The Supplier Manager

D.

The Service Catalogue Manager

Full Access
Question # 34

Which of the following BCP teams assesses the damage of the disaster in order to provide the estimate of the time required to recover?

A.

Emergency action team

B.

Off-site storage team

C.

Emergency management team

D.

Damage assessment team

Full Access
Question # 35

John, a novice web user, makes a new e-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?

Each correct answer represents a complete solution. Choose all that apply.

A.

Brute Force attack

B.

Dictionary attack

C.

Rule based attack

D.

Hybrid attack

Full Access
Question # 36

In which of the following prototyping, a version of the system is built to check the requirements and is then discarded?

A.

Evolutionary prototyping

B.

Incremental prototyping

C.

Project prototyping

D.

Throw-away prototyping

Full Access
Question # 37

Who among the following has the ultimate responsibility for the protection of the organization's information?

A.

Senior management

B.

Application owner

C.

User

D.

Technology provider

Full Access
Question # 38

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

A.

Snooping

B.

Patent

C.

Utility model

D.

Copyright

Full Access
Question # 39

Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

A.

Disaster Recovery Plan

B.

Business Continuity Plan

C.

Contingency Plan

D.

Continuity of Operations Plan

Full Access
Question # 40

Which of the following defines the communication link between a Web server and Web applications?

A.

IETF

B.

Firewall

C.

PGP

D.

CGI

Full Access
Question # 41

Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?

A.

AES

B.

DES

C.

IDEA

D.

PGP

Full Access
Question # 42

Fill the measurement of SFX form factor style power supply in the blank space.

The SFX form factor style power supply is ___________mm wide, mm deep, and mm in height.

A.

100

Full Access
Question # 43

Which of the following measurements of a disaster recovery plan are aimed at detecting unwanted events?

A.

Preventive measures

B.

Detective measures

C.

Supportive measures

D.

Corrective measures

Full Access