Which of the following Tier 1 policies will identify who is responsible for what?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 7
Which of the following security procedures is NOT related to the SDLC's disposition?
Options are :
Which of the following processes is involved in identifying, measuring, and controlling events?
Options are :
Which of the following contract types is described in the statement below?
"The seller is reimbursed for all allowable costs for performing the contract work, and receives a
fixed payment calculated as a percentage for the initial estimated project costs."
Options are :
312-76 Disaster Recovery Professional Practice Test Set 7
Which of the following parts of BS 7799 covers risk analysis and management?
Options are :
Who among the following has the ultimate responsibility for the protection of the organization's information?
Options are :
Which of the following documents helps disaster recovery team members in getting the alternate sites up and running?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
Which of the following documents provides a high-level view of the entire organization's disaster recovery efforts?
Options are :
Which of the following terms describes the determination of the effect of changes to the information system on the security of the information system?
Options are :
Which of the following processes helps the organization to identify appropriate controls for reducing or eliminating risk during the risk mitigation process?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 6
Which of the following is a compromise between hot and cold sites?
Options are :
Which of the following functions is performed by change control?
Options are :
Which of the following processes is required for effective business continuity and disaster-recovery planning?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 5
Which of the following processes acts as a control measure that provides some amount of protection to the assets?
Options are :
Which of the following actions can be performed by using the principle of separation of duties?
Options are :
Which of the following TCB components is a hardware, firmware, and software element that implements the reference monitor concept?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 3
Which of the following tests activates the total disaster recovery plan?
Options are :
Which of the following terms best describes the presence of any potential event that causes an undesirable impact on the organization?
Options are :
Which of the following processes is used by organizations to set the risk tolerance, identify the potential risks, and prioritize the tolerance for risk?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 5
Which of the following components in a TCB acts as the boundary that separates the TCB from the remainder of the system?
Options are :
Which of the following individuals considers risk management in IT planning, budgeting, and meeting system performance requirements?
Options are :
Which of the following scripts is included as a part of disaster recovery plan to confirm that everything is working as intended?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 8
Which of the following is a category of an automated Incident detection process?
Options are :
Which of the following values specifies the acceptable latency of data that will be recovered?
Options are :
Which of the following acts affects all public companies subject to US security laws?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 5
Which of the following terms describes the determination of the effect of changes to the information system on the security of the information system?
Options are :
In which of the following scenarios is database backup transferred to a remote site in a bulk transfer fashion?
Options are :
Which of the following types of storage requires some direct human action in order to make access to the storage media physically possible?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization's industry?
Options are :
Which of the following processes is NOT included in the risk mitigation?
Options are :
Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?
Options are :
Which of the following subphases are defined in the maintenance phase of the life cycle models?
Each correct answer represents a part of the solution. Choose all that apply.
A. Change control
B. Request control
C. Release control
D. Configuration control
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited
personnel in the field of security management. She is giving a tutorial on DRP. She explains that
the major goal of a disaster recovery plan is to provide an organized way to make decisions if a
disruptive event occurs and asks for the other objectives of the DRP. If you are among some of
the newly recruited personnel in SoftTech Inc, what will be your answer for her question?
Each correct answer represents a part of the solution. Choose three.
A. Guarantee the reliability of standby systems through testing and simulation.
B. Protect an organization from major computer services failure.
C. Minimize the risk to the organization from delays in providing services.
D. Maximize the decision-making required by personnel during a disaster.
Options are :
Which of the following cryptographic system services assures the receiver that the received message has not been altered?
Options are :
Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 7
Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?
Options are :
Which of the following defines the communication link between a Web server and Web applications?
Options are :
Fill the measurement of SFX form factor style power supply in the blank space.
The SFX form factor style power supply is ___________mm wide, mm deep, and mm in height.
Options are :
312-76 Disaster Recovery Professional Practice Test Set 4
Which of the following statements are true about classless routing protocols?
Each correct answer represents a complete solution. Choose two.
A. The same subnet mask is used everywhere on the network.
B. They extend the IP addressing scheme.
C. IGRP is a classless routing protocol.
D. They support VLSM and discontiguous networks.
Options are :
Which of the following is the simulation of the disaster recovery plans?
Options are :
Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen
months and six months already passed. Management asks Mark that how often the project team is
participating in the risk reassessment of this project. What should Mark tell management if he is
following the best practices for risk management?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?
Options are :
Which of the following disaster recovery tests includes the operations that shut down at the primary site, and are shifted to the recovery site according to the disaster recovery plan?
Options are :
Which of the following backup sites is the best way for rapid recovery if you do not need the full recovery temporarily?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 7
You work as a senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management, you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items?
Options are :
Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?
Options are :
Which of the following statements about a certification authority (CA) is true?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 13
Which of the following statements about disaster recovery plan documentation are true?
Each correct answer represents a complete solution. Choose all that apply.
A. The documentation regarding a disaster recovery plan should be stored in backup tapes.
B. The documentation regarding a disaster recovery plan should be stored in floppy disks.
C. The disaster recovery plan documentation should be stored onsite only.
D. The disaster recovery plan documentation should be stored offsite only
Options are :
Which of the following best describes the identification, analysis, and ranking of risks?
Options are :
Which of the following plans provides procedures for recovering business operations immediately following a disaster?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
BS 7799 is an internationally recognized ISM standard that provides high level, conceptual
recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of
the following statements are true about BS 7799?
Each correct answer represents a complete solution. Choose all that apply.
A. BS 7799 Part 3 was published in 2005, covering risk analysis and management.
B. BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards
Institute (BSI) in 1995.
C. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.
D. BS 7799 Part 1 was adopted by ISO as ISO/IEC 27001 in November 2005.
Options are :
Which of the following response teams aims to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote information sharing among
members and the community at large?
Options are :
Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?
Options are :
IT Service Continuity Management (ITSCM) is used to support the overall Business Continuity Management (BCM) in order to ensure that the required IT infrastructure and the IT service
provision are recovered within an agreed business time scales. Which of the following are the
benefits of implementing IT Service Continuity Management?
Each correct answer represents a complete solution. Choose all that apply.
A. It prioritizes the recovery of IT services by working with BCM and SLM.
B. It minimizes costs related with recovery plans using proper proactive planning and testing.
C. It confirms competence, impartiality, and performance capability of an organization that
performs audits.
D. It minimizes disruption in IT services when it follows a major interruption or disaster.
Options are :
Which of the following tools in Helix Windows Live is used to reveal the database password of password protected MDB files created using Microsoft Access or with Jet Database Engine?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
Which of the following levels of RAID provides security features that are availability, enhanced performance, and fault tolerance?
Options are :
Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT
Service Management (ITSM) process. Configuration Management is used for which of the
following?
Each correct answer represents a part of the solution. Choose all that apply.
A. To verify configuration records and correct any exceptions
B. To account for all IT assets
C. To provide precise information support to other ITIL disciplines
D. To provide a solid base only for Incident and Problem Management
Options are :
Which of the following types of attacks occurs when an attacker successfully inserts an
intermediary software or program between two communicating hosts?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 5
Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denial-of-service attacks, or unauthorized changes to system hardware, software, or data?
Options are :
Which of the following BCP teams assesses the damage of the disaster in order to provide the estimate of the time required to recover?
Options are :
Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?
Options are :
Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 14
Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen
months and six months already passed. Management asks Mark that how often the project team is
participating in the risk reassessment of this project. What should Mark tell management if he is
following the best practices for risk management?
Options are :
Which of the following is the duration of time and a service level within which a business process
must be restored after a disaster in order to avoid unacceptable consequences associated with a
break in business continuity?
Options are :
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 4
Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in
implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.
A. FCIP write acceleration
B. IVR
C. FCIP compression
D. SAN extension tuner
Options are :
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
Options are :
Which of the following are common applications that help in replicating and protecting critical
information at the time of disaster?
Each correct answer represents a complete solution. Choose all that apply.
A. Asynchronous replication
B. Synchronous replication
C. Tape backup
D. Disk mirroring
Options are :
312-76 Disaster Recovery Professional Practice Test Set 5
Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?
Options are :
Which of the following individuals incorporates risk assessment in training programs for the organization's personnel?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 13
Which of the following maturity levels of the software CMM focuses on competent people and heroics?
Options are :
Which of the following processes involves reducing the risk until it reaches a level acceptable to an organization?
Options are :
Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
Which of the following processes measures the maturity level of the security program?
Options are :
Which of the following tests activates the total disaster recovery plan?
Options are :
In which of the following DRP tests does a business unit management meet to review the plan?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 13
Which of the following activities includes initiation, development and acquisition, implementation and installation, operational maintenance, and disposal?
Options are :
Which of the following documents is necessary to continue the business in the event of disaster or emergency?
Options are :
Which of the following parts of BS 7799 covers risk analysis and management?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 7
Which of the following documents provides a high-level view of the entire organization's disaster recovery efforts?
Options are :
Which of the following activities includes initiation, development and acquisition, implementation and installation, operational maintenance, and disposal?
Options are :
Which of the following processes involves reducing the risk until it reaches a level acceptable to an organization?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 12
In risk analysis, which of the following can be identified as a consequence of a disaster?
Options are :
Which of the following plans provides procedures for disseminating status reports to personnel and the public?
Options are :
Which of the following system security policies is used to address specific issues of concern to the organization?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 9
Which of the following classification schemes is considered to be of a personal nature and is intended for company use only?
Options are :
Which of the following processes involves taking measures to alter or improve the risk position of an asset throughout the company?
Options are :
Which of the following tests activates the total disaster recovery plan?
Options are :
312-76 Disaster Recovery Professional Practice Test Set 4
Which of the following security procedures is related to the SDLC's implementation?
Options are :