47 Users in the two offices would like to access each other's file servers over the internet. What control would provide confidentiality for those communications?Digital signaturesVirtual private networkVirtual LANDigital content management
48 You are also concerned about the availability of data stored on each office's server. You would like to add technology that would enable continued access to files located on the server even if a hard drive in a server fails. What control allows you to add robustness without adding additional servers?Server clusteringLoad balancingRAIDScheduled backups
49 Finally, there are historical records stored on the server that are extremely important to the business and should never be modified. You would like to add an integrity control that allows you to verify on a periodic basis that the files were not modified. What control can you add?HashingACLsRead-only attributesFirewalls
50 Beth is a human resources specialist preparing to assist in the termination of an employee. Which of the following is not typically part of a termination process?An exit interviewRecovery of propertyAccount terminationSigning an NCA
51 Frances is reviewing her organization's business continuity plan documentation for completeness. Which one of the following is not normally included in business continuity plan documentation?Statement of accountsStatement of importanceStatement of prioritiesStatement of organizational responsibility
52 An accounting employee at Doolittle Industries was recently arrested for participation in an embezzlement scheme. The employee transferred money to a personal account and then shifted funds around between other accounts every day to disguise the fraud for months. Which one of the following controls might have best allowed the earlier detection of this fraud?Separation of dutiesLeast privilegeDefense in depthMandatory vacation
53 Jeff would like to adopt an industry-standard approach for assessing the processes his organization uses to manage risk. What maturity model would be most appropriate for his use?CMMSW-CMMRMMCOBIT
54 Chris' organization recently suffered an attack that rendered their website inaccessible to paying customers for several hours. Which information security goal was most directly impacted?ConfidentialityIntegrityAvailabilityDenial
55 Yolanda is writing a document that will provide configuration information regarding the minimum level of security that every system in the organization must meet. What type of document is she preparing?PolicyBaselineGuidelineProcedure
56 Who should receive initial business continuity plan training in an organization?Senior executivesThose with specific business continuity rolesEveryone in the organizationFirst responders
57 James is conducting a risk assessment for his organization and is attempting to assign an asset value to the servers in his data center. The organization's primary concern is ensuring that it has sufficient funds available to rebuild the data center in the event it is damaged or destroyed. Which one of the following asset valuation methods would be most appropriate in this situation?Purchase costDepreciated costReplacement costOpportunity cost
58 Roger's organization suffered a breach of customer credit card records. Under the terms of PCI DSS, what organization may choose to pursue an investigation of this matter?FBILocal law enforcementBankPCI SSC
59 Rick recently engaged critical employees in each of his organization's business units to ask for their assistance with his security awareness program. They will be responsible for sharing security messages with their peers and answering questions about cybersecurity matters. What term best describes this relationship?Security championSecurity expert GamificationPeer review
60 Frank discovers a keylogger hidden on the laptop of his company's chief executive officer. What information security principle is the keylogger most likely designed to disrupt?ConfidentialityIntegrityAvailabilityDenial
61 Elise is helping her organization prepare to evaluate and adopt a new cloud-based human resource management (HRM) system vendor. What would be the most appropriate minimum security standard for her to require of possible vendors?Compliance with all laws and regulationsHandling information in the same manner the organization wouldElimination of all identified security risksCompliance with the vendor's own policies
62 The following graphic shows the NIST risk management framework with step 4 missing. What is the missing step?Assess security controls.Determine control gaps. Remediate control gaps.Evaluate user activity.
63 HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?Risk mitigationRisk acceptanceRisk transferenceRisk avoidance
64 Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce?AvailabilityDenialConfidentialityIntegrity
65 Which one of the following components should be included in an organization's emergency response guidelines?List of individuals who should be notified of an emergency incidentLong-term business continuity protocolsActivation procedures for the organization's cold sitesContact information for ordering equipment
66 Chas recently completed the development of his organization's business continuity plan. Who is the ideal person to approve an organization's business continuity plan?Chief information officerChief executive officerChief information security officerChief operating officer
67 Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?Structured analysis of the organizationReview of the legal and regulatory landscapeCreation of a BCP teamDocumentation of the plan
68 Gary is implementing a new website architecture that uses multiple small web servers behind a load balancer. What principle of information security is Gary seeking to enforce?DenialConfidentialityIntegrityAvailability
69 Becka recently signed a contract with an alternate data processing facility that will provide her company with space in the event of a disaster. The facility includes HVAC, power, and communications circuits but no hardware. What type of facility is Becka using?Cold siteWarm siteHot siteMobile site
70 Greg's company recently experienced a significant data breach involving the personal data of many of their customers. Which breach laws should they review to ensure that they are taking appropriate action?The breach laws in the state where they are headquartered.The breach laws of states they do business in.Only federal breach laws.Breach laws only cover government agencies, not private businesses.
71 Ben is seeking a control objective framework that is widely accepted around the world and focuses specifically on information security controls. Which one of the following frameworks would best meet his needs?ITILISO 27002CMMPMBOK Guide
72 Matt works for a telecommunications firm and was approached by a federal agent seeking assistance with wiretapping one of Matt's clients pursuant to a search warrant. Which one of the following laws requires that communications service providers cooperate with law enforcement requests?ECPACALEAPrivacy ActHITECH Act
73 Every year, Gary receives privacy notices in the mail from financial institutions where he has accounts. What law requires the institutions to send Gary these notices?FERPAGLBA HIPAAHITECH
74 Which one of the following agreements typically requires that a vendor not disclose confidential information learned during the scope of an engagement?NCASLANDARTO
75 The (ISC)2 Code of Ethics applies to all CISSP holders. Which of the following is not one of the four mandatory canons of the code?Protect society, the common good, the necessary public trust and confidence, and the infrastructure.Disclose breaches of privacy, trust, and ethics.Provide