Professional Documents
Culture Documents
Giu 2722 62 16656 2024-03-23T14 13 52
Giu 2722 62 16656 2024-03-23T14 13 52
Faculty of Informatics and Computer Science ICS 606: Business Continuity and Risk Management
Dr. Alia El Bolock Spring Semester 2022
June 26, 2022 Second Chance Exam
Bar Code
c) This exam booklet contains 9 pages, including this one. Two extra sheets of scratch paper are attached and
have to be kept attached. Note that if one or more pages are missing, you will lose their points. Thus,
you must check that your exam booklet is complete.
d) Write your solutions in the space provided. If you need more space, write on the back of the sheet containing
the problem or on the four extra sheets and make an arrow indicating that. Scratch sheets will not be graded
unless an arrow on the problem page indicates that the solution extends to the scratch sheets.
e) When you are told that time is up, stop working on the test.
Good Luck!
a . integrity
b . availability
c . confidentiality
d . risk assessment
a . policy
b . procedure
c . guideline
d . standard
4 - A(n) ————– security policy addresses specific areas of technology and contains a statement about the
organization’s position on a specific issue.
a . issue-specific
b . enterprise information
c . systems-specific
d . technology-specific
5 - ———– is/are responsible for the overall planning and development of the contingency planning process,
including the organization of subordinate teams and oversight of subordinate plans.
a . Executive management
b . The contingency planning management team (CPMT)
c . IT managers
d . The disaster recovery planning team
7 - A(n) —— is a detailed examination of the events that occurred, from first detection of an incident to final
recovery.
a . after-action review
b . reactive review
c . proactive review
d . audit review
8 - A resumption location known as a ———- is a fully configured computer facility capable of establishing
operations at a moment’s notice.
a . cold site
b . mirror site
c . service bureau
d . hot site
9 - A data ——– is the duplication of systems data to external media or a secondary location for the purpose of
long term retention; it is typically mandated by policy or regulation.
a . archive
b . backup
c . recovery
d . mirroring
10 - The ——- is the amount of effort (expressed as elapsed time) needed to make business functions work again
after the technology element is recovered.
a . recovery point objective
b . mean time to repair
c . work recovery time
d . training objective
11 - What is a common approach used in the discipline of systems analysis and design to understand the ways
systems operate and to chart process flows and inter-dependency studies?
a . database diagramming
b . network diagramming
c . application diagramming
d . systems diagramming
12 - The final component to the CPMT planning process is to deal with ——-.
a . BIA data collection
b . prioritizing mission/business processes
c . budgeting for contingency operations
d . identifying recovery priorities
13 - In contingency planning operations, ———– requires the largest budget expenditure; maintaining service
contracts to cover all the contingencies that the organization faces can be
a . business continuity
b . disaster recovery
c . incident response
d . crisis management
ICS 606: Business Continuity and Risk Management, Second Chance Exam, June 26, 2022 Page 3
14 - The ———– is applying controls and safeguards that eliminate or reduce the remaining uncontrolled risk
a . Transference
b . Mitigation
c . Defense
d . Termination
15 - A recommended practice for the implementation of the IR plan document is to organize the contents so that
the first page contains the —— actions.
a . before attack
b . training
c . during attack
d . testing
a . placed on standby
b . not activated
c . placed on alert
d . activated
17 - The —— of an organization defines the roles and responsibilities for incident response by the CSIRT and
others who will be mobilized in the activation of the plan.
a . CSIRT policy
b . IR plan
c . IR procedures
d . IR policy
18 - The incident response policy element of —— states that the policy must use concrete language that directs
behavior and avoid statements that are subject to individual interpretation.
a . functionality
b . realism
c . enforceability
d . clarity
19 - The CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or
disaster had occurred is called a ———-.
a . desk check
b . simulation
c . structured walk-through
d . full-interruption test
20 - What is a description of a potential attack that includes as much information as the IRPT can document on
the most likely attack methods and attack points?
a . CSIRT
b . Attack scenario end case
c . Malicious Code
d . Attack scenario
ICS 606: Business Continuity and Risk Management, Second Chance Exam, June 26, 2022 Page 4
a) What are the five basic strategies used to control risk? Define ea ch.
b) What is disk striping, and how might it be considered the opposite of disk mirroring?
c) What are the three sets of time-based procedures that are often part of the IR planning process?
ICS 606: Business Continuity and Risk Management, Second Chance Exam, June 26, 2022 Page 5
a) Describe the business model of your business unit (IT Department, Medical Department and Financial De-
partment) in a few sentences. Mention 2 departments only for each business unit. NO EXTRA POINTS
WILL BE GRADED.
b) Describe what kind of assets is essential for your business, such as personnel, IT equipment and Information
technology. Mention 4 assets only for your suggested business model in each business unit. NO EXTRA
POINTS WILL BE GRADED.
c) Prioritize 2 assets only based on the importance of its contribution on the business. NO EXTRA POINTS
WILL BE GRADED.
ICS 606: Business Continuity and Risk Management, Second Chance Exam, June 26, 2022 Page 6
d) Describe possible threats scenarios/attack vectors that may affect 4 assets only. NO EXTRA POINTS
WILL BE GRADED.
e) Find 4 security measurements that can protect against the aforementioned threats/attacks.
ICS 606: Business Continuity and Risk Management, Second Chance Exam, June 26, 2022 Page 7
Scratch paper
ICS 606: Business Continuity and Risk Management, Second Chance Exam, June 26, 2022 Page 8
Scratch paper