312 76

ECCouncil 312-76 Exam QUESTION NO: 1 Which of the following tools in Helix Windows Live is used to reveal the
database password of password protected MDB files created using Microsoft Access or with Jet Database Engine? A. Asterisk logger B. FAU C. Access Pass View D. Galleta Answer: C Explanation:
QUESTION NO: 2 Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months and six months already passed. Management asks Mark that how often the project team is participating in the risk reassessment of this project. What should Mark tell management if he is following the best practices for risk management? A. At every status meeting of the project team, project risk management is an agenda item. B. Project risk management happens at every milestone. C. Project risk management has been concluded with the project planning. D. Project risk management is scheduled for every month in the 18-month project. Answer: A Explanation:
QUESTION NO: 3 You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help you in this? A. Quantitative analysis B. Estimate activity duration C. Risk identification D. Qualitative analysis Answer: D Explanation:
"Pass Any Exam. Any Time." - 100% Pass Guarantee
ECCouncil 312-76 Exam QUESTION NO: 4 Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each correct answer represents a part of the solution. Choose three. A. Guarantee the reliability of standby systems through testing and simulation. B. Protect an organization from major computer services failure. C. Minimize the risk to the organization from delays in providing services. D. Maximize the decision-making required by personnel during a disaster. Answer: A,B,C Explanation:
QUESTION NO: 5 Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster? A. Emergency management team B. Damage assessment team C. Off-site storage team D. Emergency action team Answer: D Explanation:
QUESTION NO: 6 Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large? A. CERT B. CSIRT C. FedCIRC D. FIRST Answer: D "Pass Any Exam. Any Time." - 100% Pass Guarantee 3
ECCouncil 312-76 Exam Explanation:
QUESTION NO: 7 You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called? A. Availability B. Non repudiation C. Confidentiality D. Data Protection Answer: B Explanation:
QUESTION NO: 8 Which of the following types of attacks occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts? A. Password guessing attack B. Dictionary attack C. Man-in-the-middle attack D. Denial-of-service attack Answer: C Explanation:
QUESTION NO: 9 Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian? A. The custodian makes the initial information classification assignments and the operations manager implements the scheme. B. The custodian implements the information classification scheme after the initial assignment by the operations manager. C. The data custodian implements the information classification scheme after the initial assignment by the data owner. D. The data owner implements the information classification scheme after the initial assignment by
ECCouncil 312-76 Exam the custodian. Answer: C Explanation:
QUESTION NO: 10 Which of the following cryptographic system services assures the receiver that the received message has not been altered? A. Authentication B. Confidentiality C. Non-repudiation D. Integrity Answer: D Explanation:
QUESTION NO: 11 Which of the following statements about disaster recovery plan documentation are true? Each correct answer represents a complete solution. Choose all that apply. A. The documentation regarding a disaster recovery plan should be stored in backup tapes. B. The documentation regarding a disaster recovery plan should be stored in floppy disks. C. The disaster recovery plan documentation should be stored onsite only. D. The disaster recovery plan documentation should be stored offsite only. Answer: A,D Explanation:
QUESTION NO: 12 Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity? A. RTA B. RPO C. RCO D. RTO "Pass Any Exam. Any Time." - 100% Pass Guarantee 5
ECCouncil 312-76 Exam Answer: D Explanation:
QUESTION NO: 13 Which of the following roles is responsible for the review and risk analysis of all the contracts on regular basis? A. The IT Service Continuity Manager B. The Configuration Manager C. The Supplier Manager D. The Service Catalogue Manager Answer: C Explanation:
QUESTION NO: 14 Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster? A. Emergency action team B. Emergency-management team C. Damage-assessment team D. Off-site storage team Answer: A Explanation:
QUESTION NO: 15 You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task? A. RAID-5 B. RAID-0 C. RAID-1 D. RAID-10
ECCouncil 312-76 Exam Answer: C Explanation:
QUESTION NO: 16 Fill in the blank with the appropriate number: RAID-________ is a combination of RAID-1 and RAID-0. A. 10 Answer: A Explanation:
QUESTION NO: 17 Which of the following control measures are considered while creating a disaster recovery plan? Each correct answer represents a part of the solution. Choose three. A. Detective measures B. Supportive measures C. Corrective measures D. Preventive measures Answer: A,C,D Explanation:
QUESTION NO: 18 Which of the following are some of the parts of a project plan? Each correct answer represents a complete solution. Choose all that apply. A. Risk identification B. Team members list C. Risk analysis D. Project schedule Answer: A,B,C,D Explanation:
ECCouncil 312-76 Exam QUESTION NO: 19 Which of the following statements are true about classless routing protocols? Each correct answer represents a complete solution. Choose two. A. The same subnet mask is used everywhere on the network. B. They extend the IP addressing scheme. C. IGRP is a classless routing protocol. D. They support VLSM and discontiguous networks. Answer: B,D Explanation:
QUESTION NO: 20 Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention? A. Snooping B. Patent C. Utility model D. Copyright Answer: B Explanation:
QUESTION NO: 21 Availability Management deals with the day-to-day availability of services. Which of the following takes over when a 'disaster' situation occurs? A. Capacity Management B. Service Level Management C. Service Continuity Management D. Service Reporting Answer: C Explanation:
QUESTION NO: 22 IT Service Continuity Management (ITSCM) is used to support the overall Business Continuity "Pass Any Exam. Any Time." - 100% Pass Guarantee 8
ECCouncil 312-76 Exam Management (BCM) in order to ensure that the required IT infrastructure and the IT service provision are recovered within an agreed business time scales. Which of the following are the benefits of implementing IT Service Continuity Management? Each correct answer represents a complete solution. Choose all that apply. A. It prioritizes the recovery of IT services by working with BCM and SLM. B. It minimizes costs related with recovery plans using proper proactive planning and testing. C. It confirms competence, impartiality, and performance capability of an organization that performs audits. D. It minimizes disruption in IT services when it follows a major interruption or disaster. Answer: A,B,D Explanation:
QUESTION NO: 23 You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident? A. Eradication B. Identification C. Containment D. Recovery Answer: A Explanation:
QUESTION NO: 24 Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology? A. Recovery Consistency Objective B. Recovery Time Objective C. Recovery Point Objective D. Recovery Time Actual Answer: B Explanation:
ECCouncil 312-76 Exam QUESTION NO: 25 Which of the following options is an intellectual property right to protect inventions? A. Snooping B. Patent C. Copyright D. Utility model Answer: D Explanation:
QUESTION NO: 26 Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement? A. AES B. DES C. IDEA D. PGP Answer: B Explanation:
QUESTION NO: 27 Which of the following is the simulation of the disaster recovery plans? A. Walk-through test B. Full operational test C. Paper test D. Preparedness test Answer: B Explanation:
QUESTION NO: 28 You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be "Pass Any Exam. Any Time." - 100% Pass Guarantee 10
ECCouncil 312-76 Exam available to share information on the project risks? A. Communications Management Plan B. Resource Management Plan C. Risk Management Plan D. Stakeholder management strategy Answer: A Explanation:
QUESTION NO: 29 Which of the following levels of RAID provides security features that are availability, enhanced performance, and fault tolerance? A. RAID-10 B. RAID-5 C. RAID-0 D. RAID-1 Answer: A Explanation:
QUESTION NO: 30 Which of the following backup sites takes the longest recovery time? A. Cold backup site B. Hot backup site C. Warm backup site D. Mobile backup site Answer: A Explanation:
QUESTION NO: 31 Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined
11
ECCouncil 312-76 Exam steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system? A. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps B. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system C. Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces D. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces Answer: D Explanation:
QUESTION NO: 32 Which of the following defines the communication link between a Web server and Web applications? A. IETF B. Firewall C. PGP D. CGI Answer: D Explanation:
QUESTION NO: 33 Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation? A. Disaster Recovery Plan B. Continuity Of Operations Plan C. Business Continuity Plan D. Contingency Plan Answer: D Explanation:
12
ECCouncil 312-76 Exam
QUESTION NO: 34 Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions? Each correct answer represents a complete solution. Choose all that apply. A. FCIP write acceleration B. IVR C. FCIP compression D. SAN extension tuner Answer: B,C Explanation:
QUESTION NO: 35 Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate? A. Configuration identification B. Configuration control C. Configuration auditing D. Documentation control Answer: D Explanation:
QUESTION NO: 36 Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis? A. The IT Service Continuity Manager B. The Configuration Manager C. The Supplier Manager D. The Service Catalogue Manager Answer: C Explanation:
13
QUESTION NO: 37 Which of the following statements about a certification authority (CA) is true? A. It is a non-profit organization that sets security standards for e-commerce. B. It is a business-to-consumer (B2C) commerce model that is used for high-volume transactions. C. It is a trusted third-party organization that issues digital certificates to create digital signatures and public key pairs. D. It issues physical certificates that confirm the identity of entities. Answer: C Explanation:
QUESTION NO: 38 BS 7799 is an internationally recognized ISM standard that provides high level, conceptual recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of the following statements are true about BS 7799? Each correct answer represents a complete solution. Choose all that apply. A. BS 7799 Part 3 was published in 2005, covering risk analysis and management. B. BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. C. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005. D. BS 7799 Part 1 was adopted by ISO as ISO/IEC 27001 in November 2005. Answer: A,B,C Explanation:
QUESTION NO: 39 An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to? A. User password policy B. Backup policy C. Privacy policy D. Network security policy Answer: C "Pass Any Exam. Any Time." - 100% Pass Guarantee 14
QUESTION NO: 40 Which of the following disaster recovery tests includes the operations that shut down at the primary site, and are shifted to the recovery site according to the disaster recovery plan? A. Parallel test B. Simulation test C. Full-interruption test D. Structured walk-through test Answer: C Explanation:
QUESTION NO: 41 Fill in the blank with the appropriate phrase. ____________ privilege escalation is the process of attempting to access sources with a higher access, such as a user account trying to access admin privileges. A. Vertical Answer: A Explanation:
QUESTION NO: 42 Choose the steps involved in the general disaster recovery procedure.
A.
15
ECCouncil 312-76 Exam Answer: A Explanation:
QUESTION NO: 43 Which of the following backup sites is the best way for rapid recovery if you do not need the full recovery temporarily? A. Hot backup site B. Cold backup site C. Mobile backup site D. Warm backup site Answer: C Explanation:
QUESTION NO: 44
Which of the following subphases are defined in the maintenance phase of the life cycle models? Each correct answer represents a part of the solution. Choose all that apply. A. Change control B. Request control C. Release control D. Configuration control Answer: A,B,C Explanation:
QUESTION NO: 45 Fill in the blank: An ___________________ (AS) is a group of networks under a single administration and with single routing policies. A. Autonomous System
16
QUESTION NO: 46 Which of the following best describes the identification, analysis, and ranking of risks? A. Fixed-price contract B. Design of experiments C. Fast tracking D. Plan Risk management Answer: D Explanation:
QUESTION NO: 47 Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency? A. Occupant Emergency Plan B. Disaster Recovery Plan C. Cyber Incident Response Plan D. Crisis Communication Plan Answer: A Explanation:
QUESTION NO: 48 Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denial-of-service attacks, or unauthorized changes to system hardware, software, or data? A. Cyber Incident Response Plan B. Crisis Communication Plan C. Occupant Emergency Plan D. Disaster Recovery Plan Answer: A Explanation: "Pass Any Exam. Any Time." - 100% Pass Guarantee 17
QUESTION NO: 49 Which of the following BCP teams assesses the damage of the disaster in order to provide the estimate of the time required to recover? A. Emergency action team B. Off-site storage team C. Emergency management team D. Damage assessment team Answer: D Explanation:
QUESTION NO: 50 Fill the appropriate power supply form factor in the blank space. _________form factor is similar to LPX form factor in physical dimensions. A. ATX Answer: A Explanation:
QUESTION NO: 51 Which of the following are common applications that help in replicating and protecting critical information at the time of disaster? Each correct answer represents a complete solution. Choose all that apply. A. Asynchronous replication B. Synchronous replication C. Tape backup D. Disk mirroring Answer: A,B,C,D Explanation:
18
ECCouncil 312-76 Exam QUESTION NO: 52 Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? Each correct answer represents a part of the solution. Choose all that apply. A. To verify configuration records and correct any exceptions B. To account for all IT assets C. To provide precise information support to other ITIL disciplines D. To provide a solid base only for Incident and Problem Management Answer: A,B,C Explanation:
QUESTION NO: 53 Which of the following plans provides procedures for recovering business operations immediately following a disaster? A. Business recovery plan B. Continuity of operation plan C. Disaster recovery plan D. Business continuity plan Answer: A Explanation:
QUESTION NO: 54 Fill the measurement of SFX form factor style power supply in the blank space. The SFX form factor style power supply is ___________mm wide, mm deep, and mm in height. A. 100 Answer: A Explanation:
QUESTION NO: 55
19
ECCouncil 312-76 Exam You work as a senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management, you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items? A. Configuration auditing B. Configuration identification C. Configuration status accounting D. Configuration control Answer: B Explanation:
QUESTION NO: 56 You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control? A. Risk audits B. Qualitative risk analysis C. Quantitative risk analysis D. Requested changes Answer: D Explanation:
QUESTION NO: 57 Fill in the blank with the appropriate phrase. __________________ is the process of obtaining access using legitimate credentials, and then attempting to leverage that into access to unauthorized system resources. A. Privilege escalation Answer: A Explanation:
QUESTION NO: 58
20
ECCouncil 312-76 Exam Which of the following procedures can be broadly defined as the plan for the exchange of information before, during, or after a crisis event? A. Occupant Emergency Plan B. Crisis Communication Plan C. Cyber Incident Response Plan D. Disaster Recovery Plan Answer: B Explanation:
QUESTION NO: 59 Which of the following processes identifies the threats that can impact the business continuity of operations? A. Business impact analysis B. Function analysis C. Requirement analysis D. Risk analysis Answer: A Explanation:
QUESTION NO: 60 Which of the following measurements of a disaster recovery plan are aimed at avoiding an event from occurring? A. Corrective measures B. Detective measures C. Preventive measures D. Supportive measures Answer: C Explanation:
QUESTION NO: 61 Which of the following cryptographic system services ensures that the information will not be disclosed to any unauthorized person on a local network?
21
ECCouncil 312-76 Exam A. Non-repudiation B. Confidentiality C. Authentication D. Integrity Answer: B Explanation:
QUESTION NO: 62 Which of the following cryptographic system services proves a user's identity? A. Confidentiality B. Non-repudiation C. Integrity D. Authentication Answer: D Explanation:
QUESTION NO: 63 The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process? A. Setting up the initial position after an incident B. Organizing a solution to remove an incident C. Working with QA to validate security of the enterprise D. Building up an incident response kit Answer: D Explanation:
QUESTION NO: 64 Which methodology is a method to analyze the involved tasks in completing a given project, especially the time needed to complete each task, and identifying the minimum time needed to complete the total project? A. CPM
22
ECCouncil 312-76 Exam B. Gantt C. PERT D. FP Answer: C Explanation:
QUESTION NO: 65 Which of the following RAID levels provides fault tolerance? A. RAID-5 B. RAID-1 C. RAID-10 D. RAID-0 Answer: A Explanation:
QUESTION NO: 66 You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of the lack of space, casting is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following? A. Transference B. Mitigation C. Avoidance D. Acceptance Answer: A Explanation:
QUESTION NO: 67 Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing? A. Utility model B. Copyright
23
ECCouncil 312-76 Exam C. Snooping D. Patent Answer: C Explanation:
QUESTION NO: 68 Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity? A. Disaster Recovery Plan B. Business Continuity Plan C. Contingency Plan D. Continuity of Operations Plan Answer: B Explanation:
QUESTION NO: 69 Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy? A. Business impact assessment B. Scope and plan initiation C. Plan approval and implementation D. Business continuity plan development Answer: D Explanation:
QUESTION NO: 70 Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?
24
ECCouncil 312-76 Exam A. MessenPass B. Mail Pass View C. Asterisk Logger D. Access PassView Answer: A Explanation:
QUESTION NO: 71 Which of the following should the administrator ensure during the test of a disaster recovery plan?
A. Ensure that all client computers in the organization are shut down. B. Ensure that each member of the disaster recovery team is aware of their responsibility. C. Ensure that the plan works properly D. Ensure that all the servers in the organization are shut down. Answer: B,C Explanation:
QUESTION NO: 72 Which of the following governance bodies provides management, operational, and technical controls to satisfy the security requirements? A. Chief Information Security Officer B. Senior Management C. Business Unit Manager D. Information Security Steering Committee Answer: B Explanation:
QUESTION NO: 73 Against which of the following does SSH provide protection? Each correct answer represents a complete solution. Choose two. A. Broadcast storm B. Password sniffing "Pass Any Exam. Any Time." - 100% Pass Guarantee 25
ECCouncil 312-76 Exam C. DoS attack D. IP spoofing Answer: B,D Explanation:
QUESTION NO: 74 A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan? Each correct answer represents a complete solution. Choose all that apply. A. Risk identification B. Project schedule C. Risk analysis D. Team members list E. Security Threat Answer: A,B,C,D Explanation:
QUESTION NO: 75 Which of the following statements is related to residual risks? A. It is the probabilistic risk before implementing all security measures. B. It is the probabilistic risk after implementing all security measures. C. It can be considered as an indicator of threats coupled with vulnerability. D. It is a weakness or lack of safeguard that can be exploited by a threat. Answer: B Explanation:
QUESTION NO: 76 You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes? A. Mitigation B. Sharing "Pass Any Exam. Any Time." - 100% Pass Guarantee 26
ECCouncil 312-76 Exam C. Exploiting D. Acceptance Answer: B Explanation:
QUESTION NO: 77 You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task? A. Snow B. ImageHide C. Blindside D. Stealth Answer: D Explanation:
QUESTION NO: 78 Fill in the blank: A ___________plan is a plan devised for a specific situation when things could go wrong. A. contingency Answer: A Explanation:
QUESTION NO: 79 You are working as a Project Manager in your organization. You are nearing the final stages of project execution, and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control? A. Quantitative risk analysis B. Requested changes C. Risk audits D. Qualitative risk analysis Answer: B "Pass Any Exam. Any Time." - 100% Pass Guarantee 27
QUESTION NO: 80 Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives? System and data are validated. System meets all user requirements. System meets all control requirements. A. Definition B. Evaluation and acceptance C. Initiation D. Programming and training Answer: B Explanation:
QUESTION NO: 81 Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some servers have been restored with another server's data. What will Mark do to improve the disaster recovery plan? A. Maintain a hard copy of the data stored on the server. B. Remember which tape drive stores which server's data. C. Implement the cluster server. D. Maintain a printed tape backup report. Answer: D Explanation:
QUESTION NO: 82 John, a novice web user, makes a new e-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply.
28
ECCouncil 312-76 Exam A. Brute Force attack B. Dictionary attack C. Rule based attack D. Hybrid attack Answer: A,B,D Explanation:
QUESTION NO: 83 Which of the following backup sites is a replica of the original site of an organization with full computer systems as well as near-complete backups of user data? A. Hot backup site B. Warm backup site C. Mobile backup site D. Cold backup site Answer: A Explanation:
QUESTION NO: 84 Organizations must assess the safety of their workplaces and consider the ability of a business to continue despite risk impact. When assessing business continuity risks, the HR Professional must consider several different types of disasters, their probability, and impact on an organization. What category of disaster is best described as acts of terrorism, major thefts, sabotage, or labor disputes? A. Organized or deliberate disruptions B. System failures C. Environmental disasters D. Serious information security incidents Answer: A Explanation:
QUESTION NO: 85 Which of the following command line tools are available in Helix Live acquisition tool on Windows?
29
ECCouncil 312-76 Exam Each correct answer represents a complete solution. Choose all that apply. A. netstat B. whois C. cab extractors D. ipconfig Answer: A,C,D Explanation:
QUESTION NO: 86 Which of the following authorizes and documents all the changes in the IT Infrastructure and its components (Configuration Items) in order to maintain a minimum amount of interruptive effects upon the running operation? A. The IT Security Manager B. The Configuration Manager C. The Change Manager D. The Service Level Manager Answer: C Explanation:
QUESTION NO: 87 You work as a Network administrator for Infonet Inc. The company has 135 Windows XP Professional computers and twenty Windows 2003 Server computers. You want to specify the number of invalid logon attempts allowed before a user account is locked out. What will you do to accomplish the task? A. Reset Account Lockout Counter After policy. B. Set Account Lockout Threshold policy. C. Set Account Lockout Duration policy. D. Enforce Password Must Meet Complexity Requirements policy. Answer: B Explanation:
QUESTION NO: 88
30
ECCouncil 312-76 Exam Which of the following techniques is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients? A. DES B. IDEA C. PGP D. AES Answer: C Explanation:
QUESTION NO: 89 Drag and drop the appropriate team names in front of their respective responsibilities.
A. Answer: A Explanation:
QUESTION NO: 90 Joseph is a merchant. He lives in an area that is prone to natural disasters. What will he do to save his data from a disaster? A. Restore the data. B. E-mail the data. C. Print the data. D. Backup the data. Answer: D "Pass Any Exam. Any Time." - 100% Pass Guarantee 31
QUESTION NO: 91 Which of the following BCP teams deals with the key decision making and guides recovery teams and business personnel? A. Off-site storage team B. Emergency management team C. Damage assessment team D. Emergency action team Answer: B Explanation:
QUESTION NO: 92 Which of the following procedures is designed to contain data, hardware, and software that can be critical for a business? A. Disaster Recovery Plan B. Crisis Communication Plan C. Cyber Incident Response Plan D. Occupant Emergency Plan Answer: A Explanation:
QUESTION NO: 93 You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability? Each correct answer represents a part of the solution. Choose three. A. Recover at the primary operating site B. Recover to an alternate site for critical functions C. Restore full system after a catastrophic loss D. Restore full system at an alternate operating site Answer: A,B,C "Pass Any Exam. Any Time." - 100% Pass Guarantee 32
QUESTION NO: 94 You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed? A. Parallel test B. Full-interruption test C. Structured walk-through test D. Simulation test Answer: D Explanation:
QUESTION NO: 95 Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes? A. Contingency plan B. Disaster recovery plan C. Crisis communication plan D. Business continuity plan Answer: D Explanation:
QUESTION NO: 96 Which of the following refers to the ability to ensure that the data is not modified or tampered with?
A. Integrity B. Confidentiality C. Availability D. Non-repudiation Answer: A
33
QUESTION NO: 97 Which of the following BCP teams handles financial arrangement, public relations, and media inquiries at the time of disaster recovery? A. Applications team B. Software team C. Emergency management team D. Off-site storage team Answer: C Explanation:
QUESTION NO: 98 Fill in the blank with an appropriate phrase. The ___________ is concerned with rebuilding production processing and determining the criticality of data. A. recovery team Answer: A Explanation:
QUESTION NO: 99 Which of the following policies is related to the backup of data? A. Backup policy B. Network security policy C. User password policy D. Privacy policy Answer: A Explanation:
QUESTION NO: 100 "Pass Any Exam. Any Time." - 100% Pass Guarantee 34
ECCouncil 312-76 Exam Disaster recovery plan consists of various tiers for identifying the methods of recovering missioncritical computer systems that are necessary to support business continuity. All these tiers provide a simple method to define current service levels and associated risks. Choose and re-order the tiers of disaster recovery plan.
A. Answer: A Explanation:
QUESTION NO: 101 ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO 17799 domains? Each correct answer represents a complete solution. Choose all that apply. A. Business continuity management B. Information security policy for the organization C. Personnel security D. System architecture management E. System development and maintenance Answer: A,B,C,E Explanation:
QUESTION NO: 102 You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making? "Pass Any Exam. Any Time." - 100% Pass Guarantee 35
ECCouncil 312-76 Exam A. Containment B. Preparation C. Identification D. Eradication Answer: B Explanation:
QUESTION NO: 103 A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated? A. Security law B. Privacy law C. Trademark law D. Copyright law Answer: B Explanation:
QUESTION NO: 104 Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery? A. Emergency-management team B. Off-site storage team C. Software team D. Applications team Answer: A Explanation:
QUESTION NO: 105 Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three. "Pass Any Exam. Any Time." - 100% Pass Guarantee 36
ECCouncil 312-76 Exam A. Privacy B. Availability C. Integrity D. Confidentiality Answer: B,C,D Explanation:
QUESTION NO: 106 Which of the following ensures that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)? A. The IT Security Manager B. The Change Manager C. The Service Level Manager D. The Configuration Manager Answer: A Explanation:
QUESTION NO: 107 You are analyzing accounting information of a company. Which of the following components of configuration management should you use that involves periodic checks to determine the consistency and completeness of accounting information, and to verify that all configuration management policies are being followed? A. Configuration auditing B. Configuration identification C. Configuration control D. Configuration status accounting Answer: A Explanation:
QUESTION NO: 108 Which of the following measurements of a disaster recovery plan are aimed at detecting unwanted events?
37
ECCouncil 312-76 Exam A. Detective measures B. Corrective measures C. Supportive measures D. Preventive measures Answer: A Explanation:
QUESTION NO: 109 Which of the following stages of the business continuity planning life cycle focuses on the execution and testing of the individual solution designs developed? A. Testing and acceptance stage B. Solution design stage C. Analysis stage D. Implementation stage Answer: D Explanation:
QUESTION NO: 110 Which of the following types of agreement can be a legally binding formal or informal "contract"? A. Non-disclosure agreement B. Consulting agreement C. Cooperative agreement D. Service level agreement Answer: D Explanation:
QUESTION NO: 111 Which of the following tests ensures that the organization complies with the requirements of the disaster recovery plan? A. Parallel test B. Checklist test C. Simulation test "Pass Any Exam. Any Time." - 100% Pass Guarantee 38
ECCouncil 312-76 Exam D. Full-interruption test Answer: B Explanation:
QUESTION NO: 112 Which of the following contract types is described in the statement below? "The seller is reimbursed for all allowable costs for performing the contract work, and receives a fixed payment calculated as a percentage for the initial estimated project costs." A. Fixed Price Incentive Fee Contracts (FPIF) B. Cost Plus Fixed Fee Contracts (CPFF) C. Cost Plus Incentive Fee Contracts (CPIF) D. Firm Fixed Price Contracts (FFP) Answer: B Explanation:
QUESTION NO: 113 Which of the following processes is required for effective business continuity and disaster-recovery planning? A. Walk-through testing B. Paper testing C. Business impact assessment (BIA) D. Preparedness testing Answer: C Explanation:
QUESTION NO: 114 Which of the following parts of BS 7799 covers risk analysis and management? A. Part 2 B. Part 4 C. Part 1 D. Part 3
39
QUESTION NO: 115 Which of the following tests activates the total disaster recovery plan? A. Full-interruption test B. Structured walk-through test C. Checklist test D. Parallel test Answer: A Explanation:
QUESTION NO: 116 Which of the following documents helps disaster recovery team members in getting the alternate sites up and running? A. Technical guide B. Executive summary C. Department-specific plan D. Checklist Answer: A Explanation:
QUESTION NO: 117 Which of the following documents is necessary to continue the business in the event of disaster or emergency? A. Vital record B. Recourse record C. Legal value D. Fiscal value Answer: A Explanation:
40
ECCouncil 312-76 Exam QUESTION NO: 118 Which of the following scripts is included as a part of disaster recovery plan to confirm that everything is working as intended? A. Base-functionality script B. Recovery-plan script C. SQL Server Index Defrag script D. Transact-SQL script Answer: A Explanation:
QUESTION NO: 119 Which of the following documents provides a high-level view of the entire organization's disaster recovery efforts? A. Checklists B. Technical guides C. Executive summary D. Department-specific plans Answer: C Explanation:
QUESTION NO: 120 Which of the following processes helps to quantify the impact of potential threats to put a price or value on the cost of lost business functionality? A. Risk Identification B. Risk Analysis C. Risk Reassessment D. Risk Avoidance Answer: B Explanation:
QUESTION NO: 121 Which of the following administrative policy controls requires individuals or organizations to be "Pass Any Exam. Any Time." - 100% Pass Guarantee 41
ECCouncil 312-76 Exam engaged in good business practices relative to the organization's industry? A. Separation of duties B. Need to Know C. Segregation of duties D. Due care Answer: D Explanation:
QUESTION NO: 122 Which of the following processes is involved in identifying, measuring, and controlling events? A. Incident Management B. Response Management C. Disaster Recovery D. Risk Management Answer: D Explanation:
QUESTION NO: 123 Which of the following acts affects all public companies subject to US security laws? A. Gramm-Leach-Bliley Act of 1999 B. Health Insurance Privacy and Accountability Act (HIPAA) C. Sarbanes-Oxley Act of 2002 D. Federal Information Security Management Act Answer: C Explanation:
QUESTION NO: 124 Which of the following acts of information security governance affects the financial institutions? A. Sarbanes-Oxley Act of 2002 B. Health Insurance Privacy and Accountability Act (HIPAA) C. California Database Security Breach Information Act "Pass Any Exam. Any Time." - 100% Pass Guarantee 42
ECCouncil 312-76 Exam D. Gramm-Leach-Bliley Act of 1999 Answer: D Explanation:
QUESTION NO: 125 Which of the following modes of operation supports users with different clearances and data at various classification levels? A. Dedicated B. Limited Access C. Compartmented D. Multilevel mode Answer: D Explanation:
QUESTION NO: 126 Which of the following processes acts as a control measure that provides some amount of protection to the assets? A. Risk B. Countermeasure C. Vulnerability D. Safeguard Answer: D Explanation:
QUESTION NO: 127 In which of the following prototyping, a version of the system is built to check the requirements and is then discarded? A. Evolutionary prototyping B. Incremental prototyping C. Project prototyping D. Throw-away prototyping
43
QUESTION NO: 128 In which of the following prototyping, a prototype of a system is built and then evolves into the final system? A. Project prototyping B. Evolutionary prototyping C. Throw-away prototyping D. Incremental prototyping Answer: B Explanation:
QUESTION NO: 129 Which of the following terms best describes the presence of any potential event that causes an undesirable impact on the organization? A. Threat B. Risk C. Vulnerability D. Asset Answer: A Explanation:
QUESTION NO: 130 Which of the following DRP tests is plan distributed, and reviewed by the business units for its thoroughness and effectiveness? A. Functional drill B. Parallel test C. Walk-through drill D. Checklist review Answer: D
44
QUESTION NO: 131 Which of the following SSE-CMM security engineering Process Areas (PA) specifies the security needs? A. PA09 B. PA07 C. PA06 D. PA10 Answer: D Explanation:
QUESTION NO: 132 Which of the following provides a means of predicting the outcome of the next software project conducted by an organization? A. Software process capability B. Software process maturity C. Software process performance D. Software security engineering Answer: A Explanation:
QUESTION NO: 133 Which of the following SSE-CMM security engineering Process Areas (PA) provides the security input? A. PA06 B. PA09 C. PA07 D. PA08 Answer: B Explanation:
45
ECCouncil 312-76 Exam QUESTION NO: 134 Which of the following terms describes the determination of the effect of changes to the information system on the security of the information system? A. Verification B. Authentication C. Impact analysis D. Validation analysis Answer: C Explanation:
QUESTION NO: 135 Which of the following processes helps the organization to identify appropriate controls for reducing or eliminating risk during the risk mitigation process? A. Risk Assessment B. Risk Acceptance C. Risk Transference D. Risk Identification Answer: A Explanation:
QUESTION NO: 136 Which of the following components in a TCB acts as the boundary that separates the TCB from the remainder of the system? A. Abstraction B. Trusted path C. Trusted computer system D. Security perimeter Answer: D Explanation:
ECCouncil 312-76 Exam Which of the following TCB components is a hardware, firmware, and software element that implements the reference monitor concept? A. Security perimeter B. Security Kernel C. Trusted computer system D. Trusted path Answer: B Explanation:
QUESTION NO: 138 Which of the following terms describes the annually expected financial loss to an organization from a threat? A. Annualized Loss Expectancy (ALE) B. Annualized Rate of Occurrence (ARO) C. Exposure factor (EF) D. Single Loss Expectancy (SLE) Answer: A Explanation:
QUESTION NO: 139 Which of the following processes is NOT included in the risk mitigation? A. Risk planning B. Risk limitation C. Risk identi?cation D. Risk assumption Answer: C Explanation:
QUESTION NO: 140 Which of the following processes is used by organizations to set the risk tolerance, identify the potential risks, and prioritize the tolerance for risk?
47
ECCouncil 312-76 Exam A. Risk communication B. Risk identification C. Risk management D. Risk analysis Answer: C Explanation:
QUESTION NO: 141 Which of the following security procedures is related to the SDLC's implementation? A. Risk assessment B. Media sanitation C. Security accreditation D. Information preservation Answer: C Explanation:
QUESTION NO: 142 Which of the following security procedures is NOT related to the SDLC's disposition? A. Media sanitation B. Information preservation C. Hardware and software disposal D. Security certification Answer: D Explanation:
QUESTION NO: 143 Which of the following terms describes the determination of the effect of changes to the information system on the security of the information system? A. Validation analysis B. Impact analysis C. Authentication D. Verification "Pass Any Exam. Any Time." - 100% Pass Guarantee 48
ECCouncil 312-76 Exam Answer: B Explanation:
QUESTION NO: 144 Which of the following individuals considers risk management in IT planning, budgeting, and meeting system performance requirements? A. System and information owner B. Chief information officer C. Functional manager D. Senior manager Answer: B Explanation:
QUESTION NO: 145 Which of the following values must ensure that the Maximum Tolerable Period of Disruption (MTPD) for each activity is not exceeded? A. Recovery Plan Objective B. Recovery Point Objective C. Recovery Time Objective D. Recovery Impact Objective Answer: C Explanation:
QUESTION NO: 146 Which of the following values specifies the acceptable latency of data that will be recovered? A. Recovery Plan Objective B. Recovery Point Objective C. Recovery Time Objective D. Recovery Target Objective Answer: B Explanation: "Pass Any Exam. Any Time." - 100% Pass Guarantee 49
QUESTION NO: 147 Which of the following events occurs in a system when there is a TCB failure and the recovery procedures cannot return the system to a secure state? A. Fault tolerance B. Cold start C. Fail-over D. Fail-soft Answer: B Explanation:
QUESTION NO: 148 In which of the following scenarios is database backup transferred to a remote site in a bulk transfer fashion? A. Remote journaling B. Emergency response C. Remote mirroring D. Electronic vaulting Answer: D Explanation:
QUESTION NO: 149 Which of the following sites is a non-mainstream alternative to a traditional recovery site? A. Warm site B. Hot site C. Mobile site D. Cold site Answer: C Explanation:
50
ECCouncil 312-76 Exam QUESTION NO: 150 Which of the following is a compromise between hot and cold sites? A. Mutual site B. Warm site C. Mobile site D. Reciprocal site Answer: B Explanation:
QUESTION NO: 151 Which of the following types of storage requires some direct human action in order to make access to the storage media physically possible? A. Near-line B. Off-line C. On-line D. Far-line Answer: B Explanation:
QUESTION NO: 152 Which of the following steps has the goal to reduce the level of risk to the IT system and its data to an acceptable level? A. Recommended Controls B. Results Documentation C. Impact Analysis D. Risk Determination Answer: A Explanation:
QUESTION NO: 153
51
ECCouncil 312-76 Exam Who among the following has the ultimate responsibility for the protection of the organization's information? A. Senior management B. Application owner C. User D. Technology provider Answer: A Explanation:
QUESTION NO: 154 Which of the following Tier 1 policies will identify who is responsible for what? A. Scope B. Responsibilities C. Compliance or Consequences D. Topic Answer: B Explanation:
QUESTION NO: 155 Which of the following global (Tier 1) policies de?nes what speci?cally the policy is going to address? A. Responsibilities B. Scope C. Compliance or Consequences D. Topic Answer: D Explanation:
QUESTION NO: 156 Which of the following tasks is prioritized the most by the information security strategy?
52
ECCouncil 312-76 Exam A. Industry best practices B. Technology plans and deliverables C. Business goals and objectives D. Security metrics Answer: C Explanation:
QUESTION NO: 157 Which of the following actions can be performed by using the principle of separation of duties? A. Conducting background investigation B. Developing job descriptions C. Reducing the opportunity for fraud D. Identifying critical positions Answer: C Explanation:
QUESTION NO: 158 Which of the following functions is performed by change control? A. It tracks changes to system hardware, software, ?rmware, and documentation. B. It maintains visibility of changes to the system. C. It tracks and approves changes to system hardware, software, ?rmware, and documentation. D. It ensures that changes to the system are approved. Answer: C Explanation:
QUESTION NO: 159 Which of the following is a category of an automated Incident detection process? A. Catastrophe Theory B. Input detection C. Control theory
53
ECCouncil 312-76 Exam D. OODA looping Answer: A Explanation:
QUESTION NO: 160 Which of the following workforces works to handle the incidents in an enterprise? A. Z force B. IEEE Software Development Team C. Computer Emergency Response Team D. Computer Forensics Team Answer: C Explanation:
QUESTION NO: 161 Which of the following sets of incident response practices is recommended by the CERT/CC? A. Prepare, handle, and follow up B. Prepare, handle, and notify C. Prepare, notify, and follow up D. Notify, handle, and follow up Answer: A Explanation:
QUESTION NO: 162 Which of the following processes helps the business units to understand the impact of a disruptive event? A. Business impact assessment B. Business continuity plan development C. Scope and plan initiation D. Plan approval and implementation Answer: A Explanation:
54
QUESTION NO: 163 Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made? A. Identification phase B. Preparation phase C. Differential phase D. Eradication phase Answer: A Explanation:
QUESTION NO: 164 Which of the following sources is the best for developing Recovery Time Objectives (RTO)? A. Industry averages B. Tape restore data C. Business impact analysis D. Past recovery test results Answer: C Explanation:
QUESTION NO: 165 Which of the following processes hides one set of IP addresses used for internal traffic only while exposing a second set of addresses to external traffic? A. SIIT B. NAT C. NAT-PT D. NAPT-PT Answer: B Explanation:
ECCouncil 312-76 Exam Which of the following types of controls focuses on stopping a security breach from taking place in the ?rst place? A. Detection B. Containment C. Preventive D. Recovery Answer: C Explanation:
QUESTION NO: 167 Which of the following types of control gives an instance of the audit log? A. Preventive B. Detection C. Containment D. Recovery Answer: B Explanation:
QUESTION NO: 168 Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms? A. Behavior-based ID system B. Network-based ID system C. Signature-Based ID system D. Host-based ID system Answer: D Explanation:
QUESTION NO: 169 Which of the following systems commonly resides on a discrete network segment and monitors the traffic on that network segment?
56
ECCouncil 312-76 Exam A. Host-Based ID system B. Statistical Anomaly-Based ID system C. Signature-Based ID system D. Network-Based ID system Answer: D Explanation:
QUESTION NO: 170 Which of the following systems helps to detect the "abuse of privileges" attack that does not actually involve exploiting any security vulnerability? A. Signature-Based ID system B. Network-Based ID system C. Statistical Anomaly-Based ID system D. Host-Based ID system Answer: C Explanation:
QUESTION NO: 171 A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated? A. Security law B. Privacy law C. Trademark law D. Copyright law Answer: B Explanation:
QUESTION NO: 172 You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify the risks that will need a more in-depth analysis. Which of the following activities will help
57
ECCouncil 312-76 Exam you in this? A. Qualitative analysis B. Estimate activity duration C. Quantitative analysis D. Risk identification Answer: A Explanation:
QUESTION NO: 173 You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control? A. Quantitative risk analysis B. Risk audits C. Requested changes D. Qualitative risk analysis Answer: C Explanation:
QUESTION NO: 174 Fill in the blank: An______(AS) is a group of networks under a single administration and with single routing policies. A. Autonomous System Answer: A Explanation:
QUESTION NO: 175 You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed? "Pass Any Exam. Any Time." - 100% Pass Guarantee 58
ECCouncil 312-76 Exam A. Simulation test B. Parallel test C. Full-interruption test D. Structured walk-through test Answer: A Explanation:
QUESTION NO: 176 Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some servers have been restored with another server's data. What will Mark do to improve the disaster recovery plan? A. Maintain a hard copy of the data stored on the server. B. Maintain a printed tape backup report. C. Remember which tape drive stores which server's data. D. Implement the cluster server. Answer: B Explanation:
QUESTION NO: 177 Which of the following measurements of a disaster recovery plan are aimed at avoiding an event from occurring? A. Detective measures B. Corrective measures C. Supportive measures D. Preventive measures Answer: D Explanation:
QUESTION NO: 178 Fill in the blank: A______plan is a plan devised for a specific situation when things could go wrong. A. contingency "Pass Any Exam. Any Time." - 100% Pass Guarantee 59
QUESTION NO: 179 Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery? A. Software team B. Off-site storage team C. Emergency-management team D. Applications team Answer: C Explanation:
QUESTION NO: 180 Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster? A. Emergency action team B. Damage assessment team C. Off-site storage team D. Emergency management team Answer: A Explanation:
QUESTION NO: 181 Which of the following sub-processes of IT Service Continuity Management is used to make sure that all members of IT staff with responsibilities for fighting disasters are aware of their exactduties? A. ITSCM Training and Testing B. ITSCM Support C. ITSCM Review D. Design Services for Continuity Answer: B
60
QUESTION NO: 182 Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement? A. IDEA B. PGP C. DES D. AES Answer: C Explanation:
QUESTION NO: 183 Which of the following cryptographic system services assures the receiver that the received message has not been altered? A. Authentication B. Non-repudiation C. Confidentiality D. Integrity Answer: D Explanation:
QUESTION NO: 184 Fill in the blank with the appropriate number: RAID-______is a combination of RAID-1 and RAID-0. A. 10 Answer: A Explanation:
61
ECCouncil 312-76 Exam QUESTION NO: 185 Which of the following statements about a certification authority (CA) is true? A. It is a business-to-consumer (B2C) commerce model that is used for high-volume transacti ons. B. It is a non-profit organization that sets security standards for e-commerce. C. It issues physical certificates that confirm the identity of entities. D. It is a trusted third-party organization that issues digital certificates to create digital signatures and public key pairs. Answer: D Explanation:
QUESTION NO: 186 Which of the following are some of the parts of a project plan? Each correct answer represents a complete solution. Choose all that apply. A. Risk identification B. Project schedule C. Risk analysis D. Team members list Answer: A,B,C,D Explanation:
QUESTION NO: 187 You work as a Network administrator for Infonet Inc. The company has 135 Windows XP Professional computers and twenty Windows 2003 Server computers. You want to specify the number of invalid logon attempts allowed before a user account is locked out. What will you do to accomplish the task? A. Reset Account Lockout Counter After policy. B. Enforce Password Must Meet Complexity Requirements policy. C. Set Account Lockout Duration policy. D. Set Account Lockout Threshold policy. Answer: D Explanation:
62
ECCouncil 312-76 Exam QUESTION NO: 188 Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy? A. Business Continuity Strategy B. Index of Disaster-Relevant Information C. Disaster Invocation Guideline D. Availability/ ITSCM/ Security Testing Schedule Answer: A Explanation:
QUESTION NO: 189 Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing? A. Utility model B. Patent C. Snooping D. Copyright Answer: C Explanation:
QUESTION NO: 190 You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task? A. RAID-0 B. RAID-1 C. RAID-5 D. RAID-10 Answer: B Explanation:
63
ECCouncil 312-76 Exam QUESTION NO: 191 Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity? A. Continuity of Operations Plan B. Disaster Recovery Plan C. Business Continuity Plan D. Contingency Plan Answer: C Explanation:
QUESTION NO: 192 Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian? A. The custodian implements the information classification scheme after the initial assignment by the operations manager. B. The data owner implements the information classification scheme after the initial assignment by the custodian. C. The data custodian implements the information classification scheme after the initial assignment by the data owner. D. The custodian makes the initial information classification assignments and the operations manager implements the scheme. Answer: C Explanation:
QUESTION NO: 193 Which of the following statements about disaster recovery plan documentation are true? Each correct answer represents a complete solution. Choose all that apply. A. The documentation regarding a disaster recovery plan should be stored in backup tapes. B. The disaster recovery plan documentation should be stored offsite only. C. The documentation regarding a disaster recovery plan should be stored in floppy disks. D. The disaster recovery plan documentation should be stored onsite only. Answer: A,B Explanation:
64
ECCouncil 312-76 Exam QUESTION NO: 194 Which of the following plans provides procedures for recovering business operations immediately following a disaster? A. Business recovery plan B. Continuity of operation plan C. Business continuity plan D. Disaster recovery plan Answer: A Explanation:
QUESTION NO: 195 Which of the following cryptographic system services ensures that the information will not be disclosed to any unauthorized person on a local network? A. Non-repudiation B. Confidentiality C. Integrity D. Authentication Answer: B Explanation:
QUESTION NO: 196 You work as a senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management, you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items? A. Configuration status accounting B. Configuration identification C. Configuration auditing D. Configuration control Answer: B Explanation:
65
ECCouncil 312-76 Exam QUESTION NO: 197 Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives? l System and data are validated. l System meets all user requirements. l System meets all control requirements. A. Definition B. Initiation C. Programming and training D. Evaluation and acceptance Answer: D Explanation:
QUESTION NO: 198 John, a novice web user, makes a new e-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply. A. Dictionary attack B. Brute Force attack C. Rule based attack D. Hybrid attack Answer: A,B,D Explanation:
QUESTION NO: 199 Fill the measurement of SFX form factor style power supply in the blank space. The SFX form factor style power supply is______mm wide, ______mm deep, and______ mm in height. A. 100,125,63.5 Answer: A Explanation:
66
ECCouncil 312-76 Exam QUESTION NO: 200 Which of the following techniques is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients? A. PGP B. AES C. IDEA D. DES Answer: A Explanation:
QUESTION NO: 201 Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question? Each correct answer represents a part of the solution. Choose three. A. Maximize the decision-making required by personnel during a disaster. B. Guarantee the reliability of standby systems through testing and simulation. C. Protect an organization from major computer services failure. D. Minimize the risk to the organization from delays in providing services. Answer: B,C,D Explanation:
QUESTION NO: 202 You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes? A. Sharing B. Acceptance C. Exploiting D. Mitigation Answer: A "Pass Any Exam. Any Time." - 100% Pass Guarantee 67
QUESTION NO: 203 You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called? A. Non repudiation B. Data Protection C. Availability D. Confidentiality Answer: A Explanation:
QUESTION NO: 204 Which of the following should the administrator ensure during the test of a disaster recovery plan? A. Ensure that each member of the disaster recovery team is aware of their responsibility. B. Ensure that all the servers in the organization are shut down. C. Ensure that the plan works properly D. Ensure that all client computers in the organization are shut down. Answer: A,C Explanation:
QUESTION NO: 205 Which of the following statements are true about classless routing protocols? Each correct answer represents a complete solution. Choose two. A. They support VLSM and discontiguous networks. B. The same subnet mask is used everywhere on the network. C. They extend the IP addressing scheme. D. IGRP is a classless routing protocol. Answer: A,C Explanation:
68
QUESTION NO: 206 Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate? A. Configuration identification B. Documentation control C. Configuration auditing D. Configuration control Answer: B Explanation:
QUESTION NO: 207 Which of the following best describes the identification, analysis, and ranking of risks? A. Design of experiments B. Fast tracking C. Fixed-price contract D. Plan Risk management Answer: D Explanation:
QUESTION NO: 208 Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three. A. They can be mitigated by reviewing and taking responsible actions based on possible risks. B. They can be analyzed and measured by the risk analysis process. C. They are considered an indicator of threats coupled with vulnerability. D. They can be removed completely by taking proper actions. Answer: A,B,C Explanation:
69
ECCouncil 312-76 Exam QUESTION NO: 209 Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention? A. Snooping B. Utility model C. Copyright D. Patent Answer: D Explanation:
QUESTION NO: 210 Which of the following measurements of a disaster recovery plan are aimed at detecting unwanted events? A. Preventive measures B. Detective measures C. Supportive measures D. Corrective measures Answer: B Explanation:
QUESTION NO: 211 Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity? A. Business Continuity Plan B. Disaster Recovery Plan C. Continuity of Operations Plan D. Contingency Plan Answer: A Explanation:
QUESTION NO: 212 The Incident handling process implemented in an enterprise is responsible to deal with all the "Pass Any Exam. Any Time." - 100% Pass Guarantee 70
ECCouncil 312-76 Exam incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process? A. Organizing a solution to remove an incident B. Setting up the initial position after an incident C. Building up an incident response kit D. Working with QA to validate security of the enterprise Answer: C Explanation:
QUESTION NO: 213 Which of the following statements is related to residual risks? A. It is the probabilistic risk before implementing all security measures. B. It can be considered as an indicator of threats coupled with vulnerability. C. It is a weakness or lack of safeguard that can be exploited by a threat. D. It is the probabilistic risk after implementing all security measures. Answer: D Explanation:
QUESTION NO: 214 Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency? A. Occupant Emergency Plan B. Disaster Recovery Plan C. Cyber Incident Response Plan D. Crisis Communication Plan Answer: A Explanation:
QUESTION NO: 215 Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denial-of-service attacks, or unauthorized changes to system hardware, software, or data?
71
ECCouncil 312-76 Exam A. Cyber Incident Response Plan B. Crisis Communication Plan C. Occupant Emergency Plan D. Disaster Recovery Plan Answer: A Explanation:
QUESTION NO: 216 Which of the following BCP teams assesses the damage of the disaster in order to provide the estimate of the time required to recover? A. Emergency action team B. Off-site storage team C. Emergency management team D. Damage assessment team Answer: D Explanation:
QUESTION NO: 217 Fill the appropriate power supply form factor in the blank space. _________form factor is similar to LPX form factor in physical dimensions. A. ATX Answer: A Explanation:
QUESTION NO: 218 Which of the following are common applications that help in replicating and protecting critical information at the time of disaster? Each correct answer represents a complete solution. Choose all that apply. A. Asynchronous replication B. Synchronous replication C. Tape backup "Pass Any Exam. Any Time." - 100% Pass Guarantee 72
ECCouncil 312-76 Exam D. Disk mirroring Answer: A,B,C,D Explanation:
QUESTION NO: 219 Which of the following tests activates the total disaster recovery plan? A. Structured walk-through test B. Full-interruption test C. Parallel test D. Checklist test Answer: B Explanation:
QUESTION NO: 220 Which of the following documents provides a high-level view of the entire organization's disaster recovery efforts? A. Technical guides B. Executive summary C. Checklists D. Department-specific plans Answer: B Explanation:
QUESTION NO: 221 Which of the following documents is necessary to continue the business in the event of disaster or emergency? A. Legal value B. Recourse record C. Fiscal value D. Vital record Answer: D
73
QUESTION NO: 222 Which of the following processes helps to quantify the impact of potential threats to put a price or value on the cost of lost business functionality? A. Risk Reassessment B. Risk Identification C. Risk Analysis D. Risk Avoidance Answer: C Explanation:
QUESTION NO: 223 Which of the following processes involves reducing the risk until it reaches a level acceptable to an organization? A. Risk Mitigation B. Risk Transference C. Risk Avoidance D. Risk Acceptance Answer: A Explanation:
QUESTION NO: 224 Which of the following classification schemes is considered to be of a personal nature and is intended for company use only? A. Sensitive information B. Private information C. Public information D. Confidential information Answer: B Explanation:
74
QUESTION NO: 225 In which of the following DRP tests does a business unit management meet to review the plan? A. Simulation test B. Parallel test C. Structured walk-through test D. Full-interruption test Answer: C Explanation:
QUESTION NO: 226 In risk analysis, which of the following can be identified as a consequence of a disaster? A. Loss of stockholder confidence B. Loss of competitive edge C. Loss of operating capability D. Loss of goodwill Answer: C Explanation:
QUESTION NO: 227 Which of the following processes involves taking measures to alter or improve the risk position of an asset throughout the company? A. Risk transference B. Risk avoidance C. Risk reduction D. Risk acceptance Answer: C Explanation:
QUESTION NO: 228
75
ECCouncil 312-76 Exam Which of the following plans provides procedures for disseminating status reports to personnel and the public? A. Disaster Recovery Plan (DRP) B. Crisis Communication Plan (CCP) C. Emergency Response Plan (ERP) D. Cyber Incident Response Plan (CIRP) Answer: B Explanation:
QUESTION NO: 229 In which of the following managing styles does the manager supervise subordinates very closely and give detail directions? A. The coaching style B. The supporting style C. The delegating style D. The directing style Answer: D Explanation:
QUESTION NO: 230 Which of the following SSE-CMM security engineering Process Areas (PA) specifies the security needs? A. PA10 B. PA06 C. PA09 D. PA07 Answer: A Explanation:
QUESTION NO: 231 Which of the following TCB techniques involves viewing system components at a high level and ignoring or segregating its specific details?
76
ECCouncil 312-76 Exam A. Trusted computer system B. Security perimeter C. Abstraction D. Trusted path Answer: C Explanation:
QUESTION NO: 232 Which of the following processes measures the maturity level of the security program? A. Risk analysis B. GAP analysis C. Risk assessment D. Risk mitigation Answer: B Explanation:
QUESTION NO: 233 Which of the following maturity levels of the software CMM focuses on competent people and heroics? A. Initiating level B. Defined level C. Managed level D. Repeatable level Answer: A Explanation:
QUESTION NO: 234 Which of the following security procedures is related to the SDLC's implementation? A. Risk assessment B. Security accreditation C. Media sanitation D. Information preservation "Pass Any Exam. Any Time." - 100% Pass Guarantee 77
QUESTION NO: 235 Which of the following individuals incorporates risk assessment in training programs for the organization's personnel? A. Chief information officer B. Information system security officer C. Functional manager D. Security awareness trainer Answer: D Explanation:
QUESTION NO: 236 Which of the following parts of BS 7799 covers risk analysis and management? A. Part 4 B. Part 1 C. Part 2 D. Part 3 Answer: D Explanation:
QUESTION NO: 237 Which of the following activities includes initiation, development and acquisition, implementation and installation, operational maintenance, and disposal? A. Risk Management Framework B. Risk Management Life Cycle C. Capability Maturity Model (CMM) D. System Development Life Cycle (SDLC) Answer: D Explanation:
78
QUESTION NO: 238 Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data? A. Hot site B. Cold site C. Warm site D. Data site Answer: A Explanation:
QUESTION NO: 239 Which of the following system security policies is used to address specific issues of concern to the organization? A. Informative policy B. System-specific policy C. Program policy D. Issue-specific policy Answer: D Explanation:
QUESTION NO: 240 Which of the following statements are true about an APW (Air Pressurized Water) extinguisher? Each correct answer represents a complete solution. Choose all that apply. A. It is a golden color extinguisher that is filled with about 9.5 gallons (approx. 39 liters) of ordinary tap water. B. It uses water and pressure to stifle the heat of fire. C. It is also known as a class C fire extinguisher. D. It should never be used on grease fires, electrical fires, or class D fires. Answer: B,D Explanation: "Pass Any Exam. Any Time." - 100% Pass Guarantee 79
QUESTION NO: 241 Which of the following Tier 1 policies will identify who is responsible for what? A. Responsibilities B. Compliance or Consequences C. Scope D. Topic Answer: A Explanation:
QUESTION NO: 242 Which of the following actions can be performed by using the principle of separation of duties? A. Developing job descriptions B. Identifying critical positions C. Conducting background investigation D. Reducing the opportunity for fraud Answer: D Explanation:
QUESTION NO: 243 Which of the following phases is the first step towards creating a business continuity plan? A. Business Impact Assessment B. Plan Approval and Implementation C. Business Continuity Plan Development D. Scope and Plan Initiation Answer: D Explanation:
QUESTION NO: 244 Which of the following phases involves getting the final senior management signoff and creating "Pass Any Exam. Any Time." - 100% Pass Guarantee 80
ECCouncil 312-76 Exam enterprise-wide awareness of the plan? A. Business Impact Assessment B. Business Continuity Plan Development C. Plan Approval and Implementation D. Scope and Plan Initiation Answer: C Explanation:
QUESTION NO: 245 Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made? A. Differential phase B. Identification phase C. Preparation phase D. Eradication phase Answer: B Explanation:
QUESTION NO: 246 Which of the following sources is the best for developing Recovery Time Objectives (RTO)? A. Tape restore data B. Past recovery test results C. Industry averages D. Business impact analysis Answer: D Explanation:
QUESTION NO: 247 Which of the following systems commonly resides on a discrete network segment and monitors the traffic on that network segment? A. Host-Based ID system "Pass Any Exam. Any Time." - 100% Pass Guarantee 81
ECCouncil 312-76 Exam B. Signature-Based ID system C. Statistical Anomaly-Based ID system D. Network-Based ID system Answer: D Explanation:
QUESTION NO: 248 Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms? A. Host-based ID system B. Behavior-based ID system C. Network-based ID system D. Signature-Based ID system Answer: A Explanation:
QUESTION NO: 249 Which of the following tests activates the total disaster recovery plan? A. Structured walk-through test B. Full-interruption test C. Parallel test D. Checklist test Answer: B Explanation:
QUESTION NO: 250 Which of the following documents provides a high-level view of the entire organization's disaster recovery efforts? A. Technical guides B. Executive summary C. Checklists D. Department-specific plans
82
QUESTION NO: 251 Which of the following documents is necessary to continue the business in the event of disaster or emergency? A. Legal value B. Recourse record C. Fiscal value D. Vital record Answer: D Explanation:
QUESTION NO: 252 Which of the following processes helps to quantify the impact of potential threats to put a price or value on the cost of lost business functionality? A. Risk Reassessment B. Risk Identification C. Risk Analysis D. Risk Avoidance Answer: C Explanation:
QUESTION NO: 253 Which of the following processes involves reducing the risk until it reaches a level acceptable to an organization? A. Risk Mitigation B. Risk Transference C. Risk Avoidance D. Risk Acceptance Answer: A Explanation: "Pass Any Exam. Any Time." - 100% Pass Guarantee 83
QUESTION NO: 254 Which of the following classification schemes is considered to be of a personal nature and is intended for company use only? A. Sensitive information B. Private information C. Public information D. Confidential information Answer: B Explanation:
QUESTION NO: 255 In which of the following DRP tests does a business unit management meet to review the plan? A. Simulation test B. Parallel test C. Structured walk-through test D. Full-interruption test Answer: C Explanation:
QUESTION NO: 256 In risk analysis, which of the following can be identified as a consequence of a disaster? A. Loss of stockholder confidence B. Loss of competitive edge C. Loss of operating capability D. Loss of goodwill Answer: C Explanation:
ECCouncil 312-76 Exam Which of the following processes involves taking measures to alter or improve the risk position of an asset throughout the company? A. Risk transference B. Risk avoidance C. Risk reduction D. Risk acceptance Answer: C Explanation:
QUESTION NO: 258 Which of the following plans provides procedures for disseminating status reports to personnel and the public? A. Disaster Recovery Plan (DRP) B. Crisis Communication Plan (CCP) C. Emergency Response Plan (ERP) D. Cyber Incident Response Plan (CIRP) Answer: B Explanation:
QUESTION NO: 259 In which of the following managing styles does the manager supervise subordinates very closely and give detail directions? A. The coaching style B. The supporting style C. The delegating style D. The directing style Answer: D Explanation:
QUESTION NO: 260 Which of the following SSE-CMM security engineering Process Areas (PA) specifies the security needs?
85
ECCouncil 312-76 Exam A. PA10 B. PA06 C. PA09 D. PA07 Answer: A Explanation:
QUESTION NO: 261 Which of the following TCB techniques involves viewing system components at a high level and ignoring or segregating its specific details? A. Trusted computer system B. Security perimeter C. Abstraction D. Trusted path Answer: C Explanation:
QUESTION NO: 262 Which of the following processes measures the maturity level of the security program? A. Risk analysis B. GAP analysis C. Risk assessment D. Risk mitigation Answer: B Explanation:
QUESTION NO: 263 Which of the following maturity levels of the software CMM focuses on competent people and heroics? A. Initiating level B. Defined level C. Managed level "Pass Any Exam. Any Time." - 100% Pass Guarantee 86
ECCouncil 312-76 Exam D. Repeatable level Answer: A Explanation:
QUESTION NO: 264 Which of the following security procedures is related to the SDLC's implementation? A. Risk assessment B. Security accreditation C. Media sanitation D. Information preservation Answer: B Explanation:
QUESTION NO: 265 Which of the following individuals incorporates risk assessment in training programs for the organization's personnel? A. Chief information officer B. Information system security officer C. Functional manager D. Security awareness trainer Answer: D Explanation:
QUESTION NO: 266 Which of the following parts of BS 7799 covers risk analysis and management? A. Part 4 B. Part 1 C. Part 2 D. Part 3 Answer: D Explanation: "Pass Any Exam. Any Time." - 100% Pass Guarantee 87
QUESTION NO: 267 Which of the following activities includes initiation, development and acquisition, implementation and installation, operational maintenance, and disposal? A. Risk Management Framework B. Risk Management Life Cycle C. Capability Maturity Model (CMM) D. System Development Life Cycle (SDLC) Answer: D Explanation:
QUESTION NO: 268 Which of the following is a duplicate of the original site of an organization, with fully working systems as well as near-complete backups of user data? A. Hot site B. Cold site C. Warm site D. Data site Answer: A Explanation:
QUESTION NO: 269 Which of the following system security policies is used to address specific issues of concern to the organization? A. Informative policy B. System-specific policy C. Program policy D. Issue-specific policy Answer: D Explanation:
88
ECCouncil 312-76 Exam QUESTION NO: 270 Which of the following statements are true about an APW (Air Pressurized Water) extinguisher? Each correct answer represents a complete solution. Choose all that apply. A. It is a golden color extinguisher that is filled with about 9.5 gallons (approx. 39 liters) of ordinary tap water. B. It uses water and pressure to stifle the heat of fire. C. It is also known as a class C fire extinguisher. D. It should never be used on grease fires, electrical fires, or class D fires. Answer: B,D Explanation:
QUESTION NO: 271 Which of the following Tier 1 policies will identify who is responsible for what? A. Responsibilities B. Compliance or Consequences C. Scope D. Topic Answer: A Explanation:
QUESTION NO: 272 Which of the following actions can be performed by using the principle of separation of duties? A. Developing job descriptions B. Identifying critical positions C. Conducting background investigation D. Reducing the opportunity for fraud Answer: D Explanation:
QUESTION NO: 273 Which of the following phases is the first step towards creating a business continuity plan? "Pass Any Exam. Any Time." - 100% Pass Guarantee 89
ECCouncil 312-76 Exam A. Business Impact Assessment B. Plan Approval and Implementation C. Business Continuity Plan Development D. Scope and Plan Initiation Answer: D Explanation:
QUESTION NO: 274 Which of the following phases involves getting the final senior management signoff and creating enterprise-wide awareness of the plan? A. Business Impact Assessment B. Business Continuity Plan Development C. Plan Approval and Implementation D. Scope and Plan Initiation Answer: C Explanation:
QUESTION NO: 275 Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made? A. Differential phase B. Identification phase C. Preparation phase D. Eradication phase Answer: B Explanation:
QUESTION NO: 276 Which of the following sources is the best for developing Recovery Time Objectives (RTO)? A. Tape restore data B. Past recovery test results C. Industry averages
90
ECCouncil 312-76 Exam D. Business impact analysis Answer: D Explanation:
QUESTION NO: 277 Which of the following systems commonly resides on a discrete network segment and monitors the traffic on that network segment? A. Host-Based ID system B. Signature-Based ID system C. Statistical Anomaly-Based ID system D. Network-Based ID system Answer: D Explanation:
QUESTION NO: 278 Which of the following systems monitors the operating system detecting inappropriate activity, writing to log files, and triggering alarms? A. Host-based ID system B. Behavior-based ID system C. Network-based ID system D. Signature-Based ID system Answer: A Explanation:
QUESTION NO: 279 Which of the following cryptographic system services assures the receiver that the received message has not been altered? A. Authentication B. Confidentiality C. Non-repudiation D. Integrity
91
QUESTION NO: 280 Which of the following statements about disaster recovery plan documentation are true? Each correct answer represents a complete solution. Choose all that apply. A. The documentation regarding a disaster recovery plan should be stored in backup tapes. B. The documentation regarding a disaster recovery plan should be stored in floppy disks. C. The disaster recovery plan documentation should be stored onsite only. D. The disaster recovery plan documentation should be stored offsite only. Answer: A,D Explanation:
QUESTION NO: 281 Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity? A. RTA B. RPO C. RCO D. RTO Answer: D Explanation:
QUESTION NO: 282 Which of the following roles is responsible for the review and risk analysis of all the contracts on regular basis? A. The IT Service Continuity Manager B. The Configuration Manager C. The Supplier Manager D. The Service Catalogue Manager
92
ECCouncil 312-76 Exam Answer: C Explanation:
QUESTION NO: 283 Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster? A. Emergency action team B. Emergency-management team C. Damage-assessment team D. Off-site storage team Answer: A Explanation:
QUESTION NO: 284 You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task? A. RAID-5 B. RAID-0 C. RAID-1 D. RAID-10 Answer: C Explanation:
QUESTION NO: 285 Fill in the blank with the appropriate number: RAID-________ is a combination of RAID-1 and RAID-0. A. 10 Answer: A Explanation:
93
QUESTION NO: 286 Which of the following control measures are considered while creating a disaster recovery plan? Each correct answer represents a part of the solution. Choose three. A. Detective measures B. Supportive measures C. Corrective measures D. Preventive measures Answer: A,C,D Explanation:
QUESTION NO: 287 Which of the following are some of the parts of a project plan? Each correct answer represents a complete solution. Choose all that apply. A. Risk identification B. Team members list C. Risk analysis D. Project schedule Answer: A,B,C,D Explanation:
QUESTION NO: 288 Which of the following statements are true about classless routing protocols? Each correct answer represents a complete solution. Choose two. A. The same subnet mask is used everywhere on the network. B. They extend the IP addressing scheme. C. IGRP is a classless routing protocol. D. They support VLSM and discontiguous networks. Answer: B,D Explanation: "Pass Any Exam. Any Time." - 100% Pass Guarantee 94
QUESTION NO: 289 Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention? A. Snooping B. Patent C. Utility model D. Copyright Answer: B Explanation:
QUESTION NO: 290 Availability Management deals with the day-to-day availability of services. Which of the following takes over when a 'disaster' situation occurs? A. Capacity Management B. Service Level Management C. Service Continuity Management D. Service Reporting Answer: C Explanation:
95

312 76

Cargado por

Información del documento

Descripción original:

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

312 76

Cargado por

Copyright:

Formatos disponibles

ECCouncil 312-76 Exam QUESTION NO: 1 Which of the following tools in Helix Windows Live is used to reveal the

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam the custodian. Answer: C Explanation:

ECCouncil 312-76 Exam Answer: D Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Answer: C Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam

ECCouncil 312-76 Exam Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Answer: A Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Answer: A Explanation:

ECCouncil 312-76 Exam

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam A. Non-repudiation B. Confidentiality C. Authentication D. Integrity Answer: B Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam B. Gantt C. PERT D. FP Answer: C Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam C. Snooping D. Patent Answer: C Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam C. DoS attack D. IP spoofing Answer: B,D Explanation:

ECCouncil 312-76 Exam C. Exploiting D. Acceptance Answer: B Explanation:

ECCouncil 312-76 Exam Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Explanation:

ECCouncil 312-76 Exam Explanation:

A. Integrity B. Confidentiality C. Availability D. Non-repudiation Answer: A

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Explanation:

ECCouncil 312-76 Exam A. Containment B. Preparation C. Identification D. Eradication Answer: B Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam D. Full-interruption test Answer: B Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Answer: D Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam D. Gramm-Leach-Bliley Act of 1999 Answer: D Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Answer: D Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Explanation:

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

ECCouncil 312-76 Exam Answer: B Explanation:

ECCouncil 312-76 Exam

"Pass Any Exam. Any Time." - 100% Pass Guarantee

QUESTION NO: 153

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee

"Pass Any Exam. Any Time." - 100% Pass Guarantee