USA: +1(669)289-8683 
Sign in
1) The process of planning, organizing, directing and controlling the monetary activities of anorganization and the use of its funds is known as:
A. Management Accounting
B. Budgeting
C. Financial management
D. None of the listed choices
2) The measurement of the rate at which the cash flows out of the business is known as:
A. Budgeting
B. Expense charting
C. Cost management
D. Burn rate
3) To determine the value of information and assets if impacted by a breach of security or data loss
you would conduct a:
A. Risk assessment
B. Business Impact assessment
C. Profit/loss analysis
D. None of the listed choices are correct
4) Alternate processing sites that allows the restoration of systems to an alternate processing
site constitute a common strategy that supports_______
A. Disaster recovery planning
B. Supply chain continuity
C. Recovery point objective
D. Business continuity management
5) _______is money invested by a company to acquire or upgrade fixed, physical, nonconsumable assets such as buildings, equipment, or new business.
A. Capital Expenditure
B. The annual budget
C. Operating Expenditure
D. Liabilities
6) During the time that IT operations of the cybersecurity program in recovery mode,
the organization must continue to provide critical business functions, this is known as:
A. Disaster Recovery Planning
B. Business continuity management
C. Recovery point objective
D. Supply chain continuity
7) Which is the most important phase of the digital forensic investigation process?
A. Evidence collection
B. Evidence analysis
C. Investigation reporting
D. Evidence examination
8) What defines the response priority for a security incident within the context of other events and
incidents the security operations team is managing?
A. Business impact
B. Security guidelines
C. Security frameworks
D. Regulations
9) The overall design of an information security program, depicting its structural components,
interrelationships and design principles and guideline, is _______
A. A framework
B. A process maps
C. A network diagrams
D. An architecture
10) Money for ongoing costs related to running a product business, or systems is known as:
A. Capital expenditure
B. Liabilities
C. The annual budget
D. Operating expenditure
11)Which of the following is not a proactive approach to security?
A. Threat hunting
B. Vulnerability scanning
C. Event management
D. Penetrating Testing
12) The most important aspect of internal incident communication is to:
A. Reduce stress related to the incident
B. None of the listed choices are correct
C. Reinforce policies and standards for external communication
D. Keep personnel informed
13) When preparing a Disaster Recovery Plan there are several alternate recovery
site configurations available for the CISO to select from, which of the following are ranked in
order from the fastest to slowest to begin processing with?
A. Hot site, redundant site, warm site
B. Hot site, warm site, redundant site
C. Warm site, redundant site, hot site
D. Redundant site, hot site, warm site
14) What formally creates a project?
A. Creating a project charter
B. Project feasibility assessment
C. Project execution
D. Project planning
15) Incident______ forms the basis of an organization’s ability to respond effectively to computer
security incidents.
A. Analysis
B. Containment
C. Response
D. Recovery
16) Business Impact Analysis (BIA) determines your company has a process with Recovery
Point Object (RPO) of 10 minutes and has a Recovery Time Objective (RTO) of 2 minutes. This requires a
backup schedule of ___?
A. 12 minuets
B. 2 minutes
C. 8 minutes
D. 10 minutes
17) A CISO would use this to extend the capability of a SIEM for a specific purpose or
to identify a specific outcome:
A. Normalization
B. Use case
C. DNS logs
D. Correlation
18) For the CISO, the security budget measures what?
A. The exchange of financial allocations for the security products and services supporting
the organizations.
B. The degree of controls that can be implemented
C. The maximum amount of money the CISO has to work with
D. The effectiveness of the information security program.
