USA: +1(669)289-8683 
Sign in
Attached please find the quizzes,it is about 18 in total,select the best among the choice
- Quiz #3: CCISO Domain #3Quiz
1) Alternate processing sites that allow the restoration of systems to an alternate processing site
constitute a common strategy that supports __________
A. Business continuity management
B. Recovery point objective
C. Disaster recovery planning
D. Supply chain continuity
2) The ________ should identify people within the organization who have authorization to declare
disaster.
A. Crisis management plan
B. Disaster recovery plan
C. Business continuity management plan
D. None of the listed choices are correct
3)What is the last phase of the Project Management Life cycle?
A. Project execution
B. Implement changes
C. Project closure
D. Report project performance
4) Which is the most important phase of the digital forensic investigation process?
A. Investigations reporting
B. Evidence collecting
C. Evidence examination
D. Evidence analysis
5) During the time that IT operations or the cybersecurity program is in recovery mode, the organization
must continue to provide critical business functions, this is known as:
A. Recovery point objective
B. Supply chain continuity
C. Disaster recovery planning
D. Business continuity management
6) The measurement of the rate at which cash flows out of the business is known as:
A. Expense charting
B. Budgeting
C. Burn rate
D. Cost management
7) Every organization must have a ________ in place to ensure employees are aware of the importance
of protecting sensitive information as well as how to identify and avoid social engineering attacks.
A. Email security policy
B. Employee handbook
C. CISO
D. Security awareness programs
8) How often should you update the security program’s strategic plan?
A. When directed by corporate leadership
B. When all goals are achieved
C. Annually
D. Continuously
9) To determine the value of information and assets if impacted by a breach of security or data loss you
would conduct a:
A. Business impact assessment
B. Profit/loss analysis
C. None of the listed choices are correct
D. Risk assessment
10) The overall design of an information security program, depicting its structural components,
interrelationships, and design principles and guidelines, is _______.
A. A process Map
B. A network Diagram
C. An architecture
D. A framework
11) When preparing a Disaster Recovery Plan there are several alternate recovery site configurations
available for the CISO to select from, which of the following are ranked in order from the fastest to
slowest to begin processing data?
A. Warm site, redundant site, hot site
B. Hot site, warm site, redundant site
C. Hot site, redundant site, warm site
D. Redundant site, hot site, warm site
12) The forensic investigation process must demonstrate that information handling procedures and
actions performed did not alter the original data through the custody chain. This does
not necessarily include:
A. Sealing the evidence with evidence tape
B. Traditional forensic process on media ( for example, DNA and latent prints)
C. Identification of evidence through recording of serial numbers and other details
D. Recording the name and contact information of those charged with maintaining a chain of
custody.
13) During an Incident response, how should the CISO technical personnel, legal cousel, and public
relations conduct external communications with the media?
A. Each speaks only to his or her specialty
B. Only the CISO speaks to the media
C. Each should speak to his or her specialty by providing input to a single representative of the
organization.
D. No one should speak to the media
14) A CISO would use this to extend the capability of a SIEM for a specific purpose or to identify
a specific outcome:
A. Use case
B. Correlation
C. Normalization
D. DNS logs
15) In a forensic investigation why is collection the most important phase?
A. The data is refined to find what is the most relevant while moving through the rest of the
process.
B. All listed choices are correct
C. The forensic investigation process requires collection of information as broadly as it makes
sense, more is better
D. The investigation cannot be improved at later phases if there is are problems with the collection
of evidence.
16) For the CISO, the security budget measures that?
A. The degree of controls that can be implemented
B. The exchange of financial allocations for the security products and services supporting the
organization
C. The effectiveness of the information security program
D. The maximum amount of the money the CISO has to work with
17) When testing incident response procedures what is not a recommended method?
A. Mildly interrupt business processes to add realism and involve non IT personnel.
B. Ensure members of the incident response team only use procedures documented in the incident
response plan.
C. Add as much realism as possible to the test
D. Select a scenario that poses the greatest risk to the organization
18) Business Impact Analysis (BIA) determines your company has process with a Recovery Point Object
(RPO) of 10 minutes and has a Recovery Time Object (RTO) of 2 minutes. This requires a backup
schedule of_______
A. 10 minutes
B. 2 minutes
C. 12 minutes
D. 8 minutes
