官方习题第三版_在线真题试卷与模拟练习_官方习题第三版

更新时间：试题数量：购买人数：提供作者：

有效期：个月

章节介绍：共有个章节

我的练习

我的错题
(0道)

我的收藏
(0道)

我的斩题
(0道)

我的笔记
(0道)

专项练习

顺序练习 0 / 0

随机练习 自定义设置练习量

题型乱序 按导入顺序练习

模拟考试 仿真模拟

题型练习 按题型分类练习

易错题 精选高频易错题

学习资料 考试学习相关信息

搜索

题库预览

The Domer Industries risk assessment team recently conducted a qualitative risk assessment and developed a matrix similar to the one shown here. Which quadrant contains the risks that require the most immediate attention?
Domer Industries风险评估团队最近进行了定性风险评估，并开发了一个类似于此处所示的矩阵。哪个象限包含需要立即关注的风险？
（含图）

Tom is planning to terminate an employee this afternoon for fraud and expects that the meeting will be somewhat hostile. He is coordinating the meeting with human resources and wants to protect the company against damage. Which one of the following steps is most important to coordinate in time with the termination meeting?
汤姆计划今天下午解雇一名涉嫌欺诈的员工，并预计这次会议会有点敌意。他正在与人力资源部协调会议，希望保护公司免受损害。以下哪一个步骤对于及时与终止会议协调最为重要？

Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk management strategy did Rolando’s organiza-tion pursue?
罗兰多是一家大型企业的风险经理。该公司最近评估了加州泥石流对其在该地区运营的风险，并确定应对措施的成本超过了其可能实施的任何控制措施的好处。该公司选择在此时不采取任何行动。罗兰多的组织追求什么样的风险管理战略？

Helen is the owner of a U.S. website that provides information for middle and high school students preparing for exams. She is writing the site’s privacy policy and would like to ensure that it complies with the provisions of the Children’s Online Privacy Protection Act （COPPA）. What is the cutoff age below which parents must give consent in advance of the collection of personal information from their children under COPPA?
海伦是一家美国网站的所有者，该网站为准备考试的中学生提供信息。她正在撰写该网站的隐私政策，并希望确保其符合《儿童在线隐私保护法》（COPPA）的规定。父母在根据COPPA向子女收集个人信息之前必须给予同意的截止年龄是多少？

Tom is considering locating a business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region, shown here, and determines that the area he is considering lies within a 100-year flood plain. What is the ARO of a flood in this area?
汤姆正在考虑在佛罗里达州的迈阿密市中心建立一家公司。他查阅了此处所示区域的FEMA洪泛平原地图，并确定他所考虑的区域位于100年洪泛平原内。这个地区的洪水有多严重？
（含图）

You discover that a user on your network has been using the Wireshark tool, as shown here. Further investigation revealed that he was using it for illicit purposes. What pillar of information security has most likely been violated?
您发现您网络上的用户一直在使用Wireshark工具，如图所示。进一步调查显示，他将其用于非法目的。信息安全的哪个支柱最有可能受到侵犯？
（含图）

Alan is performing threat modeling and decides that it would be useful to decompose the system into the core elements shown here. What tool is he using?
Alan正在进行威胁建模，并认为将系统分解为此处所示的核心元素是有用的。他在用什么工具？
（含图）

Craig is selecting the site for a new data center and must choose a location somewhere within the United States. He obtained the earthquake risk map shown here from the United States Geological Survey. Which of the following would be the safest location to build his facility if he were primarily concerned with earthquake risk?
克雷格正在为一个新的数据中心选址，他必须选择美国境内的某个地方。他从美国地质调查局获得了此处所示的地震风险图。如果他主要关注地震风险，那么以下哪一项是建造他的设施最安全的地点？
（含图）
（Source: US Geological Survey）

Which type of business impact assessment tool is most appropriate when attempting to eval-uate the impact of a failure on customer confidence?
当试图评估失败对客户信心的影响时，哪种类型的业务影响评估工具最合适？

Ryan is a security risk analyst for an insurance company. He is currently examining a sce-nario in which a malicious hacker might use a SQL injection attack to deface a web server due to a missing patch in the company’s web application. In this scenario, what is the threat?
Ryan是一家保险公司的安全风险分析师。他目前正在检查一个sce nario，其中恶意黑客可能使用SQL注入攻击来破坏web服务器，因为该公司的web应用程序中缺少补丁。在这种情况下，威胁是什么？

Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort’s main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million.
亨利是美国中西部度假社区阿特伍德·兰登的风险经理。度假村的主要数据中心位于印第安纳州北部一个容易发生龙卷风的地区。亨利最近进行了重置成本分析，确定重建和重新配置数据中心将花费1000万美元。
Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood’s facility lies in an area where they are likely to experience a tornado once every 200 years.
亨利咨询了龙卷风专家、数据中心专家和结构工程师。他们共同确定，一场典型的龙卷风将对该设施造成约500万美元的损失。气象学家们确定阿特伍德的设施所在的地区很可能每200年发生一次龙卷风。
Based upon the information in this scenario, what is the exposure factor for the effect of a tornado on Atwood Landing’s data center?
根据本场景中的信息，龙卷风对阿特伍德兰德数据中心的影响的暴露系数是多少？

Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort’s main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million.
亨利是美国中西部度假社区阿特伍德·兰登的风险经理。度假村的主要数据中心位于印第安纳州北部一个容易发生龙卷风的地区。亨利最近进行了重置成本分析，确定重建和重新配置数据中心将花费1000万美元。
Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood’s facility lies in an area where they are likely to experience a tornado once every 200 years.
亨利咨询了龙卷风专家、数据中心专家和结构工程师。他们共同确定，一场典型的龙卷风将对该设施造成约500万美元的损失。气象学家们确定阿特伍德的设施所在的地区很可能每200年发生一次龙卷风。
Based upon the information in this scenario, what is the annualized rate of occurrence for a tornado at Atwood Landing’s data center?
根据本场景中的信息，阿特伍德兰德数据中心龙卷风的年发生率是多少？

Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort’s main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million.
亨利是美国中西部度假社区阿特伍德·兰登的风险经理。度假村的主要数据中心位于印第安纳州北部一个容易发生龙卷风的地区。亨利最近进行了重置成本分析，确定重建和重新配置数据中心将花费1000万美元。
Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood’s facility lies in an area where they are likely to experience a tornado once every 200 years.
亨利咨询了龙卷风专家、数据中心专家和结构工程师。他们共同确定，一场典型的龙卷风将对该设施造成约500万美元的损失。气象学家们确定阿特伍德的设施所在的地区很可能每200年发生一次龙卷风。
Based upon the information in this scenario, what is the annualized loss expectancy for a tor-nado at Atwood Landing’s data center?
根据本场景中的信息，阿特伍德着陆数据中心的龙卷风的年化损失预期是多少？

John is analyzing an attack against his company in which the attacker found comments embedded in HTML code that provided the clues needed to exploit a software vulnerability. Using the STRIDE model, what type of attack did he uncover?
John正在分析针对其公司的攻击，攻击者在攻击中发现嵌入HTML代码的注释，这些注释提供了利用软件漏洞所需的线索。使用步幅模型，他发现了什么类型的攻击？

Chris is worried that the laptops that his organization has recently acquired were modified by a third party to include keyloggers before they were delivereD.Where should he focus his efforts to prevent this?
Chris担心他的组织最近收购的笔记本电脑在交付前被第三方修改为包含键盘记录器。他应该把精力集中在哪里来防止这种情况？

In her role as a developer for an online bank, Lisa is required to submit her code for test-ing and review. After it passes through this process and it is approved, another employee moves the code to the production environment. What security management does this pro-cess describe?
作为在线银行的开发人员，Lisa需要提交代码进行测试和审查。在代码通过此流程并获得批准后，另一名员工将代码移动到生产环境中。这个过程描述了什么样的安全管理？

After completing the first year of his security awareness program, Charles reviews the data about how many staff completed training compared to how many were assigned the training to determine whether he hit the 95 percent completion rate he was aiming for. What is this type of measure called?
在完成第一年的安全意识课程后，Charles回顾了完成培训的员工人数与分配培训的员工人数的数据，以确定他是否达到了预期的95%的完成率。这种测量方法叫什么？

Which of the following is not typically included in a prehire screening process?
以下哪项通常不包括在雇用前筛选过程中?

Which of the following would normally be considered a supply chain risk? （Select all that apply.）
以下哪项通常被视为供应链风险？（选择所有适用项。）

Match the following numbered laws or industry standards to their lettered description:

将以下编号的法律或行业标准与其文字描述相匹配：

Laws and industry standards

法律和行业标准

1-GLBA

2-PCI DSS

3-HIPAA

4-SOX

Descriptions

I.A U.S. law that requires covered financial institutions to provide their customers with a privacy notice on a yearly basis一项美国法律，要求受保金融机构每年向其客户提供隐私通知

II.A U.S. law that requires internal controls assessments, including IT transaction flows for publicly traded companies要求进行内部控制评估的美国法律，包括上市公司的IT交易流

III.An industry standard that covers organizations that handle credit cards涵盖处理信用卡的组织的行业标准

IV.A U.S. law that provides data privacy and security requirements for medical information为医疗信息提供数据隐私和安全要求的美国法律

1 3 4 5 6 7 65

更多题库