164 Chapter 7 ■ Security Operations (Domain 7)
- You are working to evaluate the risk of flood to an area and consult the flood maps from
the Federal Emergency Management Agency (FEMA). According to those maps, the area
lies within a 200-year flood plain. What is the annualized rate of occurrence (ARO) of a
flood in that region?
A. 200
B. 0.01
C. 0.02
D. 0.005 - Which one of the following individuals poses the greatest risk to security in most well-
defended organizations?
A. Political activist
B. Malicious insider
C. Script kiddie
D. Thrill attacker - Veronica is considering the implementation of a database recovery mechanism recom-
mended by a consultant. In the recommended approach, an automated process will move
database backups from the primary facility to an offsite location each night. What type of
database recovery technique is the consultant describing?
A. Remote journaling
B. Remote mirroring
C. Electronic vaulting
D. Transaction logging - When designing an access control scheme, Hilda set up roles so that the same person does
not have the ability to provision a new user account and assign superuser privileges to an
account. What information security principle is Hilda following?
A. Least privilege
B. Separation of duties
C. Job rotation
D. Security through obscurity - Reggie recently received a letter from his company’s internal auditors scheduling the
kickoff meeting for an assessment of his group. Which of the following should Reggie not
expect to learn during that meeting?
A. Scope of the audit
B. Purpose of the audit
C. Expected timeframe
D. Expected findings - Which one of the following events marks the completion of a disaster recovery process?
A. Securing property and life safety
B. Restoring operations in an alternate facility