Chapter 10 ■ Practice Test 2 245
6 7. Carol would like to implement a control that protects her organization from the momen-
tary loss of power to the data center. Which control is most appropriate for her needs?
A. Redundant servers
B. RAID
C. UPS
D. Generator
- Ben has encountered problems with users in his organization reusing passwords, despite
a requirement that they change passwords every 30 days. What type of password setting
should Ben employ to help prevent this issue?
A. Longer minimum age
B. Increased password complexity
C. Implement password history
D. Implement password length requirements - Chris is conducting a risk assessment for his organization and has determined the amount
of damage that a single flood could be expected to cause to his facilities. What metric has
Chris identified?
A. ALE
B. SLE
C. ARO
D. AV - The removal of a hard drive from a PC before it is retired and sold as surplus is an example
of what type of action?
A. Purging
B. Sanitization
C. Degaussing
D. Destruction - During which phase of the incident response process would an organization determine
whether it is required to notify law enforcement officials or other regulators of the
incident?
A. Detection
B. Recovery
C. Remediation
D. Reporting - What OASIS standard markup language is used to generate provisioning requests both
within organizations and with third parties?
A. SAML
B. SPML
C. X ACML
D. SOA