An organization is seeking to implement a hot site and wants to maintain a live database server at the backup site. Which of the following solutions will be the best for the organization?

A. Electronic vaulting

B. Remote journaling

C. Remote mirroring

D. Transaction logging

Perfect World Inc., provides its sales managers access to the company's network from remote locations. The sales managers use laptops to connect to the network. For security purposes, the company's management wants the sales managers to log on to the network using smart cards over a remote connection. Which of the following authentication protocols should be used to accomplish this?

A. Challenge Handshake Authentication Protocol (CHAP)

B. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

C. Open Shortest Path First (OSPF)

D. Extensible Authentication Protocol (EAP)

Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?

A. RCO

B. RTO

C. RPO

D. RTA

Which of the following statements about incremental backup are true? Each correct answer represents a complete solution. Choose two.

A. It is the fastest method of backing up data.

B. It is the slowest method for taking a data backup.

C. It backs up the entire database, including the transaction log.

D. It backs up only the files changed since the most recent backup and clears the archive bit.

In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?

A. In person attack

B. Third-party authorization attack

C. Impersonation attack

D. Important user posing attack

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Deliver security infrastructure solutions that support critical business initiatives. Which of the following methods will you use to accomplish these tasks?

A. Service-oriented architecture

B. Sherwood Applied Business Security Architecture

C. Service-oriented modeling framework

D. Service-oriented modeling and architecture

Which of the following protects against unauthorized access to confidential information via encryption and works at the network layer?

A. Firewall

B. NAT

C. MAC address

D. IPSec

An organization wants to allow a certificate authority to gain access to the encrypted data and create digital signatures on behalf of the user. The data is encrypted using the public key from a user's certificate. Which of the following processes fulfills the above requirements?

A. Key escrow

B. Key storage

C. Key revocation

D. Key recovery

You are the Security Administrator for a consulting firm. One of your clients needs to encrypt traffic. However, he has specific requirements for the encryption algorithm. It must be a symmetric key block cipher. Which of the following should you choose for this client?

A. PGP

B. SSH

C. DES

D. RC4

Which of the following authentication protocols sends a user certificate inside an encrypted tunnel?

A. PEAP

B. EAP-TLS

C. WEP

D. EAP-FAST

Which of the following LAN protocols use token passing for exchanging signals among various stations on the network? Each correct answer represents a complete solution. Choose two.

A. Ethernet (IEEE 802.3)

B. Token ring (IEEE 802.5)

C. Fiber Distributed Data Interface (FDDI)

D. Wireless LAN (IEEE 802.11b)

Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.

A. Dictionary attack

B. Mail bombing

C. Spoofing

D. Brute force attack