Cyber Security and Privacy Week 4 Nptel Answers 2024
Are you looking for Cyber Security and Privacy Week 4 NPTEL 2024 Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 4 assignment in the Cyber Security and Privacy course.
Cyber Security and Privacy Week 4 Nptel Answers (July-Dec 2024)
Session: JUL-DEC 2024
Q1.A facility that provides only rudimentary services, with no computer hardware or peripherals is known as: Cold site Hot site Warm site Service bureau
Answer:Cold site
Q2.The amount of effort necessary to make the business function operational after the technology element is recovered is known as: Recovery Time Objective Work Recovery Time Maximum Tolerable Downtime Recovery Point Objective
Q3.Contingency Planning includes: Incident response plan Disaster recovery plan Business continuity plan All the above
Answer:All the above
Q4.An investigation and assessment of the various adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning process, which includes a determination of how critical a system or set of information is to the organization’s core processes and recovery priorities is known as: Risk assessment Business impact analysis Crisis management Incident damage assessment
Q5.The process that prepares an organization to reestablish or relocate critical business operations during a disaster that affects operations at the primary site is known as: Business continuity planning Disaster recovery planning Strategic Planning Operational planning
Answer: Disaster recovery planning
Q6. Which level of Organizational Planning typically addresses day-to-day activities and tasks? Strategic Planning Tactical Planning Operational Planning Top Management Planning
Q7.The job function of the Chief Information Security Officer includes: Creating a strategic information security plan with a vision for the future of information security. Understanding fundamental business activities performed by the company and suggesting appropriate information security solutions that uniquely protect these activities. Improving the status of information security by developing action plans, schedules, budgets, status reports and top management communications All the above
Answer:All the above
Q8. What is the unit of analysis in the contingency planning approach? Business Assets Risk Assets Business Processes Risk Factors
Q9. Which of the following is not a possible incident indicator? Presence of unfamiliar files Unusual consumption of computing resources Unusual system crashes Activities at unexpected times
Answer: Activities at unexpected times
Q10. What is the purpose of conducting an After Action Review (AAR) in incident response? To review and improve the effectiveness of the DRP To review and improve the effectiveness of the BCP To review and improve the effectiveness of the IRP To notify law enforcement agencies
Answer:To review and improve the effectiveness of the IRP
These are Cyber Security and Privacy Week 4 Nptel Answers
Q1. Which term is used to describe detailed statements of what must be done to comply with policy? Policies Standards Ethics Governance
Answer: Standards
Q2. Management must use ——————-as the basis for all information security planning, design, and deployment. Standards Procedures Policies Best business practices
Answer: Policies
These are Cyber Security and Privacy Week 4 Nptel Answers
Q3. Which type of planning ensures that critical business functions continue if a catastrophic incident or disaster occurs? Business continuity planning (BCP) Contingency planning (CP) Business resumption planning (BRP) Disaster recovery planning (DRP)
Answer: Business continuity planning (BCP)
Q4. ————– policy can be separated into two general groups (a) managerial guidance and (b) technical specifications. Select the correct options Systems-Specific Security Issue-Specific Security Enterprise Information Security None of these
Answer: Systems-Specific Security
These are Cyber Security and Privacy Week 4 Nptel Answers
Q5. The actions taken during and after a disaster falls under —————- Impact assessment Risk management Crisis management Both (a) & (b)
Answer: Crisis management
Q6. Special Publication 800-14 of the National Institute of Standards and Technology (NIST) defines three types of security policy and chooses the Violations of Policy, Business continuity planning, Response planning A disaster recovery, Incident response planning, and Business continuity planning Issue-specific security, Systems-specific security, Enterprise information security Enterprise information security, Violations of Policy, Response planning
Answer: Issue-specific security, Systems-specific security, Enterprise information security
These are Cyber Security and Privacy Week 4 Nptel Answers
Q7. What are the elements of a business impact analysis? 1. Threat attack identification 2. Business unit analysis 3. Attack success scenario development 4. Potential damage assessment 5. Subordinate plan classification 6. Risk management 7. Disaster management The elements of a business impact analysis are: 1,2,3,4,5 correct 1,2,3,5,6 correct 2,3,5,6,7 correct All are correct
Answer: 1,2,3,4,5 correct
These are Cyber Security and Privacy Week 4 Nptel Answers
Q8. Access control lists (ACLs) that govern the rights and privileges of users consist of the 1. User access lists, 2. Matrices, 3. Capability, and 4. Dedicated hardware Choose the correct answer 1,2,3,4 are true 1,2,3 are true Only 4 is true All are true
Answer: 1,2,3 are true
Q9. The instructions a system administrator codes into a server, networking device, or a device to specify how it operates is called Administration rule Configuration rules Networking rules Security rule
Answer: Configuration rules
Q10. Information security safeguards focus on administrative planning, organizing, leading, and controlling and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management together known as Managerial controls Operational controls Technical controls None of these
Answer: Managerial controls
Q11. A lattice-based access control with rows of attributes associated with a particular subject such as a user is called Access control matrix Capabilities table Configuration table All of above
Answer: Capabilities table
These are Cyber Security and Privacy Week 4 Nptel Answers
