CIS 359 Midterm Exam Set 2 CIS 359 Midterm Exam Set 2 | Page 2
10. A(n) ____ is used to anticipate, react to, and recover from events that threaten the security
of information and information assets in an organization; it is also used to restore the
organization to normal modes of business operations;
11. A ____ is a document that describes how, in the event of a disaster, critical business
functions continue at an alternate location while the organization recovers its ability to function
at the primary site.
12. ____ hack systems to conduct terrorist activities through network or Internet pathways.
13. ____ is the risk control approach that attempts to reduce the impact caused by the
exploitation of vulnerability through planning and preparation.
14. ____ ensures that only those with the rights and privileges to access information are able
to do so.
15. ____ is a risk control approach that attempts to shift the risk to other assets, other
processes, or other organizations.
16. A ____ attack seeks to deny legitimate users access to services by either tying up a server’s
available resources or causing it to shut down.
17. Information assets have ____ when authorized users - persons or computer systems - are
able to access them in the specified format without interference or obstruction.
18. The purpose of the ____ is to define the scope of the CP operations and establish
managerial intent with regard to timetables for response to incidents, recovery from disasters,
and reestablishment of operations for continuity.
19. The ____ job functions and organizational roles focus on protecting the organization’s
information systems and stored information from attacks.
20. The ____ is the point in time by which systems and data must be recovered after an outage
as determined by the business unit.
21. Within an organization, a(n) ____ is a group of individuals who are united by shared
interests or values and who have a common goal of making the organization function to meet
its objectives.
22. The ____ is used to collect information directly from the end users and business managers.
23. The final component to the CPMT planning process is to deal with ____.