Uncategorized

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following types of agreements is the most formal document that contains expectations about availability and other performance parameters between a service provider and a customer? A. Service-Level Agreement (SLA) B. Operational-Level Agreement (OLA) C. Memorandum of Understanding (MOU) D. Statement of Work (SOW) Correct Answer: A An MOU may cover the same items mentioned but is not a formal document. An OLA is between internal service organizations and does not involve customers.The service-level agreement (SLA) is between a service provider and a customer and documents in a formal manner expectations around availability, performance, and other parameters. An SOW is an addendum to a contract describing work to be performed. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Gordon is developing a business continuity plan for a manufacturing company’s IT operations. The company is located in North Dakota and currently evaluating the risk of earthquake. They choose to pursue a risk acceptance strategy. Which one of the following actions is consistent with that strategy? A. Purchasing Earthquake Insurance B. Relocating the Data Center to a Safer Area C. Documenting the Decision Making Process D. Reengineering the Facility to Withstand the Shock of an Earthquake Correct Answer: C In a risk acceptance strategy, the organization chooses to take no action other than documenting the risk. Purchasing insurance would be an example of risk transference. Relocating the data center would be risk avoidance. Reengineering the facility is an example of a risk mitigation strategy. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Ryan is reviewing the design of a new service that will use several offerings from a cloud service provider. The design depends upon some unique features offered only by that provider. What should concern Ryan the most about the fact that these service features are not available from other providers? A. Vendor Lock-In B. Interoperability C. Auditability D. Confidentiality Correct Answer: A Interoperability is the concern that services should be able to integrate and work well together. There is no indication that interoperability is at risk in this scenario. There is also no indication that the use of this vendor creates any special auditability or confidentiality concerns, making both of those options incorrect. The greatest risk in this situation is that the service offering will depend upon features provided only by a single vendor, preventing Ryan’s organization from moving to a different vendor and lock-ing them into their current provider. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...