An “innocuous virus” is not a formally recognized type of computer virus. All viruses, by definition, are considered malicious because they replicate without authorization and potentially cause harm, whether immediate or latent.

Common types of viruses include:

Humorous (B): A virus designed to prank users without causing real harm (e.g., funny messages).

Hostile (C): Actively destructive or malicious.

Altering (D): Modifies system files or behaviors.

" Innocuous virus " (A) is a misnomer, making it the correct choice as " not " a virus type.

An “after action” review is a structured process following an incident, drill, or actual disaster, in which events are documented, timelines are reconstructed, and lessons learned are gathered. Its purpose is to identify what went well, what failed, and what can be improved in future responses.

Testing (A) refers to evaluating procedures before an event.

Quality assurance (B) focuses on performance and compliance but not necessarily post-event analysis.

" All of the above " (D) is incorrect because only after action includes all these specific elements.

Fidelity bonds specifically cover losses resulting from dishonest acts committed by employees, such as theft, fraud, or embezzlement. These are commonly used in financial institutions and other sectors where employees handle cash or sensitive assets.

Recruitment into jihadist or other terrorist movements typically involves identifying individuals vulnerable to radical ideology, indoctrinating them through propaganda and religious misinterpretation, and then training them for operational activities, including attacks or support roles.

The effectiveness of entry control systems is typically measured by:

Throughput (speed of entry)

False Acceptance Rate (FAR) — unauthorized access

False Rejection Rate (FRR) — denial of access to authorized users

These metrics provide insight into both the security and user experience of the access control system.

A (Cost) is relevant to budgeting, not effectiveness.

B (Activation delays) may affect throughput but isn’t a primary measure.

D (System obsolescence) relates to lifecycle, not effectiveness.

In risk management, " criticality " refers to the importance of an asset or process and the potential impact its loss would have—often measured in financial terms. It guides prioritization for protection and recovery planning.

B (Continuity) relates to maintaining operations.

C (Probability) measures likelihood of occurrence.

D (Vulnerability) describes exposure to risk, not financial impact.

A Business Impact Analysis is the correct process because it evaluates how disruptive events can affect critical operations, resources, and organizational continuity. While a risk assessment identifies threats, vulnerabilities, and likelihood, a Business Impact Analysis goes further by examining the operational consequences if a disruption actually occurs. In Human Resource and organizational management, this is important because security incidents can affect employee safety, staffing, communication, payroll, access control, and essential workplace functions. The analysis helps management prioritize critical services, allocate resources, and prepare recovery strategies to reduce downtime and organizational loss. The other options do not serve the same forward-looking planning purpose. Therefore, option D is correct because a Business Impact Analysis complements risk assessment by focusing on the real business and workforce impact of potentially disruptive events.

Organizational levels of terrorism are generally classified into:

Individual Terrorism (Lone-wolf actors)

Group Terrorism (Non-state groups like al-Qaeda, ISIS)

State Terrorism (When a state uses terror tactics on its own or others ' populations)

Modern terrorism refers more to the contemporary methods, tools, and global nature of terrorism—not a level of organization. Hence, it ' s not considered an " organizational level. "

Transportation terminals—such as airport cargo areas, seaports, and train yards—have implemented access controls that limit entry to underground or restricted zones. These security measures help prevent unauthorized access and protect critical infrastructure and high-value cargo.

Maritime operations (A) refer to port activities but not specifically to underground security.

Security measures (B) is too general.

Resealing (D) is not relevant to underground access control.

The distance from the camera to the gate is the straight-line distance, which must be calculated using the Pythagorean theorem since the camera is mounted above ground and the gate is a horizontal distance away.

Using the formula:

√(height² + horizontal distance²)

= √(40² + 30²)

= √(1600 + 900)

= √2500 = 50 feet

So, the focal length must accommodate a 50-foot (15-meter) distance.