Another ITM Test

The changemanagement process includes __________ control and _________ control. Clearance, classification Document, data Hardware inventory, software development Configuration, change

Configuration, change

True or False: A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.

False

True or False: An organization does not have to comply with both regulatory standards and organizational standards.

False

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data? Formatting Degaussing Physical destruction Overwriting

Formatting

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking? Project initiation and planning Functional requirements and definition System design specification Operations and maintenance

Project initiation and planning

What is NOT a goal of information security awareness programs? Teach users about security objectives Inform users about trends and threats in security Motivate users to comply with security policy Punish users who violate policy

Punish users who violate privacy

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing? Job rotation Least privilege Need-to-know Separation of Duties

Separation of Duties

A (n) is a formal contract between your organization and an outside firm that details the specific services the firm will provide. Security event log Incident response Service-level-agreement (SLA) Compliance Report

Service Level Agreement (SLA)

True or False: A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

True

True or False: One advantage of using a security management firm for security monitoring is that it has a high level of expertise.

True

What is NOT a good practice for developing strong professional ethics? Set the example by demonstrating ethics in daily activities Encourage adopting ethical guidelines and standards Assume that information should be free Inform users through security awareness training

Assume that information should be free