FINAL

¡Supera tus tareas y exámenes ahora con Quizwiz!

PCI only has one priority

False

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?

800

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?

Consumer

What is NOT one of the four main purposes of an attack?

Data correlation

A SOC 1 report primarily focuses on security.

False

A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

False

A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.

False

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and the plan reflects the company's priorities and structures.

False

A subnet mask is a partition of a network based on IP addresses.

False

Master's programs are generally broad and don't focus on a particular field of study.

False

Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.

False

Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

False

Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.

False

Risk refers to the amount of harm a threat exploiting a vulnerability can cause.

False

Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks.

False

Temporal isolation is commonly used in combination with rule-based access control.

False

The CISSP-ISSEP concentration requires that a candidate demonstrate two years of professional experience in the area of architecture.

False

The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems.

False

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.

False

The number of failed logon attempts that trigger an account action is called an audit logon event.

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False

What organization is focused on the requirements of auditors?

ISACA

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Parallel test

Under HIPPA Security rule, what types of safeguards must be implemented by all covered entities, regardless of the circumstances?

Required

Ben is working towards a position as a senior secuirty administrator and would like to earn his first Interntaiional Information Systems Seucrity Certification Consortium, Inc. (ISC) 2 certification. What certification is needed.

SSCP (Systems Security Certified Practioner)

What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4102?

Senior System Manager

Biyu is making arrangements to use a third-party service provider.

Service level agreement (SLA)

The CEO of Kelly's company recently fell victim to an attack.

Spear phishing

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

Threat

A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.

True

An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

True

Digital signatures require asymmetric key cryptography

True

During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.

True

HCISP) credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations.

True

SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.

True

The Baldridge National Quality Program is part of the National Institute of Standards and Technology (NIST).

True

The Internet Engineering Task Force (IETF) is a collection of working groups (WGs), and each working group addresses a specific topic.

True

The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.

True

The term risk methodology refers to a list of identified risks that result from the risk identification process.

True

The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.

True

A professional certification is typically offered as part of an evening curriculum that leads to a certificate of completion.

False

Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.

False

Cisco offers certifications only at the Associate, Professional, and Expert levels. True False

False

Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.

False

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

False

During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.

False

In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

False

Information Systems Security Certification Consortium, Inc. (ISC)2 is the baseline for federal and DoD work-role definitions.

False

The ISACA Certified in Risk Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements

False

The Institute of Electrical and Electronics Engineers (IEEE) publishes or sponsors more than 13,000 standards and projects.

False

The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.

False

The first step in the risk management process is to monitor and control deployed countermeasures.

False

The four central components of access control are users, resources, actions, and features.

False

The four main areas in NIST SP 800-50 are awareness, training, certification, and professional development.

False

The four main types of logs that you need to keep to support security auditing include event, access, user, and security.

False

Jake has been asked to help test the business continuity plan at an offset location while the system at the main location is shut down. He is participating in a parallel test.

True

Special Publications (SPs) are standards created by the National Institute of Standards and Technology (NIST).

False

The Family Educational Rights and Privacy Act (FERPA) requires that specific information security controls be implemented to protect student records.

False

The asset protection policy defines an organization's data classification standard.

False

A successful business impact analysis (BIA) maps the context, the critical business functions, and the processes on which they rely.

True

The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).

True

The business impact Analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

Unified Threat maangement

URL filter, Content inspection, malware inspection

Authorization controls include biometric devices.

False

During the secure phase of a security review, you review and measure all controls to capture actions and changes on the sytem.

False

Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.

False

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

SOC 3


Conjuntos de estudio relacionados

Professional Nursing: Documentation

View Set

Purchasing and Materials Management Final

View Set

Processing of Data - DLMBDSA01 Unit 4

View Set

14 conscious and unconscious thought

View Set

Energy in the 21st Century Test #1

View Set

Mike Meyers' CompTIA Network+ - Chapter 9: Network Naming

View Set

Chapter 2 Exam - Life Provisions

View Set