Info Ass. Chapter 6
What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)? a. An organization should collect only what it needs b. An organization should share its information c. An organization should keep its info up to date d. An organization should properly destroy its info when it's no longer needed
b. An organization should share its information
Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve? a. reduce operating costs b. access to a high level of expertise c. developing in-house talent d. building internal knowledge
b. access to a high level of expertise
Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)? a. seeking to gain unauthorized access to resources b. disrupting intended use of the internet c. enforcing the integrity of computer-based info d. compromising the privacy of users
c. enforcing the integrity of computer-based info
Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of? a. intimidation b. name dropping c. appeal for help d. phishing
d. phishing
What is NOT a goal of information security awareness programs? a. teach users about security objectives b. inform users about trends and threats in security c. motivate users to comply with security policy d. punish users who violate policy
d. punish users who violate policy
In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete? a. spiral b. agile c. lean d. waterfall
d. waterfall
In an accreditation process, who has the authority to approve a system for implementation? a. certifier b. authorizing official (AO) c. system owner d. system admin
b. authorizing official (AO)
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? a. baseline b. policy c. guideline d. procedure
a. baseline
Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data? a. formatting b. degaussing c. physical destruction d. overwriting
a. formatting
Which of the following would NOT be considered in the scope of organizational compliance efforts? a. laws b. company policy c. internal audit d. corporate culture
a. laws
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? a. identification b. authentication c. accountability d. authorization
d. authorization
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type? a. service level agreement (SLA) b. blanket purchase agreement (BPA) c. memorandum of understanding (MOU) d. interconnection security agreement (ISA)
a. service level agreement (SLA)
What is NOT a good practice for developing strong professional ethics? a. set the example by demonstrating ethics in daily activities b. encourage adopting ethical guidelines and standards c. assume that info should be free d. info users through security awareness training
c. assume that info should be free