Midterm True or False

¡Supera tus tareas y exámenes ahora con Quizwiz!

Risk management is responding to a negative event when it occurs

True

Deterrent controls identify that a threat has landed in your system.

False

Most enterprises are well prepared for a disaster should one occur.

False

Risk refers to the amount of harm a threat exploiting a vulnerability can cause.

False

The Sarbanes Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.

False

The term risk methodology refers to a list of identified risks that results from the risk identification process.

False

The System/Application Domain holds all the mission-critical systems, application and data.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

The main goal of a hacker is to steal or compromise IT assets and potentially steal data.

True

The primary steps to disaster recovery include the safety of individuals, containing the damage, and assessing the damage and beginning the recovery operations.

True

War driving involves looking for open or public wireless networks

True

With respect to IT security a risk can result in either positive or a negative effect.

True

A VPN router is a security appliance that is used to filter IP packets

False

Vishing is a type of wireless network attack.

False

The process of describing a risk scenario and then determining the degree of impact that event would have on business operations is quantitative risk analysis.

False

Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats.

True

With adequate security controls and defenses, an organization can often reduce its risk to zero.

False

Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm and performance.

True

A IT security policy framework is like an outline that identifies where security controls should be used.

True

A SYN attack floods a target with invalid or half open TCP connection requests.

True

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.

True

A vulnerability is any exposure that could allow a threat to be realized.

True

Access control lists (ACLs) are used to permit and deny traffic in an IP router.

True

An alteration threat violates information integrity.

True

Encrypting email communications is needed if you are sending confidential information within an email message through the public internet.

True

Falling to prevent an attack all but invites an attack.

True

If you are a publicly traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach.

True

Implementing and monitoring risk responses are part of the risk management process.

True

Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.

True

Organizations should start defining their IT security policy framework by defining an asset clarification policy.

True


Conjuntos de estudio relacionados

English Grade 12, Vocabulary Unit 11

View Set

Number the Stars Chapters 1 and 2

View Set

ABEKA: American Government Appendix Quiz H

View Set

POLS EXAM 2 Chapter 7 & 10, GSU POLS 1101 CH 13 Study Guide, POLS 1101: American Government Chapter 12 study guide, POLS Exam 2, Ch. 11 Study Guide

View Set

Psychology Chapter 1-4 Study Guide

View Set