Quiz #4 Info Sec

¡Supera tus tareas y exámenes ahora con Quizwiz!

TRUE

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

FALSE

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

Simulation test

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

HIPAA

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?

Warm site

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

George is the risk manager for U.S federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

TRUE

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.

FALSE

Most enterprises are well prepared for a disaster should one occur.

TRUE

Remote wiping is device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

TRUE

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.

TRUE

Screen locks are a form of endpoint device security control.

TRUE

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

TRUE

The Gramm-Leach Billey Act (GLBA) addresses information security concerns in the financial industry.

TRUE

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

FALSE

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.

Business continuity plan (BCP)

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Family Education Rights and Privacy Act (FERPA)

What compliance regulation applies specifically to the education records maintained by schools about students?

Network firewall

What is NOT a commonly used endpoint security technique?

Ensure that everyone is safe

What is the first step in a disaster recovery effort?

Risk = Threat X Vulnerability

Which formula is typically used to describe the components of information security risks?

Moving to a warm site

Which one of the following is an example of a reactive disaster recovery control?

Access control lists

Which one of the following is the best example of an authorization control?

TRUE

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable

TRUE

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

TRUE

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.


Conjuntos de estudio relacionados

obstetrics/maternity practice quiz

View Set

Obj. 1.01 Nature of Marketing and Functioning

View Set

Chapter: 18 Sterilization and Disinfection

View Set

Exam I Money and the Financial Systems: Ch4

View Set

NASBA ELCP comprehensive exam UWYO

View Set

Indiana Life and Health Insurance Study Exam (xcelsolutions)

View Set

ATI Postpartum Physiological Assessments and Nursing Care

View Set