Security Program and Policies Ch 8
Which of the following statements best describes a security patch? A. A security patch is designed to fix a security vulnerability. B. A security patch is designed to add security features. C. A security patch is designed to add security warnings. D. A security patch is designed to fix code functionality.
A. A security patch is designed to fix a security vulnerability.
Which of the following statements best describes a system log? A. A system log is a record of allowed and denied events. B. A system log is a record of problem events only. C. A system log is a record of user productivity. D. A system log is a record of system codes.
A. A system log is a record of allowed and denied events.
Which of the following statements best describes authentication server logs? A. Authentication server logs capture user, group, and administrative activity. B. Authentication server logs capture bad HTML code. C. Authentication server logs capture SQL injection attempts. D. Authentication server logs capture web traffic.
A. Authentication server logs capture user, group, and administrative activity.
Which of the following is a component of an AV application? A. Definition files B. Handler C. Patch D. Virus
A. Definition files
Which of the following reasons best describes why independent security testing is recommended? A. Independent security testing is recommended because of the objectivity of the tester. B. Independent security testing is recommended because of the expertise of the tester. C. Independent security testing is recommended because of the experience of the tester. D. All of the above.
A. Independent security testing is recommended because of the objectivity of the tester.
Which of the following terms best describes the message transport protocol used for sending email messages? A. SMTP B. SMNP C. POP3 D. MIME
A. SMTP
What is the most important message to share with the workforce about "change"? A. The reason for the change B. The cost of the change C. Who approved the change D. Management's opinion of the change
A. The reason for the change
Which of the following terms best describes malware that is specifically designed to hide in the background and gather info over an extended period of time? A. Trojan B. APT C. Ransomware D. Zero-day exploit
B. APT
Which of the following terms best describes the Department of Defense project to develop a set of communications protocols to transparently connect computing resources in various geographical locations? A. DoDNet B. ARPANET C. EDUNET D. USANET
B. ARPANET
_________________ wait for remote instructions and are often used in DDoS attacks. A. APTs B. Bots C. DATs D. None of the above
B. Bots
SSAE16 audits must be attested to by a _____________. A. Certified Information System Auditor (CISA) B. Certified Public Accountant (CPA) C. Certified Information Systems Manager (CISM) D. Certified Information System Security Professional (CISSP)
B. Certified Public Accountant (CPA)
Open email relay service can be used to do which of the following? A. Secure messages B. Ensure message delivery C. Misappropriate resources D. Create blacklists
B. Ensure message delivery
Which two factors influence the type of SOP used? A. Cost and complexity B. Number of decisions and number of steps C. Language and age of the workforce D. Number of warnings and number of exceptions
B. Number of decisions and number of steps
The change control process starts with which of the following? A. Budget B. RFC submission C. Vendor solicitation D. Supervisor authorization
B. RFC submission
Which of the following statements best describes the testing of security patches? A. Security patches should never be tested because waiting to deploy is dangerous. B. Security patches should be tested prior to deployment, if possible. C. Security patches should be tested one month after deployment. D. Security patches should never be tested because they are tested by the vendor.
B. Security patches should be tested prior to deployment, if possible.
Which of the following statements best describes the action that should occur prior to implementing a change that has the potential to impact business processing? A. The impact should be communicated. B. The change should be thoroughly tested. C. A rollback or recovery plan should be developed. D. All of the above.
B. The change should be thoroughly tested.
In its native form, email is transmitted in _________. A. cipher text B. clear text C. hypertext D. meta text
B. clear text
Which of the following is true about documenting SOPs? A. It promotes business continuity. B. The documentation should be approved before publication and distribution. C. Both A and B. D. Neither A nor B.
C. Both A and B.
Which of the following terms best describes the process of assessing a service provider's reputation, financial statements, internal controls, and insurance coverage? A. Downstream investigation B. Standard of care C. Due diligence D. Outsource audit
C. Due diligence
Which of the following actions best describes the task that should be completed once backup media such as tape is no longer in rotation? A. It should be erased and reused. B. It should be recycled. C. It should physically be destroyed. D. It should be labeled as old and put in a supply closet.
C. It should physically be destroyed.
Which of the following statements best describes data replication? A. Replicated data needs to be restored from tape. B. Only administrators have access to replicated data. C. Replicated data is generally available in near or real time. D. Replication is expensive.
C. Replicated data is generally available in near or real time.
Which of the following is not a part of a malware defense-in-depth strategy? A. Security awareness B. Prevention controls C. Reverse engineering D. Detection controls
C. Reverse engineering
A _________________ can spread from one computer to another without requiring a host file to infect. A. virus B. Trojan C. worm D. rootkit
C. worm
Which of the following statements best describes a blended threat? A. A blended threat is designed to be difficult to detect. B. A blended threat is designed to be difficult to contain. C. A blended threat is designed to be difficult to eradicate. D. All of the above.
D. All of the above.
Service providers should be required to provide notification of which of the following types of incidents? A. Confirmed incidents B. Confirmed incidents by known criminals C. Confirmed incidents that have been reported to law enforcement D. Confirmed and suspected incidents
D. Confirmed and suspected incidents
Which of the following formats should be used when an SOP includes multiple decision-making steps? A. Simple B. Hierarchical C. Graphic D. Flowchart
D. Flowchart
Which of the following operating systems are vulnerable to malware? A. Apple OS only. B. Android OS only. C. Microsoft Windows OS only. D. Malware is operating system agnostic.
D. Malware is operating system agnostic.
Which of the following statements best describes trend analysis? A. Trend analysis is used to tie individual log entries together based on related information. B. Trend analysis is used to examine activity based on patterns. C. Trend analysis is used to compare log data to known bad activity. D. Trend analysis is used to identify activity over time.
D. Trend analysis is used to identify activity over time.
Which of the following statements best describes how users should be trained to manage their email? A. Users should click embedded email hyperlinks. B. Users should open unexpected email attachments. C. Users should access personal email from the office. D. Users should delete unsolicited or unrecognized emails.
D. Users should delete unsolicited or unrecognized emails.
Organizations that are considering storing legally protected data in "the cloud" should ________________________. A. contractually obligate the service provider to protect the data B. assume that the appropriate security controls are in place C. give their customers an option as to where data is stored D. only use cloud storage for data replication
D. only use cloud storage for data replication
