CYBR 5300 Ch 4
According to NIST SP 800-14's security principles, security should ________. Select one: a. All of the above b. support the mission of the organization c. require a comprehensive and integrated approach d. be cost-effective
a. All of the above
Redundancy can be implemented at a number of points throughout the security architecture, such as in ________ Select one: a. All of the above b. proxy servers c. access controls d. firewalls
a. All of the above
The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees. Select one: a. accidental b. physical c. intentional d. external
a. accidental
A(n) _________ is a document containing contact information for the people to be notified in the event of an incident. Select one: a. alert roster b. emergency notification system c. call register d. phone list
a. alert roster
The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________." Select one: a. management b. implementation c. accreditation d. certification
a. management
A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years. Select one: a. strategic b. operational c. standard d. tactical
a. strategic
A fundamental difference between a BIA and risk management is that risk management focuses on identifying the threats, vulnerabilities, and attacks to determine which controls can protect the information, while the BIA assumes __________. Select one: a. controls have proven ineffective b. controls have failed c. controls have been bypassed d. All of the above
d. All of the above
_________ controls address personnel security, physical security, and the protection of production inputs and outputs. Select one: a. Managerial b. Operational c. Technical d. Informational
b. Operational
__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information. Select one: a. Domaining b. Redundancy c. Firewalling d. Hosting
b. Redundancy
_______often function as standards or procedures to be used when configuring or maintaining systems. Select one: a. ISSPs b. SysSPs c. ESSPs d. EISPs
b. SysSPs
When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems Select one: a. It was not as complete as other frameworks. b. The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799. c. The standard lacked the measurement precision associated with a technical standard. d. The standard was hurriedly prepared given the tremendous impact its adoption could have on industry information security controls.
b. The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.
A ____ site provides only rudimentary services and facilities. Select one: a. commercial b. cold c. warm d. hot
b. cold
Incident _________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident. Select one: a. containment strategy b. damage assessment c. incident response d. disaster assessment
b. damage assessment
Standards may be published, scrutinized, and ratified by a group, as in formal or ________standards. Select one: a. de facto b. de jure c. de formale d. de public
b. de jure
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____. Select one: a. remote journaling b. electronic vaulting c. off-site storage d. database shadowing
b. electronic vaulting
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________. Select one: a. blueprint b. standard c. policy d. plan
b. standard
Security __________ are the areas of trust within which users can freely communicate. Select one: a. layers b. domains c. rectangles d. perimeters
b. domains
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? Select one: a. Determine mission/business processes and recovery criticality b. Identify recovery priorities for system resources c. All of these are BIA stages d. Identify resource requirements
c. All of these are BIA stages
__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection. Select one: a. Best-effort b. Proxy c. Defense in depth d. Networking
c. Defense in depth
_______ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. Select one: a. Operational b. Technical c. Managerial d. Informational
c. Managerial
In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework that intends to allow organization to __________. Select one: a. assess progress toward a recommended target state b. communicate among local, state and national agencies about cybersecurity risk c. identify and prioritize opportunities for improvement within the context of a continuous and repeatable process d. None of these
c. identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization. Select one: a. operational b. Internet c. people d. technology
c. people
The ________is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts. Select one: a. ISSP b. GSP c. SysSP d. EISP
d. EISP
A security ________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization. Select one: a. model b. plan c. policy d. framework
d. framework
RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure. Select one: a. resistant b. replicated c. random d. redundant
d. redundant