CIS 3350 - Chapter 6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

numerical rating describing depth ....

(EAL)

Users must never leave sensitive information in plain view on an unattended desk or workstation A. Clean desk / clear screen policy B. Reactive change management C. Proactive change management D. Configuration control E. Change control

A. Clean desk / clear screen policy

Records of data that your operating system or application software automatically create A. Security Event Log B. Compliance Liaison C. Remediation D. Functional Policy

A. Security Even Log

A ____ is a formal contract between your organization and an outside firm that details the specific services the firm will provide. A. Security event log B. Incident response C. Service level agreement (SLA) D. Compliance report

A. Security Event Log

Mandated requirements for hardware and software solutions used to address security risk throughout an organization. A. Standards B. Procedures C. Baselines D. Guidelines

A. Standards

More and more organizations use the term _____ to describe the entire change and maintenance process for applications A. System Development Life Cycle (SDLC) B. System Life System (SLC) C. System Maintenance Life Cycle (SMLC) D. None of the above

A. System Development Life Cycle (SDLC)

Configurations management is the management of modifications made to the hardware, software, firmware, documentation, test plans, and test documentation of an automated system throughout the system life cycle. A. True B. False

A. True

Data classification is the responsibility of the person who owns the data. A. True B. False

A. True

Policy sets the tone and culture of the organization A. True B. False

A. True

Security administration is the group of individuals responsible for the planning design, implementation, and monitoring of an organization's security plan. A. True B. False

A. True

A _____ makes sure all your personnel are aware of--and complying with--the organization's policies A. Security Event Log B. Compliance Liaison C. Remediation D. Functional Policy

B. Compliance Liaison

An organization does not have to comply with both regulatory standards and organizational standards. A. True B. False

B. False

Assertions made by users about who they are A. Security Administration B. Identification C. Authorization D. Authentication E. Accountability

B. Identification

Systematic actions to accomplish a security requirement, process, or objective A. Standards B. Procedures C. Baselines D. Guidelines

B. Procedures

In 1989, the *IAB* issued a statement of policy about Internet ethics. This document is know as _____. A. OECD B. RFC 1087 C. *(ISC)^2* Code of Ethics Canons D. *(ISC)^2* Code of Ethics Preamble E. None of the above

B. RFC 1087

Management *responds* to changes in the business environment A. Clean desk / clear screen policy B. Reactive change management C. Proactive change management D. Configuration control E. Change control

B. Reactive change management

_____ involve the standardization of the hardware and software solutions used to address a security risk throughout the organization. A. Policies B. Standards C. Procedures D. Baselines

B. Standards

Which of the following is true of procedures?

B. They provide for places within the process to conduct assurance checks.

There are several types of software development methods, but almost all of them are based on the _____ model. A. Modification B. Waterfall C. Developer D. Integration

B. Waterfall

Input & Output

Black Box

After *identification*, during access control, this step proves the the claims made by the user. A. Security Administration B. Identification C. Authorization D. Authentication E. Accountability

C. Authentication

The permissions a legitimate user has on the system A. Security Administration B. Identification C. Authorization D. Authentication E. Accountability

C. Authorization

Basic configurations to ensure that they enforce the security minimums A. Standards B. Procedures C. Baselines D. Guidelines

C. Baselines

Management *initiates* the change to achieve a desired goal. A. Clean desk / clear screen policy B. Reactive change management C. Proactive change management D. Configuration control E. Change control

C. Proactive change management

Fixing something that is broken or defective A. Security Event Log B. Compliance Liaison C. Remediation D. Functional Policy

C. Remediation

The security program requires documentation of: A. The Security Process B. The policies, procedures, and guidelines adopted by the organization C. The authority of the persons responsible for security D. All of the above E. None of the above

D. All of the above

a A. Clean desk / clear screen policy B. Reactive change management C. Proactive change management D. Configuration control E. Change control

D. Configuration control

The change management process includes _____ control and ____ control. A. Clearance, classification B. Document, data C. Hardware inventory, software development D. Configuration, change

D. Configuration, change

Declares an organization's management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing. A. Security Event Log B. Compliance Liaison C. Remediation D. Functional Policy

D. Functional Policy

Recommendations for the purchase and use of acceptable products and systems. A. Standards B. Procedures C. Baselines D. Guidelines

D. Guidelines

_______ is the concept that users should be granted only the levels of permissions they need in order to perform their duties. A. Mandatory vacations B. Separation of duties C. Job rotation D. Principle of least privilege E. None of the above

D. Principle of least privilege

Tracking or logging what authenticated and unauthenticated users do while accessing the system A. Security Administration B. Identification C. Authorization D. Authentication E. Accountability

E. Accountability

The (ISC)^2 Code of Ethics Canons include which of the following statements A. "Protect society, the commonwealth, and the infrastructure." B. "Act honorably, honestly, justly, responsibly, and legally." C. "Provide diligent and competent service to principals." D. "Advance and protect the profession." E. All of the above

E. All of the above

The objectives of classifying information include which of the following? A. To identify data value in accordance with organizational policy B. To identify information-protection requirements C. To standardize classification labeling throughout the organization D. To comply with privacy law, regulations, and so on E. All of the above

E. All of the above

When developing software, you should ensure the application does which of the following? A. Has edit checks, range checks, validity checks, and other similar controls B. Checks user authorization C. Checks user authentication to the application D. Has procedures for recovering database integrity in the event of system failure E. All of the above

E. All of the above

Which of the following is an example of social engineering? A. An emotional appeal for help B. A phishing attack C. Intimidation D. Name-dropping E. All of the above

E. All of the above

Management of changes to the configuration un-managed changes introduces risk A. Clean desk / clear screen policy B. Reactive change management C. Proactive change management D. Configuration control E. Change control

E. Change Control

Functionally tested ______ is applicable where some confidence in correct operation is required, but the threats to security are not viewed as serious

EAL1

Formally verified design and tested _____ is applicable to the development of security TOEs for application in extremely high risk situations, and/or where the high value of the assets justifies the higher costs.

EAL7

Mandatory statement of evaluation criteria when determining whether TOE effectively meets claimed security functions

Functional Requirements

Specific actions an organization takes to ensure compliance with its policies, standards, baselines, procedures, and guidelines Managing your policies

Governance

The procedures maintain and monitor the technology, in order to enforce information security policies. What security procedures and practices are to be utilized?

Operational Management

group of individuals responsible for planning, designing, implementing, and monitoring an organization's security plan. A. Security Administration B. Identification C. Authorization D. Authentication E. Accountability

Security Administration

Mandatory statement of evaluation criteria when determining the assurance of TOEs

Security Assurance

Policies, Goals, Missions Why do security problems exist?

Security Management

Security blueprints are created through ______. They included defining tasks/responsibilities of personnel, how information needs are related to tasks, how information is shared, and the identification, valuation and classification of data assets How are security problems mitigated?

Tactical Management

Think Firewall

Target of Evaluation (TOE)

Look inside and look at the processes.

White Box Testing


Ensembles d'études connexes

Check your knowledge: AED for Adults

View Set

Old Testament Survey Unit 7 Quiz 1

View Set

Anatomy and Physiology chapter 11

View Set

Chapter 5: Digital Image Processing, Display, and Data Management

View Set

Chapter 5: Energy Efficiency and Renewable Energy

View Set

PE 150 - Healthy Wealthy and Wise

View Set

North Carolina regulations for health exam FX chapter quiz

View Set