CST2410 Quiz 4
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations. A. transfer control B. defend control C. accept control D. mitigate control
A
____ policies address the particular use of certain systems. A. Systems-specific B. General C. Network-specific D.Platform-specific
A
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. A. confidential B. secret C. top secret D. sensitive
A. confidential
The concept of competitive ____ refers to falling behind the competition. A. disadvantage B. drawback C. failure D. shortcoming
A. disadvantage
The ____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization. A. general B. agency C. issue-specific D. system-specific
A. general
The first phase of risk management is ____. A. risk identification B. design C. risk control D. risk evaluation
A. risk identification
Risk ____ is the application of controls to reduce the risks to an organization's data and information systems. A. management B. control C. identification D. security
B. control
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security. A. side view B. dumpster diving C. recycle diving D. garbage collection
B. dumpster diving
___ addresses are sometimes called electronic serial numbers or hardware addresses. A.HTTP B. IP C. DHCP D. MAC
D. MAC
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____. A. due diligence action B. best practice C. golden standard action D. standard of due care
D. standard of due care
