Info Sec

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is the first phase of the SecSDLC?

investigation

Which type of planning is used to organize the ongoing, day-to-day performance of tasks?

operational

Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives?

organization

What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

threats-vulnerabilities-assets worksheet

A clearly directed strategy flows from top to bottom rather than from bottom to top.

true

Small organizations spend more per user on security than medium- and large-sized organizations.

true

Which law extends protection to intellectual property, which includes words published in electronic formats?

U.S. copyright law

In which phase of the SecSDLC does the risk management task occur?

analysis

Corruption of information can occur only while information is being stored.

false

The authorization process takes place before the authentication process.

false

To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in 1996.​ ___________

false

What are the two general methods for implementing technical controls?

access control lists and configuration rules

Which of the following should be included in an InfoSec governance program?

an InfoSec risk management methodology

According to the C.I.A. triad, which of the following is a desirable characteristic for computer security?

availability

Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?

bull's-eye model

Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation?

centralized authentication

A senior executive who promotes the project and ensures its support, both financially and administratively, at the highest levels of the organization is needed to fill the role of a(n) ____________ on a development team.

champion

The individual responsible for the assessment, management, and implementation of information-protection activities in the organization is known as a(n) ____________.

chief information security officer

Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?

confidentiality

Which type of attack involves sending a large number of connection or information requests to a target?

denial-of-service (DoS)

Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls.

deterrence

A person or organization that has a vested interest in a particular aspect of the planning or operation of the organization is a stockbroker.

false

A prioritized lists of assets and threats can be combined with exploit information into a specialized report known as a TVA worksheet​. ____________

false

DoS attacks cannot be launched against routers.

false

Having an established risk management program means that an organization's assets are completely protected.

false

ISACA is a professional association with a focus on authorization, control, and security. ___________

false

InfraGard began as a cooperative effort between the FBI's Cleveland field office and local intelligence ​professionals.​ ___________

false

It is the responsibility of InfoSec professionals to understand state laws and standards. ____________

false

Legal assessment for the implementation of the information security program is almost always done by the information security or IT departments.

false

MAC addresses are considered a reliable identifier for devices with network interfaces, since they are essentially foolproof.

false

Since most policies are drafted by a single person and then reviewed by a higher-level manager, employee input should not be considered since it makes the process too complex.

false

The first step in solving problems is to gather facts and make assumptions.

false

The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables.

false

The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application.

false

Values statements should therefore be ambitious; after all, they are meant to express the aspirations of the organization.

false

The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following?

for political advantage

Which type of security policy is intended to provide a common understanding of the purposes for which an employee can and cannot use a resource?

issue-specific

Which of these is a systems development approach that incorporates teams of representatives from multiple constituencies, including users, management, and IT, each with a vested interest in the project's success?

joint application design

Any court can impose its authority over an individual or organization if it can establish which of the following?

jurisdiction

What is the final step in the risk identification process?

listing assets in order of importance

There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them?

malice

Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct?

managerial controls

Which of the following explicitly declares the business of the organization and its intended areas of operations?

mission statement

Which of the following variables is the most influential in determining how to structure an information security program?

organizational culture

An information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems is known as a(n)

penetration tester

A set of security tests and evaluations that simulate attacks by a malicious external source is known as ____________.

penetration testing

Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?

people

Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?

policy

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

policy review and modification

Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk?

risk assessment

Which of the following is an information security governance responsibility of the Chief Security Officer?

set security policy, procedures, programs and training

Which type of document is a more detailed statement of what must be done to comply with a policy?

standard

Which type of planning is the primary tool in determining the long-term direction taken by an organization?

strategic

Which of the following is true about planning?

strategic plans are used to create tactical plans.

Which of the following functions needed to implement the information security program evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness?

systems testing

Which of the following are the two general groups into which SysSPs can be separated?

technical specifications and managerial guidance

Which of the following is true about the security staffing, budget, and needs of a medium-sized organization?

they have larger information security needs than a small organization

____________________ are malware programs that hide their true nature, and reveal their designed behavior only when activated.

trojan horses

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.

true

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for pre-configured signatures. _________________________

true

One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee's inappropriate or illegal use of the system.

true

The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________

true

​Deterrence is the best method for preventing an illegal or unethical activity. ____________

true

Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?

user-specific security policies

Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?

violations of policy

Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?

Back door

Which policy is the highest level of policy and is usually created first?

EISP

Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them?

HIPAA

Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?

IP address

Which of the following is an attribute of a network device is physically tied to the network interface?

MAC address


Ensembles d'études connexes

Slope and Linear Equations part 1

View Set

Bus Finance Final - Work out Problems

View Set

6.1-6.2 Energy Resource and Consumption Quiz

View Set