Information Security Fundamentals
Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?
Phishing
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?
Baseline
Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?
Formatting
What is NOT a goal of information security awareness programs?
Punish users who violate policy
True or False: A SOC 1 Report is commonly implemented for organizations that must comply with the Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
True
True or False: An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
True
True or False: Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies.
True
In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?
Waterfall
True or False: Mandatory vacations minimize risk by rotating employees among various systems or duties.
False
A method of security testing that isn't based directly on knowledge of a program's architecture is the definition of _______.
Black-box Testing
True or False: A hardware configuration chart should NOT include copies of software configurations.
False
True or False: Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.
False
True or False: Configuration changes can be made at any time during a system life cycle and no process is required.
False
True or False: Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of the interconnected assets.
False
True or False: The term "data owner" refers to the person or group that manages an IT infrastructure.
False
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of Understanding (MOU)
What is the correct order of steps in the change control process?
Request, impact assessment, approval, build/test, implement, monitor
True or False: Policies that cover data management should cover transitions throughout the data life cycle.
True