Information Security Fundamentals

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?

Phishing

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Baseline

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Formatting

What is NOT a goal of information security awareness programs?

Punish users who violate policy

True or False: A SOC 1 Report is commonly implemented for organizations that must comply with the Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

True

True or False: An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

True

True or False: Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies.

True

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Waterfall

True or False: Mandatory vacations minimize risk by rotating employees among various systems or duties.

False

A method of security testing that isn't based directly on knowledge of a program's architecture is the definition of _______.

Black-box Testing

True or False: A hardware configuration chart should NOT include copies of software configurations.

False

True or False: Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.

False

True or False: Configuration changes can be made at any time during a system life cycle and no process is required.

False

True or False: Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of the interconnected assets.

False

True or False: The term "data owner" refers to the person or group that manages an IT infrastructure.

False

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of Understanding (MOU)

What is the correct order of steps in the change control process?

Request, impact assessment, approval, build/test, implement, monitor

True or False: Policies that cover data management should cover transitions throughout the data life cycle.

True