ISDS 3070 Quiz 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The Zachman Architecture Framework is often used to set up an enterprise security architecture. Which of the following does NOT correctly describe the Zachman Framework?

A security-oriented model that gives instruction in a modular fashion

Vulnerability

A weakness in a system that allow a threat source to compromise its security

Data Controller

Any organization that collects data on EU residents

Data Processor

Any organization that processes data for a data controller

Threat

Any potential danger is associated with the exploitation of a vulnerability

Bob has some data that is extremely valuable. He backs it up from his computer to a flash stick, and he puts the flash stick in a safe deposit box. Which two principles of the CIA triad does this address?

Backup - Availability; Safe Deposit Box - Confidentialty

If you are a business that provides financial services, publishes quarterly reports to the Security and Exchange Commission and want to ensure you have the necessary controls to ensure your IT department is meeting all required security controls, you should follow:

COBIT-5

Alice is the security manager of a company that makes most of its revenue from its intellectual property. Alice has implemented a process improvement program that has been certified by an outside entity. Her company received a Level 2 during an appraisal process, and she is putting in steps to increase this to a Level 3. Which of the below answers is the criteria Alice's company was most likely certified under?

Capability Maturity Model Integration

Compensating

Controls that provide an alternative measure of control

Match the control to the appropriate control type. Image of a Computer

Corrective

Match the control to the appropriate control type. Motion Detector

Detective

Match the control to the appropriate control type. Guard Dog

Deterent

Availability

Ensures access to data is timely and data is reliable

Corrective

Fixes components or systems after an incident has occurred

Detective

Helps identify an incident's activities and potentially an intruder

Which of the following best describes ISO 27001 and BS 7799?

ISO 27001 is the internationally recognized Information Security Management Standard that provides high level, conceptual recommendations on enterprise security. It was derived from BS 7799

If you are an organization and your primary objective is to ensure your IT Department is properly meeting the needs of the different units within the organization, the best standard for you to follow would be:

ITIL

Preventive

Intended to avoid an incident from occurring

Recovery

Intended to bring the environment back to regular operations

Threats can come in many forms and every company should place high importance on identifying all of its potential threats. Which of the answers below is an accurate example of a potential threat?

Intentional loss of data due to a disgruntled employee Unintentional loss of data due to an employee mistake Unintentional loss of data due to a computer malfunction

If you are a government contractor providing IT services to the U.S military, you should use the following Security Control Framework

NISP SO 800-53

Which organization has been developed to deal with economic, social, and governance issues and with how sensitive data is transported over borders?

Organization for Economic, Co-Operation and Development

Match the control to the appropriate control type. Bollard

Preventive

Match the control to the appropriate control type. Encryption

Preventive

Confidentiability

Prevents unauthorized disclosures of data

Integrity

Prevents unauthorized modification of data

Which of the following is the effect of job rotation on organizational security?

Privileged personnel involved in violations of security policy cannot be certain that they can always avoid detection

Match the control to the appropriate control type. Backup Tapes

Recovery

The Organization for Economic Cooperation Development (OECD) has generated and published a set of 8 principles privacy. Which of the following is NOT one of these 8 principles?

Right to be Forgotten Principle

The Sherwood Applied Business Security Architecture (SABSA) Framework is often used to set up an enterprise security architecture. Which of the following correctly describes the SABSA Framework?

Serves as both a framework and methodology

This Enterprise Architecture Framework provides an approach to design implementation, and governance for an enterprise information architecture that allows the IT architecture to understand the enterprise from four different architectures: business, data, application and technology

TOGAF

The integrity of data is not related to which of the following?

The extraction of data to share with unauthorized entities

Data Subject

The individual to whom the data pertains

Risk

The likelihood of a threat source exploiting a vulnerability and the corresponding business impact

A social engineer, a hacker, a shoulder surfer, and even an employee making an unintentional mistake that could expose confidential information are all types of what?

Threat agents


Ensembles d'études connexes

MKTG Unit 3 Practice Questions, Retail Q's Exam 3, RETAIL EXAM #3

View Set

Physical Science Chapter 12 part 2

View Set

Chapter 16-Inside the Computer Transistors and Integrated Circuits

View Set