ISDS 3070 Quiz 1 final review

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Match the control to the appropriate control type: Motion Detector = Bollard= Backup Tapes= Encryption= Image of a Computer= Guard Dog=

-Detective -Preventive -Recovery -Preventive -Corrective -Deterrent

helps identify an incident's activities and potentially an intruder

Detective

Intended to avoid an incident from occurring

Preventive

intended to bring the environment back to regular operations

Recovery

If you are a government contractor providing IT services to the U.S. military, you should use the following Security Control Framework: a. COBIT-5 b. NISP SP 800-53 c. COSO d. DoDAF e. ITIL

b. NISP SP 800-53

The Sherwood Applied Business Security Architecture (SABSA) Framework is often used to set up an enterprise security architecture. Which of the following correctly describe the SABSA Framework? a. Defines how an Information Security Management System should be built and maintained. b. Provides control objectives for the Federal government c. Serves as both a framework and methodology. d. Can be used to develop four specific architecture types.

c. Serves as both a framework and methodology.

fixes components or systems after an incident has occurred

corrective

If you are an organization and your primary objective is to ensure your IT Department is properly meeting the needs of the different units within the organization, the best standard for your to follow would be: a. DoDAF b. COBIT-5 c. NIST SP 800-53 d. ITIL e. COSO

d. ITIL

The integrity of data is not related to which of the following? a. Unauthorized manipulation or changes to data. b. The intentional or accidental substitution of data. c. The modification of data without authorization. d. The extraction of data to share with unauthorized entities.

d. The extraction of data to share with unauthorized entities.

The likelihood of a threat source exploiting a vulnerability and the corresponding business impact

risk

any potential danger is associated with the exploitation of a vulnerability

threat

Ensures access to data is timely and data is reliable

Availability

Controls that provide an alternative measure of control

Compensating

Prevents unauthorized disclosures of data

Confidentiality

Prevents unauthorized modification of data

Integrity

A social engineer, a hacker, a shoulder surfer, and even an employee making an unintentional mistake that could expose confidential information are all types of what?

Threat agents

Threats can come in many forms and every company should place high importance on identifying all of its potential threats. Which of the answers below is an accurate example of a potential threat? a. All of the other choices b. Unintentional loss of data due to a computer malfunction. c. Unintentional loss of data due to an employee mistake. d. Intentional loss of data due to a disgruntled employee.

a. All of the other choices

Alice is the security manager of a company that makes most of its revenue from its intellectual property. Alice has implemented a process improvement program that has been certified by an outside entity. Her company received a Level 2 during an appraisal process, and she is putting in steps to increase this to a Level 3. Which of the below answers is the criteria Alice's company was most likely certified under? a. Capability Maturity Model Integration b. Information Technology Infrastructure Library c. SABSA d. Zachman

a. Capability Maturity Model Integration

Which organization has been developed to deal with economic, social, and governance issues and with how sensitive data is transported over borders? a. Organization for Economic, Co-Operation and Development b. Safe Harbor c. European Union d. Council of Europe

a. Organization for Economic, Co-Operation and Development

The Organization for Economic Cooperation and Development (OECD) has generated and published a set of 8 principles for personal privacy. Which of the following is NOT one of these 8 principles? a. Right to be Forgotten Principle b. Individual Participation Principle c. Openness Principle d. Data Quality Principle

a. Right to be Forgotten Principle

This Enterprise Architecture Framework provides an approach to design, implementation, and governance for an enterprise information architecture that allows the IT architecture to understand the enterprise from four different architectures: business, data, application and technology. a. TOGAF b. DoDAF c. SABSA d. MoDAF

a. TOGAF

If you are a business that provides financial services, publishes quarterly reports to the Security and Exchange Commission and want to ensure you have the necessary controls to ensure your IT department is meeting all required security controls, you should follow: a. ITIL b. COBIT-5 c. DoDAF d. NIST SP 800-53 e. COS

b. COBIT-5

Which of the following best describes ISO 27001 and BS 7799 a. Nationally recognized Information Security Management Standards that provide high-level, conceptual recommendations on enterprise security. b. ISO 27001 is the internationally recognized Information Security Management Standard that provides high-level, conceptual recommendations on enterprise security. It was derived from BS 7799 c. The most commonly used standard is the BS 7799 which was derived from the de facto standard ISO 27001. It is an internationally recognized Information Security Management Standard that provides high-level conceptual recommendations on enterprise security. d. BS 7799 was derived from ISO 17799 and provides guidance on how to set up and maintain security programs.

b. ISO 27001 is the internationally recognized Information Security Management Standard that provides high-level, conceptual recommendations on enterprise security. It was derived from BS 7799

The Zachman Architecture Framework is often used to set up an enterprise security architecture. Which of the following does not correctly describe the Zachman Framework? a. Used to build a robust enterprise architecture versus a technical security architecture. b. A two-dimensional model that uses communication interrogatives intersecting with different levels. c. A security-oriented model that gives instructions in a modular fashion. d. Uses six perspectives to describe a holistic information infrastructure.

c. A security-oriented model that gives instructions in a modular fashion.

Bob has some data that is extremely valuable. He backs it up from his computer to a flash stick, and he puts the flash stick in a safe deposit box. Which two principles of the CIA triad does this address. a. Backup - Integrity; Safe Deposit Box - Confidentiality b. Backup - Confidentiality; Safe Deposit Box - Integrity c. Backup - Availability; Safe Deposit Box - Confidentiality d. Backup - Integrity; Safe Deposit Box - Availability

c. Backup - Availability; Safe Deposit Box - Confidentiality

Which of the following is the effect of job rotation on organizational security? a. Reassigned personnel will be able to modify their old administrative files b. Privileged personnel will never stay on the job long enough to learn how to bypass security controls c. Privileged personnel involved in violations of security policy cannot be certain that they can always avoid detection d. As personnel rotate through jobs, they will learn how to implement new procedures

c. Privileged personnel involved in violations of security policy cannot be certain that they can always avoid detection

any organization that collects data on EU residents

data controller

any organization that processes data for a data controller

data processor

the individual to whom the data pertains

data subject

intended to discourage a potential attacker

deterrent

a weakness in a system that allow a threat source to compromise its security

vulnerability


Ensembles d'études connexes

SIE simulated exam missed questions

View Set

POLS 1337 Chapter 4 Wrap It Up Quiz

View Set