Ch. 5 to Ch. 7 Quizzes
The _____ is the difference between an organization's observed and desired performance.
performance gap
Management of classified data includes its storage and _____.
All of the above (distribution, portability, and destruction)
What is NOT a good practice for developing strong professional ethics?
Assume that information should be free
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Checklist
A security clearance is a component of a data classification scheme that assigns a status level to systems to designate the maximum level of classified data that may be stored on them.
False
Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.
False
Change doesn't create risk for a business.
False
Procedures do NOT reduce mistakes in a crisis.
False
The term "data owner" refers to the person or group that manages an IT infrastructure.
False
Which of the following would NOT be considered in the scope of organizational compliance efforts?
Laws
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers should include their responses to the draft audit report in the final audit report.
Which security testing activity uses tools that scan for services running on systems?
Network mapping
What is NOT a goal of information security awareness programs?
Punish users who violate policy
Which intrusion detection system strategy relies upon pattern matching?
Signature detection
A(n) qualitative assessment is based on characteristics that do not use numerical measures.
True
Best business practices are often called recommended practices.
True
Classification scope determines what data you should classify; classification process determines how you handle classified data.
True
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
True
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
True
During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.
True
Performing security testing includes vulnerability testing and penetration testing.
True
Social engineering is deceiving or using people to get around security controls.
True
Which activity manages the baseline settings for a system or device?
Configuration control
What information should an auditor share with the client during an exit interview?
Details on major issues
A(n) disaster recovery plan includes the steps necessary to ensure the continuation of the organization when a disaster's scope or scale exceeds the ability of the organization to restore operations, usually through relocation of critical business functions to an alternative location.
False
Configuration changes can be made at any time during a system life cycle and no process is required.
False
Mandatory vacations minimize risk by rotating employees among various systems or duties.
False
Often an extension of a memorandum of understanding (MOU) the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.
False
Residual risk is the risk that has not been removed, shifted, or planned for after vulnerabilities have been completely resolved.
False
_____ addresses are sometimes called electronic serial numbers or hardware addresses.
MAC
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of understanding (MOU)
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Report writing
What is NOT generally a section in an audit report?
System configurations
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System integrity monitoring
A successful change control program should include the following elements to ensure the change control process: peer review, documentation, and back-out plans.
True
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
True
Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity.
True
In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.
True
Likelihood is the probability that a specific vulnerability within an organization will be the target of an attack.
True
Organizations should communicate with system users throughout the development of the security program, letting them know that changes are coming, and reduce resistance to these expected changes through communication, education, and involvement.
True
Policies that cover data management should cover transitions throughout the data life cycle.
True
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.
True
The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.
True
When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.
True
Written security policies document management's goal and objectives.
True
With proactive change management, management initiates the change to achieve a desired goal.
True.
In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?
Waterfall
Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
appetite
The concept of competitive _____ refers to falling behind the competition.
disadvantage
A(n) _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets.
False
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
False
The value of information to the organization's competition should influence the asset's valuation.
True
Risk _____ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
control
The first phase of risk management is _____.
risk identification
A _____ assigns a status level to employees to designate the maximum level of classified data they may access.
security clearance scheme
The _____ control strategy attempts to shift risk to other assets, other processes, or other organizations.
transference
During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.
False