CH 6 Info Sec

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking? -Project initiation and planning -Functional requirements and definition -System design specification -Operations and maintenance

-Project initiation and planning

What is the correct order of steps in the change control process? -Request, approval, impact assessment, build/test, monitor, implement -Request, impact assessment, approval, build/test, implement, monitor -Request, approval, impact assessment, build/test, implement, monitor -Request, impact assessment, approval, build/test, monitor, implement

-Request, impact assessment, approval, build/test, implement, monitor

Which of the following is true of procedures? -They increase mistakes in a crisis. -They provide for places within the process to conduct assurance checks. -Important steps are often overlooked. -None of the above -All of the above

-They provide for places within the process to conduct assurance checks.

Which of the following is an example of social engineering? An emotional appeal for help A phishing attack Intimidation Name-dropping All of the above

All of the above

A ___________ is a generally agreed-upon technology, method or format for a given application such as TCP/IP protocol standard procedure guidelines baseline

standard

The objectives of classifying information include which of the following? -To identify data value in accordance with organization policy -To identify information protection requirements -To standardize classification labeling throughout the organization -To comply with privacy law, regulations, and so on -All of the above

-All of the above

The change management process includes ________ control and ________ control. -Clearance, classification -Document, data -Hardware inventory, software development -Configuration, change

-Configuration, change

Which activity manages the baseline settings for a system or device? Configuration control Reactive change management Proactive change management Change control

Configuration control

An organization does not have to comply with both regulatory standards and organizational standards. True False

False

In 1989, the IAB issued a statement of policy about Internet ethics. This document is known as ________. OECD RFC 1087 (ISC)2 Code of Ethics Canons CompTIA Candidate Code of Ethics None of the above

RFC 1087

A(n) ________ is a formal contract between your organization and an outside firm that details the specific services the firm will provide. Security event log Incident response Service-level agreement (SLA) Compliance report

Service Level Agreement

More and more organizations use the term ________ to describe the entire change and maintenance process for applications. System development life cycle (SDLC) System life cycle (SLC) System maintenance life cycle (SMLC) None of the above

System Development Life Cycle (SDLC)

Data classification is the responsibility of the person who owns the data. True or False? True False

True

Policy sets the tone and culture of the organization. True False

True

Security administration is the group of individuals responsible for the planning, design, implementation, and monitoring of an organizations security plan. True False

True

There are several types of software development methods, but most traditional methods are based on the ________ model. Modification Waterfall Developer Integration

Waterfall

The security program requires documentation of: -The security process -The policies, procedures, and guidelines adopted by the organization -The authority of the persons responsible for security -All of the above -None of the above

-All of the above

When developing software, you should ensure the application does which of the following? -Has edit checks, range checks, validity checks, and other similar controls -Checks user authorization -Checks user authentication to the application -Has procedures for recovering database integrity in the event of system failure -All of the above

-All of the above

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? Baseline Policy Guideline Procedure

Baseline

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of? Intimidation Name dropping Appeal for help Phishing

Phishing

________ is the concept that users should be granted only the levels of permissions they need in order to perform their duties. Mandatory vacations Separation of duties Job rotation Principle of least privilege None of the above

Principle of least privilege

________ involve the standardization of the hardware and software solutions used to address a security risk throughout the organization. Policies Standards Procedures Baselines

Standards

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions? Value Sensitivity Criticality Threat

Threat

Configuration management is the management of modifications made to the hardware, software, firmware, documentation, test plans, and test documentation of an automated system throughout the system life cycle. True False

True

Which software testing method provides random input to see how software handles unexpected data? Injection Fuzzing Valid error input Boundary input

Valid error input

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete? Spiral Agile Lean Waterfall

Waterfall


संबंधित स्टडी सेट्स

Building Controls VI: When to Use Each Response

View Set

Ch. 8 - Training and On-boarding

View Set

Chapter 6 Proteins and Amino Acids

View Set

Virginia Pesticide Technician Exam

View Set

Organizational Behavior Chapter 8 Quiz

View Set

Health and Physical Assessment AQ

View Set