Chapter 1 Assessment
Internet IP packets are to cleartext what encrypted IP packets are to:
ciphertext
Which security control would be implemented to stop attackers from intercepting and reading sensitive email messages?
A VPN for remote access.
A data classification standard is usually part of which policy definition?
Asset classification policy.
Which of the following security controls can help mitigate malicious email attachments?
All of these are correct. Email filtering and quarantining, Email attachment antivirus scanning, Verifying with users that email source is reputable, Holding all incoming emails with unknown attachments.
Maximizing availability primarily involves minimizing:
All of these are correct. the amount of downtime recovering from a disaster, the mean time to repair a system or application, downtime by implementing a business continuity plan, the recovery time objective.
The _________ tenet of information systems security is concerned with the recovery time objective.
Availability
When selling software, software manufacturers limit their liability using which of the following?
End-User License Agreements
Which of the following is not a U.S. compliance law or act?
PCI DSS
Encrypting email communications is needed when sending confidential information within an email message through the public internet.
True
Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats.
True
A publicly traded company or U.S. federal government agency must go public and announce that it has a had a data breach and inform the impacted individuals of that data breach.
True.
Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.
True.
Which security control would reduce the likelihood of an attackers' gaining unauthorized access to a user's login ID?
Two-factor authentication
A data breach typically occurs after which of the following?
Unauthorized access to systems and application is obtained.
The _______ is the weakest link in an IT infrastructure.
User Domain
