Chapter 4

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Which of the following is not true of gap analysis?

A gap analysis can be performed only through a formal investigation

Which of the following is an example of an authorization control?

Access Control List

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Business Continuity Plan (BCP)

What compliance regulation is similar to the European Union (EU) General Data Protection Regulation (GDPR) of 2016 and focuses on individual privacy and rights of data owners?

California Consumer Privacy Act (CCPA) of 2018

Rodrigo is a security professional. He is creating a policy that gives his organization control over mobile devices used by employees while giving them some options as to the type of device they will use. Which approach to mobile devices is Rodrigo focusing on in the policy?

Choose Your Own Device (CYOD)

What is the first priority when responding to a disaster recovery effort?

Ensuring that everyone is safe

Which regulation requires schools to receive written permission from a parent or an eligible student before releasing any information contained in a student's education record?

FERPA

Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution?

FFIEC

Which of the following is an example of a direct cost that might result from a business disruption?

Facility Repair

True or False? An uninterruptible power supply (UPS) is an example of a reactive component of a disaster recovery plan (DRP).

False

True or False? Authorization controls include biometric devices.

False

True or False? In most organizations, focusing on smaller issues rather than planning for the most wide-reaching disaster results in a more comprehensive disaster recovery plan.

False

True or False? Regarding data-center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

False

True or False? The business continuity plan (BCP) identifies the resources for which a business impact analysis (BIA) is necessary.

False

True or False? The term "risk methodology" refers to a list of identified risks that results from the risk identification process.

False

What compliance regulation focuses on management and evaluation of the security of unclassified and national security systems?

Government Information Security Reform Act (Security Reform Act) of 2000

Dawn is selecting an alternative processing facility for her organization's primary data center. She needs a facility with the least switchover time, even if it's the most expensive option. What is the most appropriate option in this situation?

Hot Site

Which of the following is an example of a reactive disaster recovery plan?

Moving to a warm site

What is not a commonly used endpoint security technique?

Network Firewall (its not an endpoint at all)

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

PCI DSS

Hajar is developing a business impact assessment for her organization. She is working with business units to determine the target state of recovered data that allows the organization to continue normal processing after a major interruption. Which of the following is Hajar determining?

Recovery Point Objective

Which is the typical risk equation?

Risk = Threat X Vulnerability

As a follow-up to her annual testing, Isabella would like to conduct quarterly disaster recovery tests. These tests should include role-playing and introduce as much realism as possible without affecting live operations. What type of test should Isabella conduct?

Simulation Test

What is the main purpose of risk identification in an organization?

To make the organization's personnel aware of existing risk

True or False? A business continuity plan (BCP) directs all activities required to ensure that an organization's critical business functions continue when an interruption occurs that affects the organization's viability.

True

True or False? A disaster recovery plan (DRP) is part of a business continuity plan (BCP) and is necessary to ensure the restoration of resources required by the BCP to an available state.

True

True or False? A threat analysis identifies and documents threats to critical resources, which means considering the types of disasters that are possible and what kind of damage they can cause.

True

True or False? Authentication controls include passwords and personal identification numbers (PINs).

True

Isabella is in charge of the disaster recovery plan (DRP) team. She needs to ensure that data center operations will transfer smoothly to an alternate site in the event of a major interruption. She plans to run a complete test that will interrupt the primary data center and transfer processing capability to a hot site. What option is described in this scenario?

Full-interuption Test

True or False? The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.

Gramm-Leach-Bliley Act (GLBA)

True or False? OCTAVE is an approach to risk-based strategic assessment and planning.

True

True or False? Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

True

True or False? Screen locks are a form of endpoint device security control.

True

True or False? Storage segmentation is a mobile device control that physically separates personal data from business data.

True

True or False? The recovery time objective (RTO) expresses the maximum allowable time in which to recover the function after a major interruption.

True

True or False? The term "risk management" describes the process of identifying, assessing, prioritizing, and addressing risks.

True

True or False? The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

True or False? Changes to external requirements, such as legislation, regulation, or industry standards, that require control changes can result in a security gap for an organization.

True

True or False? Mobile device management (MDM) includes a software application that allows organizations to monitor, control, data wipe, or data delete business data from a personally owned device.

True


संबंधित स्टडी सेट्स

Interpersonal Communications Final

View Set

Week 12 NCLEX Practice Questions

View Set

Mock Exam LO1 Intrinsic and Extrinsic Factors

View Set

NURSU 454 Med Surg Respiratory Assessment HESI REVIEW

View Set

Life Insurance Underwriting and Policy Issue

View Set

Jojo's Bizarre Adventure :(what Dio thinks)

View Set

Property 1: Themis Questions Final Exam Review Professor DeGroff

View Set