Blitz Practice
A time-based synchronization system is a mechanism that limits access to computer systems and network resources. True or False?
False
The term need-to-know refers to a device used as a logon authenticator for remote users of a network. True or False?
False
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured. True or False?
True
Most often passphrases are used for public and private key authentication. True or False?
True
Residual risk is the risk that remains after you have installed countermeasures and controls. True or False?
True
Among common recovery location options, this is one that can take over operation quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data. a. Hot site b. Alternate processing center c. Warm site d. Cold site
a. Hot site
Notification, response, recovery and follow-up, and documentation are all components of what process? a. Incident handling b. Corrective control c. Business impact analysis (BIA) d. Countermeasure
a. Incident handling
____________ is the process of managing changes to computer/device configuration or application software. a. Sprint b. Change control c. Proactive change management d. Procedure control
b. Change control
The primary task of an organization's ___________ team is to control access to systems or resources. a. Management b. Security administration c. Compliance liaison d. Software development
b. Security administration
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security _____________ and awareness program. a. Guidelines b. Training c. Environment d. Documentation
b. Training
______________ is an authorization method in which access to resources is decided by the user's formal status. a. Knowledge b. Decentralized access control c. Authority-level policy d. Physically constrained user interface
c. Authority-level policy
____________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification. a. Smart card b. Relationships c. Need-to-know d. Multi-tenancy
c. Need-to-know
A security awareness program includes _____________. a. Motivating users to comply with security policies b. Informing users about trends and threats in society c. Teaching employees about security objectives d. All of the above
d. All of the above
A(n) __________ is a measurable occurrence that has an impact on the business. a. Critical business function b. Corrective control c. Cost d. Event
d. Event
The ____________ team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event. a. Management b. Compliance liaison c. IT Group d. Security administration
d. Security administration
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems. a. Physical access control b. authentication c. Event-based synchronous system d. Security kernel
d. Security kernel
What is meant by certification? a. A strategy to minimize risk by rotating employees between various systems or duties b. The formal acceptance by the authorizing official of the risk of implementing the system c. A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies d. The technical evaluation of a system to provide assurance that you have implemented the system correctly
d. The technical evaluation of a system to provide assurance that you have implemented the system correctly