FINAL
PCI only has one priority
False
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?
800
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?
Consumer
What is NOT one of the four main purposes of an attack?
Data correlation
A SOC 1 report primarily focuses on security.
False
A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
False
A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.
False
A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
False
A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and the plan reflects the company's priorities and structures.
False
A subnet mask is a partition of a network based on IP addresses.
False
Master's programs are generally broad and don't focus on a particular field of study.
False
Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.
False
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
False
Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.
False
Risk refers to the amount of harm a threat exploiting a vulnerability can cause.
False
Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks.
False
Temporal isolation is commonly used in combination with rule-based access control.
False
The CISSP-ISSEP concentration requires that a candidate demonstrate two years of professional experience in the area of architecture.
False
The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems.
False
The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.
False
The number of failed logon attempts that trigger an account action is called an audit logon event.
False
The term risk methodology refers to a list of identified risks that results from the risk-identification process.
False
What organization is focused on the requirements of auditors?
ISACA
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Parallel test
Under HIPPA Security rule, what types of safeguards must be implemented by all covered entities, regardless of the circumstances?
Required
Ben is working towards a position as a senior secuirty administrator and would like to earn his first Interntaiional Information Systems Seucrity Certification Consortium, Inc. (ISC) 2 certification. What certification is needed.
SSCP (Systems Security Certified Practioner)
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4102?
Senior System Manager
Biyu is making arrangements to use a third-party service provider.
Service level agreement (SLA)
The CEO of Kelly's company recently fell victim to an attack.
Spear phishing
Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?
Threat
A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.
True
An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
True
Digital signatures require asymmetric key cryptography
True
During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.
True
HCISP) credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations.
True
SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
True
The Baldridge National Quality Program is part of the National Institute of Standards and Technology (NIST).
True
The Internet Engineering Task Force (IETF) is a collection of working groups (WGs), and each working group addresses a specific topic.
True
The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.
True
The term risk methodology refers to a list of identified risks that result from the risk identification process.
True
The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.
True
A professional certification is typically offered as part of an evening curriculum that leads to a certificate of completion.
False
Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.
False
Cisco offers certifications only at the Associate, Professional, and Expert levels. True False
False
Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.
False
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).
False
During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.
False
In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
False
Information Systems Security Certification Consortium, Inc. (ISC)2 is the baseline for federal and DoD work-role definitions.
False
The ISACA Certified in Risk Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements
False
The Institute of Electrical and Electronics Engineers (IEEE) publishes or sponsors more than 13,000 standards and projects.
False
The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.
False
The first step in the risk management process is to monitor and control deployed countermeasures.
False
The four central components of access control are users, resources, actions, and features.
False
The four main areas in NIST SP 800-50 are awareness, training, certification, and professional development.
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
False
Jake has been asked to help test the business continuity plan at an offset location while the system at the main location is shut down. He is participating in a parallel test.
True
Special Publications (SPs) are standards created by the National Institute of Standards and Technology (NIST).
False
The Family Educational Rights and Privacy Act (FERPA) requires that specific information security controls be implemented to protect student records.
False
The asset protection policy defines an organization's data classification standard.
False
A successful business impact analysis (BIA) maps the context, the critical business functions, and the processes on which they rely.
True
The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).
True
The business impact Analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
Unified Threat maangement
URL filter, Content inspection, malware inspection
Authorization controls include biometric devices.
False
During the secure phase of a security review, you review and measure all controls to capture actions and changes on the sytem.
False
Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.
False
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
SOC 3
