IS456 Quiz 6

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?

Project initiation and planning

Mark is considering outsourcing security functions to a third party service provider. What benefit is he most likely to achieve?

Access to a high level of expertise

What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?

An organization should share its information.

What is NOT a good practice for developing strong professional ethics?

Assume that information should be free

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorization

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official (AO)

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security setting that should apply to all systems. What type of document should she create?

Baseline

Which activity manages the baseline settings for a system or device?

Configuration control

What practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)?

Enforcing the integrity of computer-based information

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Formatting

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of Understanding (MOU)

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?

Phishing

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Separation of duties

Biyu is making arrangements to use a third party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain a formal requirements of this type?

Service level agreement (SLA)

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Waterfall

Which of the following would NOT be considered in the scope of organizational compliance efforts?

Laws

What is NOT a goal of information security awareness programs?

Punish users who violate policy

What is the correct order of steps in the change control process

Request, impact assessment, approval, build/test, implement, monitor

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

Threat


Set pelajaran terkait

IXL Grade 8 Language arts HH.3 Identify adverbs

View Set

Ch 3 Sec. 1 Life types of polices

View Set

Life Insurance Premiums, Proceeds and Ben.

View Set

Organizational Behavior Exam 2 Ch. 5-7

View Set

neurotransmitters and receptors in autonomic responses

View Set

Organizational Restructuring and redesign

View Set