ch4

Ace your homework & exams now with Quizwiz!

t

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster. True False

Payment Card Industry Data Security Standard (PCI DSS)

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) Federal Information Security Management Act (FISMA) Federal Financial Institutions Examination Council (FFIEC)

Recovery time objective (RTO)

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining? Recovery time objective (RTO) Recovery point objective (RPO) Business recovery requirements Technical recovery requirements

True

Authentication controls include passwords and personal identification numbers (PINs). True False

False

Authorization controls include biometric devices. True False

HIPAA

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? FFIEC FISMA HIPAA PCI DSS

False

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP). True False

Warm site

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation? Hot site Warm site Cold site Primary site

Risk survey results

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? Description of the risk Expected impact Risk survey results Mitigation steps

False

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats. True False

t

A surge protector is an example of a preventative component of a disaster recovery plan (DRP). True False

False

Most enterprises are well prepared for a disaster should one occur. True False

Simulation test

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? Checklist test Parallel test Simulation test Structured walk-through

Parallel test

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario? Checklist test Full interruption test Parallel test Simulation test

True

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data. True False

True

Screen locks are a form of endpoint device security control. True False

13

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation? 11 13 15 18

t

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems. True False

True

The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry. True False

t

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary. True False

False

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios. True False

t

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks. True False

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process. True False

True

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks. True False

Business continuity plan (BCP)

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort? Disaster recovery plan (DRP) Business impact analysis (BIA) Business continuity plan (BCP) Service level agreement (SLA)

Risk Management Guide for Information Technology Systems (NIST SP800-30)

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use? Risk Management Guide for Information Technology Systems (NIST SP800-30) CCTA Risk Analysis and Management Method (CRAMM) Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) ISO/IEC 27005, "Information Security Risk Management"

False

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. True False

f

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. True False

t

Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device. True False

False

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device. True False

Family Education Rights and Privacy Act (FERPA)

What compliance regulation applies specifically to the educational records maintained by schools about students? Family Education Rights and Privacy Act (FERPA) Health Insurance Portability and Accountability Act (HIPAA) Federal Information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA)

Network firewall

What is NOT a commonly used endpoint security technique? Full device encryption Network firewall Remote wiping Application control

Safety

What is NOT one of the three tenets of information security? Confidentiality Integrity Safety Availability

Ensure that everyone is safe.

What is the first step in a disaster recovery effort? Respond to the disaster. Follow the disaster recovery plan (DRP). Communicate with all affected parties. Ensure that everyone is safe.

Facility repair

Which one of the following is an example of a direct cost that might result from a business disruption? Damaged reputation Lost market share Lost customers Facility repair

No technology infrastructure

What level of technology infrastructure should you expect to find in a cold site alternative data center facility? Hardware and data that mirror the primary site Hardware that mirrors the primary site, but no data Basic computer hardware No technology infrastructure

Risk = Threat X Vulnerability

Which formula is typically used to describe the components of information security risks? Risk = Likelihood X Vulnerability Risk = Threat X Vulnerability Risk = Threat X Likelihood Risk = Vulnerability X Cost

Data ownership

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? Support ownership Onboarding/offboarding Forensics Data ownership

Moving to a warm site

Which one of the following is an example of a reactive disaster recovery control? Moving to a warm site Disk mirroring Surge suppression Antivirus software


Related study sets

Unit 6: Lesson 2: LS Assignment 3

View Set

CHAPTER 7 Organizing and Authority

View Set

Chapter 31 Open-Economy Macroeconomics: Basic Concepts

View Set

module - 2 lower respiratory questions

View Set

Ch. 7 Sampling and Sampling Distributions

View Set

TEXTBOOK: Ch. 6 - Gendered Nonverbal Communication

View Set

Psychology B - Unit 3: Intelligence and Memory

View Set