CS 307 2

Ace your homework & exams now with Quizwiz!

Which of the following should be included in an InfoSec governance program?

An InfoSec risk management methodology

According to the Corporate Governance Task Force (CGTF), during which phase in the IDEAL model and framework does the organization plan the specifics of how it will reach its destination?

Establishing

A top-down approach to information security usually begins with a systems administrator's attempt to improve the security of their systems.

False

Because it sets out general business intentions, a mission statement does not need to be concise.

False

Penetration testing is often conducted by contractors, who are commonly referred to as black-hats.

False

The primary goal of external monitoring is to maintain an informed awareness of the state of all of the organization's networks, information systems, and information security defenses.

False

Blackmail threat of informational disclosure is an example of which threat category?

Information extortion

Which type of planning is used to organize the ongoing, day-to-day performance of tasks?

Operational

Which of the following is an information security governance responsibility of the Chief Security Officer?

Set security policy, procedures, programs and training

Which of the following is true about planning?

Strategic plans are used to create tactical plans

The basic outcomes of InfoSec governance should include all but which of the following?

Time management by aligning resources with personnel schedules and organizational objectives

A clearly directed strategy flows from top to bottom rather than from bottom to top.

True

In which phase of the SecSDLC does the risk management task occur?

analysis

Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?

back door

A ____________ overflow is an application error that occurs when the system can't handle the amount of data that is sent.

buffer

Which type of attack involves sending a large number of connection or information requests to a target?

denial-of-service (DoS)

The impetus to begin an SDLC-based project may be ____________________, that is, a response to some activity in the business community, inside the organization, or within the ranks of employees, customers, or other stakeholders.

event-driven

What is the first phase of the SecSDLC?

investigation

Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct?

managerial controls

Which of the following explicitly declares the business of the organization and its intended areas of operations?

mission statement

Which type of planning is the primary tool in determining the long-term direction taken by an organization?

not operational

In ____________________ testing, security personnel simulate or perform specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities.

penetration

A(n) ___________ attack enables an attacker to extract secrets maintained in a security system by observing the time it takes the system to respond to various queries.

timing

Which of the following is a key advantage of the bottom-up approach to security implementation?

utilizes the technical expertise of the individual administrators

In which model in the SecSDLC does the work products of each phase fall into the next phase to serve as its starting point?

waterfall


Related study sets

Diversity in the Workplace (PA) - KnowledgeQ

View Set

Business Law - Quiz 2 (Ch 4 & 5)

View Set

PUR3622/RTV4930 Exam 1, PUR 3622 Examen 1, RTV 4930 Midterm 1, RTV 4930 Midterm (Quiz Questions 1-7), RTV 4930 Midterm 2, RTV 4930 Midterm 3, RTV4930 Modules, PUR4932, PUR 3622 Final, PUR3622 Week 9 - 15, PUR3622 Final, PUR3622 Midterm

View Set

Photosynthesis, Stimuli & Response Review

View Set

Applied Behavior Analysis (Cooper)

View Set