CYSE300 Module 6 Quiz

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official (AO)

Configuration changes can be made at any time during a system life cycle and no process is required.

False

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Formatting

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of understanding (MOU)

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?

Project initiation and planning

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Separation of duties

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Service level agreement (SLA)

Classification scope determines what data you should classify; classification process determines how you handle classified data.

True

Standards are used when an organization has selected a solution to fulfill a policy goal

True

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

authorization

Which activity manages the baseline settings for a system or device?

configuration control

A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.

False

Procedures do NOT reduce mistakes in a crisis.

False

The term "data owner" refers to the person or group that manages an IT infrastructure.

False

A hardware configuration chart should NOT include copies of software configurations.

False

Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.

False

What is the correct order of steps in the change control process?

Request, impact assessment, approval, build/test, implement, monitor

Mandatory vacations minimize risk by rotating employees among various systems or duties.

False

Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.

False