GBA 6780 - Chapter 6 Quiz
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? -Identification -Authentication -Accountability -Authorization
Authorization
In an accreditation process, who has the authority to approve a system for implementation? -Certifier -Authorizing official (AO) -System owner -System administrator
Authorizing official (AO)
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? -Baseline -Policy -Guideline -Procedure
Baseline
Which activity manages the baseline settings for a system or device? -Configuration control -Reactive change management -Proactive change management -Change control
Configuration control
T/F: A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.
False
T/F: Change doesn't create risk for a business
False
T/F: Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.
False
Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data? -Formatting -Degaussing -Physical destruction -Overwriting
Formatting
Which agreement type is typically less formal than other agreements and expresses areas of common interest? -Service level agreement (SLA) -Blanket purchase agreement (BPA) -Memorandum of understanding (MOU) -Interconnection security agreement (ISA)
Memorandum of understanding (MOU)
Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of? -Intimidation -Name dropping -Appeal for help -Phishing
Phishing
Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking? -Project initiation and planning -Functional requirements and definition -System design specification -Operations and maintenance
Project initiation and planning
What is NOT a goal of information security awareness programs? -Teach users about security objectives -Inform users about trends and threats in security -Motivate users to comply with security policy -Punish users who violate policy
Punish users who violate policy
What is the correct order of steps in the change control process? -Request, approval, impact assessment, build/test, monitor, implement -Request, impact assessment, approval, build/test, implement, monitor -Request, approval, impact assessment, build/test, implement, monitor -Request, impact assessment, approval, build/test, monitor, implement
Request, impact assessment, approval, build/test, implement, monitor
T/F: A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.
True
T/F: With proactive change management, management initiates the change to achieve a desired goal.
True
What is NOT a good practice for developing strong professional ethics? -Set the example by demonstrating ethics in daily activities -Encourage adopting ethical guidelines and standards -Assume that information should be free -Inform users through security awareness training
Assume that information should be free
T/F: A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation, and back-out plans
True
T/F: Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies.
True
T/F: Polices that cover data management should cover transitions throughout the data life cycle.
True
T/F: The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.
True