GBA 6780 - Chapter 6 Quiz

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? -Identification -Authentication -Accountability -Authorization

Authorization

In an accreditation process, who has the authority to approve a system for implementation? -Certifier -Authorizing official (AO) -System owner -System administrator

Authorizing official (AO)

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? -Baseline -Policy -Guideline -Procedure

Baseline

Which activity manages the baseline settings for a system or device? -Configuration control -Reactive change management -Proactive change management -Change control

Configuration control

T/F: A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.

False

T/F: Change doesn't create risk for a business

False

T/F: Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.

False

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data? -Formatting -Degaussing -Physical destruction -Overwriting

Formatting

Which agreement type is typically less formal than other agreements and expresses areas of common interest? -Service level agreement (SLA) -Blanket purchase agreement (BPA) -Memorandum of understanding (MOU) -Interconnection security agreement (ISA)

Memorandum of understanding (MOU)

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of? -Intimidation -Name dropping -Appeal for help -Phishing

Phishing

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking? -Project initiation and planning -Functional requirements and definition -System design specification -Operations and maintenance

Project initiation and planning

What is NOT a goal of information security awareness programs? -Teach users about security objectives -Inform users about trends and threats in security -Motivate users to comply with security policy -Punish users who violate policy

Punish users who violate policy

What is the correct order of steps in the change control process? -Request, approval, impact assessment, build/test, monitor, implement -Request, impact assessment, approval, build/test, implement, monitor -Request, approval, impact assessment, build/test, implement, monitor -Request, impact assessment, approval, build/test, monitor, implement

Request, impact assessment, approval, build/test, implement, monitor

T/F: A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

True

T/F: With proactive change management, management initiates the change to achieve a desired goal.

True

What is NOT a good practice for developing strong professional ethics? -Set the example by demonstrating ethics in daily activities -Encourage adopting ethical guidelines and standards -Assume that information should be free -Inform users through security awareness training

Assume that information should be free

T/F: A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation, and back-out plans

True

T/F: Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies.

True

T/F: Polices that cover data management should cover transitions throughout the data life cycle.

True

T/F: The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.

True