Information Security Fundamentals Chapter 4

Ace your homework & exams now with Quizwiz!

Authorization controls include biometric devices.

False

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

Which one of the following is the best example of an authorization control?

Access control lists

Which one of the following is an example of a direct cost that might result from a business disruption?

Damaged reputation??

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Disaster recovery plan (DRP)??? wrong

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False

What compliance regulation applies specifically to the educational records maintained by schools about students?

Family Education Rights and Privacy Act (FERPA)

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

What is NOT one of the three tenets of information security?

Safety

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.

False

What is NOT a commonly used endpoint security technique?

Network firewall

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

Onboarding/offboarding

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Parallel test

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

Payment Card Industry Data Security Standard (PCI DSS)

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

A surge protector is an example of a preventative component of a disaster recovery plan (DRP).

True

Authentication controls include passwords and personal identification numbers (PINs).

True

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.

True

Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

True

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

False


Related study sets

Midterm-Public Speaking-Notes/Quiz/Review?

View Set

Immunology 316 weekly quizzes #4

View Set