ITSY: Ch. 4 Quiz & Assessment

Ace your homework & exams now with Quizwiz!

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

Which one of the following is the best example of an authorization control?

Access control lists

Organizations that permit their employees to use their own laptops or smartphone devices and connect to the IT infrastructure describe a policy referred to as:

BYOD

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Business continuity plan (BCP)

The recovery point objective (RPO) defines the last point in time for _______ recovery that can be enabled back into production.

Data

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

Data ownership

Which of the following are organizational concerns for BYOD and mobility?

Data ownership, Privacy, Lost or stolen device, Data wiping

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

Which U.S. security-related act governs the security of data specifically for the financial industry?

GLBA

_____ is the U.S. security-related act that governs regulated health care information.

HIPAA

Which of the following business drivers are impacting businesses' and organizations' security requirements and implementations?

Mobility, Regulatory compliance, Productivity enhancements, Always-on connectivity

Which one of the following is an example of a reactive disaster recovery control?

Moving to a warm site

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

Which risk management approach requires a distributed approach with business units working with the IT organization?

OCTAVE

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Parallel test

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

Recovery time objective (RTO)

The NIST SP800-30 standard is a _______________ management framework standard for performing risk management.

Risk

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

According to PMI, which term describes the list of identified risks?

Risk register

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test

What is the primary purpose of a business impact analysis (BIA)?

To identify, categorize, and prioritize mission-critical business functions, To provide a road map for business continuity and disaster recovery planning, To assist organizations with risk management, To assist organizations with incident response planning

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

Dawn is selecting an alternative processing facility for her organization's primary data center. she would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

Warm site

With respect to IT security, a risk can result in either a positive or a negative effect.

True

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.

False

What is NOT a commonly used endpoint security technique?

Network firewall

Risk management is responding to a negative event when it occurs.

True

Which one of the following is an example of a direct cost that might result from a business disruption?

Facility repair

Which of the following solutions are used for authenticating a user to gain access to systems, applications, and data?

Passwords and PINs, Smart cards and tokens, Biometric devices, Digital certificates

Which term indicates the maximum amount of data loss over a time period?

Recovery Point Objective (RPO)

Which of the following terms defines the amount of time it takes to recover a production IT system, application, and access to data?

Recovery time objective

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True


Related study sets

Psych of adulthood exam 2 chapter 6

View Set

Week 1.2 - logic of conditional statements

View Set

Real Estate Principles Chapter 12

View Set