lesson 6

Ace your homework & exams now with Quizwiz!

Which of the following would NOT be considered in the scope of organizational compliance efforts?

laws

What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?

An organization should share its information.

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorization

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official (AO)

Which activity manages the baseline settings for a system or device?

Configuration control

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of understanding (MOU)

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?

Project initiation and planning

What is the correct order of steps in the change control process?

Request, impact assessment, approval, build/test, implement, monitor

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Separation of duties

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type.

Service level agreement (SLA)

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

baseline

Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.

false

Often an extension of a memorandum of understanding (MOU) , the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets

fasle

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

threat

A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

true

A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation and back-out plans.

true

Classification scope determines what data you should classify; classification process determines how you handle classified data

true

Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies.

true

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

waterfall


Related study sets

Security+ Chapter 2: PKI Concepts

View Set

Honan Chapter 25 Hepatic and Biliary Disorders

View Set

(HA Ch 4) PrepU - Health History

View Set

Physics Chapter 19 Waves: Practice Test, ChTest, Homework and Terms

View Set