yurekli final chapter 6 and 7

Ace your homework & exams now with Quizwiz!

False

A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system

True

An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

Baseline

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Threat

Ayo is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

False

Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.

Prudent

Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?

Does the firewall properly blick unsolicited network connection attempts?

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Formatting

Erik is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Access to a high level of expertise

Everett is considering outsourcing security functions to a third-party service provider (which is a kind of risky for a CIA agent :). What benefit is he most likely to achieve?

Black-box test

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Audit

Gilfoyle is reviewing security logs to independently assess security controls. Which security review process is Gilfoyle engaging in?

Secure Sockets Layer (SSL)

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

True

In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.

Waterfall

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Security Information and Event Management (SIEM)

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Is the security control likely to become obsolete in the near future

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

False

Mandatory vacations minimize risk by rotating employees among various systems or duties.

Service Level Agreement (SLA)

Nakia is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Separation of Duties

Ramonda is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Authorization

Richard is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Project initiation and planning

Shuri is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?

Phishing

T'Challa's organization received a mass email message that attempted to trick vibranium engineers into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?

True

The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.

Punish users who violate policy

What is NOT a goal of information security awareness programs?

Assume that information should be free

What is NOT a good practice for developing strong professional ethics?

An organization should share its information

What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?

system configurations

What is NOT generally a section in an audit report?

IT Infrastructure Library (ITIL)

What is a set of concepts and policies for managing IT infrastructure, development, and operations?

Request, approval, impact assessment, build/test, monitor, implement

What is the correct order of steps in the change control process?

system integrity monitoring

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

Managers should include their responses to the draft report for the final audit report

When should an organization's managers have an opportunity to respond to the findings in an audit?

Report writing

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Memorandum of Understanding (MOU)

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Checklist

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Signature detection

Which intrusion detection system strategy relies upon pattern matching?

Resumes of system administrators

Which item is an auditor least likely to review during a system controls audit?

Laws

Which of the following would NOT be considered in the scope of organizational compliance efforts?

Enforcing the integrity of computer-based information

Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)?

Network Mapping

Which security testing activity uses tools that scan for services running on systems?


Related study sets

Midterm - 12 steps of making bread

View Set

"First Aid- Chapter 12- Injuries to the Extremities"

View Set

Biblical Women in Ancient Israel and Today

View Set

Chapter 9-17 extra credit (Selena Xia)

View Set

Chapter 6 - The Normal Distribution

View Set