User Account

All Pages

A primary function of information security management

Assignment Help Other Subject
Reference no: EM131594137

Question 1
The macro virus infects the key operating system files located in a computer's start up sector.
Question 1 options:
True
False

Question 2
Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?
Question 2 options:
Projects
Policy
Protection
People

Question 3
Which of the following is NOT a primary function of Information Security Management?
Question 3 options:
Projects
Performance
Planning
Protection

Question 4
According to the C.I.A. triad, which of the following is a desirable characteristic for computer security?
Question 4 options:
Authentication
Authorization
Availability
Accountability

Question 5
Which of the following is NOT a step in the problem-solving process?
Question 5 options:
Gather facts and make assumptions
Select, implement and evaluate a solution
Analyze and compare possible solutions
Build support among management for the candidate solution

Question 6
A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
Question 6 options:
True
False

Question 7
"Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance.
Question 7 options:
True
False

Question 8
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus __________.
Question 8 options:
hoaxes
polymorphisms
false alarms
urban legends

Question 9
The first step in solving problems is to gather facts and make assumptions.
Question 9 options:
True
False

Question 10
Blackmail threat of informational disclosure is an example of which threat category?
Question 10 options:
Compromises of intellectual property
Espionage or trespass
Information extortion
Sabotage or vandalism

Question 11
Which of the following is the best example of a rapid-onset disaster?
Question 11 options:
Famine
Environmental degradation
Flood
Pest infestation

Question 12
Which type of document grants formal permission for an investigation to occur?
Question 12 options:
Forensic concurrence
Affidavit
Evidentiary report
Search warrant

Question 13
In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?
Question 13 options:
Structured walk-through
Desk check
Parallel testing
Simulation

Question 14
ISO 27014:2013 is the ISO 27000 series standard for __________.
Question 14 options:
information security management
policy management
governance of information security
risk management

Question 15
Which document must be changed when evidence changes hands or is stored?
Question 15 options:
Affidavit
Search warrant
Evidentiary material
Chain of custody

Question 16
Which of the following allows investigators to determine what happened by examining the results of an event-criminal, natural, intentional, or accidental?
Question 16 options:
Forensics
E-discovery
Digital malfeasance
Evidentiary procedures

Question 17
Individuals who control, and are therefore responsible for, the security and use of a particular set of information are known as __________.
Question 17 options:
data users
data generators
data owners
data custodians

Question 18
What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?
Question 18 options:
Identify resource requirements
Identify recovery priorities for system resources
Determine mission/business processes and recovery criticality
Identify business processes

Question 19
Which level of planning breaks down each applicable strategic goal into a series of incremental objectives?
Question 19 options:
Operational
Strategic
Organizational
Tactical

Question 20
Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event?
Question 20 options:
Risk management
Contingency planning
Disaster readiness
Module 3
Business response
Question 21
Which of the following are instructional codes that guide the execution of the system when information
Question 21 options:
configuration rules
user profiles
access control lists
capability tables

Question 22
A detailed outline of the scope of the policy development project is created during which phase of the SecSDLC?
Question 22 options:
Analysis
Implementation
Design
Investigation

Question 23
In addition to specifying the penalties for unacceptable behavior, what else must a policy specify?
Question 23 options:
The proper operation of equipment
What must be done to comply
Legal recourse
Appeals process

Question 24
Which of the following is NOT a step in the process of implementing training?
Question 24 options:
Motivate management and employees
Administer the program
Identify target audiences
Hire expert consultants

Question 25
Which of the following is an element of the enterprise information security policy?
Question 25 options:
Information on the structure of the InfoSec organization
Access control lists
Articulation of the organization's SDLC methodology
Indemnification of the organization against liability

Question 26
Which of the following is the most cost-effective method for disseminating security information and news to employees?
Question 26 options:
Security-themed Web site
Distance learning seminars
Conference calls
Security newsletter

Question 27
Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?
Question 27 options:
Enterprise information security policy
User-specific security policies
System-specific security policies
Issue-specific security policies

Question 28
Which of the following would be responsible for configuring firewalls and IDPSs, implementing security software, and diagnosing and troubleshooting problems?
Question 28 options:
A security analyst
The security manager
A security technician
A security consultant

Question 29
Which policy is the highest level of policy and is usually created first?
Question 29 options:
USSP
ISSP
EISP
SysSP

Question 30
Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation?
Question 30 options:
Centralized authentication
Policy
Risk management
Compliance/audit

Previous PageNext Page
Question 31
Which of the following is the primary purpose of ISO/IEC 27001:2005?
Question 31 options:
Use within an organization to ensure compliance with laws and regulations
Use within an organization to formulate security requirements and objectives
Implementation of business-enabling information security
To enable organizations that adopt it to obtain certification

Question 32
Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?
Question 32 options:
Bell-LaPadula
ITSEC
TCSEC
Common Criteria

Question 33
Under the Common Criteria, which term describes the user-generated specifications for security requirements?
Question 33 options:
Security Functional Requirements (SFRs)
Security Target (ST)
Protection Profile (PP)
Target of Evaluation (ToE)

Question 34
Which type of access controls can be role-based or task-based?
Question 34 options:
Nondiscretionary
Constrained
Discretionary
Content-dependent

Question 35
Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?
Question 35 options:
Need-to-know
Separation of duties
Eyes only
Least privilege

Question 36
The InfoSec measurement development process recommended by NIST is is divided into two major activities. Which of the following is one of them?
Question 36 options:
Identification and definition of the current InfoSec program
Regularly monitor and test networks
Compare organizational practices against organizations of similar characteristics
Maintain a vulnerability management program

Question 37
Which piece of the Trusted Computing Base's security system manages access controls?
Question 37 options:
Trusted computing base
Verification module
Covert channel
Reference monitor

Question 38
Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?
Question 38 options:
Legal liability
Baselining
Certification revocation
Competitive disadvantage

Question 39
Which access control principle limits a user's access to the specific information required to perform the currently assigned task?
Question 39 options:
Need-to-know
Eyes only
Least privilege
Separation of duties

Question 40
Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle?
Question 40 options:
Task-based access controls
Discretionary access controls
Sensitivity levels
Security clearances

Reference no: EM131594137

Questions Cloud

Discuss four basic models of correcting juvenile delinquency : Briefly discuss each of the four basic models of correcting juvenile delinquency. Explain which model is best from the perspective of society.
Create a hypothetical social media policy statement : Create a hypothetical social media policy statement for a fictitious company. Provide contextual background explaining why a social media policy is needed.
Analyze some of the risks and problems associated with jail : Analyze some of the risks and problems associated with the jail and/or prison incarceration of persons suffering from major mental illness.
Type of on-the-job self-management : This approach seems to be of obvious benefit to companies; so, why do you think this type of on-the-job self-management is not more prevalent?
A primary function of information security management : Which access control principle limits a user's access to the specific information required to perform the currently assigned task?
Define court proceedings and the correctional system : Analyze both the court system's likely view on the accused's rights, as well as the court system's likely treatment of the defendant during trial proceedings
Microsoft visual basic 2015 shelly cashman series : The following are the minimal requirements to complete each lab assignment.
Discuss the gram-schmidt orthogonaizatlon process : In Exercises, use the given non orthogonal basis for vectors in R3 to find an equivalent orthogonal basis by means of the Gram-Schmidt orthogonaizatlon.
My favorite daily deals web sites : Your page should contain the heading "My Favorite Daily Deals Web Sites."

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd