SRA111 PreQuiz5

Card Set Information

Author:
guntoro
ID:
247520
Filename:
SRA111 PreQuiz5
Updated:
2013-11-18 10:49:29
Tags:
SRA111 PreQuiz5
Folders:

Description:
SRA111 PreQuiz5
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user guntoro on FreezingBlue Flashcards. What would you like to do?


  1. 1. A standard is a plan or course of action that conveys instructions from an organization’s senior management to those who make decisions, take actions, and perform other duties. (T/F)
    False - Policy
  2. 2. Quality security programs begin and end with policy. (T/F)
    True
  3. 3. The ISSP sets out the requirements that must be met by the information security blueprint or framework. (T/F)
    False - EISP
  4. 4. You can create a single comprehensive ISSP document covering all information security issues. (T/F)
    True
  5. 5. Each policy should contain procedures and a timetable for periodic review. (T/F)
    True
  6. 6. A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee’s actions. (T/F)
    False - company will not protect them
  7. 7. ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly. (T/F)
    False - Rule-based policies are more specific than ACLs
  8. 8. To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date. (T/F)
    True
  9. 9. The policy administrator is responsible for the creation, revision, distribution, and storage of the policy. (T/F)
    True
  10. 10. The security framework is a more detailed version of the security blueprint. (T/F)
    False - The security blueprint is a more detailed version of the security framework
  11. 11. Failure to develop an information security system based on the organization’s mission, vision, and culture guarantees the failure of the information security program. (T/F)
    True
  12. 12. Information security safeguards provide two levels of control: managerial and remedial. (T/F)
    False - 3 levels of control: managerial, operational, and technical
  13. 13. Management controls address the design and implementation of the security planning process and security program management. (T/F)
    True
  14. 14. Informational controls guide the development of education, training, and awareness programs for users, administrators, and management. (T/F)
    False - Operational controls
  15. 15. The gateway router can be used as the front-line defense against attacks, as it can be configured to allow only set types of protocols to enter. (T/F)
    True
  16. 16. Every member of the organization needs a formal degree or certificate in information security. (T/F)
    False - Not every member need formal degree, they need to be trained and made aware of information security
  17. 17. Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely. (T/F)
    True
  18. 18. A disaster recovery plan addresses the preparation for and recovery from a disaster, whether natural or man-made. (T/F)
    True
  19. 19. A cold site provides many of the same services and options of a hot site. (T/F)
    False - Warm Sites provides same services as hot site. Cold sites provides only rudimentary services and facilities
  20. 20. Disaster recovery personnel must know their roles without supporting documentation. (T/F)
    True
  21. 21. Database shadowing only processes a duplicate in real-time data storage but does not duplicate the databases at the remote site. (T/F)
    False - NOT ONLY, also duplicates the database at remote site to multiple servers.
  22. 22. The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies. (T/F)
    True
  23. 23. Strategic planning is the process of moving the organization towards its ____.
    A) standard
    B) mission
    C) vision
    D) policy
    C) vision
    (this multiple choice question has been scrambled)
  24. 24. Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.
    A) de formale
    B) de public
    C) de jure
    D) de facto
    C) de jure
    (this multiple choice question has been scrambled)
  25. 25. A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
    A) blanket
    B) mission
    C) plan
    D) framework
    D) framework
    (this multiple choice question has been scrambled)
  26. 26. Effective management includes planning and ____.
    A) organizing
    B) leading
    C) controlling
    D) all of the above
    D) all of the above
  27. 27. The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
    A) defense
    B) assessment
    C) security
    D) information
    C) security
    (this multiple choice question has been scrambled)
  28. 28. ____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
    A) Informational
    B) Operational
    C) Technical
    D) Managerial
    D) Managerial
    (this multiple choice question has been scrambled)
  29. 29. Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.
    A) firewalls
    B) proxy servers
    C) access controls
    D) all of the above
    D) all of the above
  30. 30. ____ controls address personnel security, physical security, and the protection of production inputs and outputs.
    A) Operational
    B) Managerial
    C) Technical
    D) Informational
    A) Operational
    (this multiple choice question has been scrambled)
  31. 31. Security ____ are the areas of trust within which users can freely communicate.
    A) layers
    B) domains
    C) perimeters
    D) rectangles
    B) domains
    (this multiple choice question has been scrambled)
  32. 32. A buffer against outside attacks is frequently referred to as a(n) ____.
    A) no-man's land
    B) proxy server
    C) DMZ
    D) firewall
    C) DMZ
    (this multiple choice question has been scrambled)
  33. 33. ____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.
    A) Firewall
    B) Network
    C) Domain
    D) Host
    B) Network
    (this multiple choice question has been scrambled)
  34. 34. A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.
    A) BC (Business Continuity)
    B) IR (Incident Response)
    C) CM
    D) DR (Disaster Recovery)
    B) IR (Incident Response)
    (this multiple choice question has been scrambled)
  35. 35. The first phase in the development of the contingency planning process is the ____.
    A) DP9
    B) IRP (Incident Response Planning)
    C) BIA (Business Impact Analysis)
    D) BRP
    C) BIA (Business Impact Analysis)
    (this multiple choice question has been scrambled)
  36. 36. An alert ____ is a document containing contact information for the people to be notified in the event of an incident.
    A) list
    B) message
    C) roster
    D) plan
    C) roster
    (this multiple choice question has been scrambled)
  37. 37. Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
    A) recovery
    B) plan
    C) assessment
    D) evaluation
    C) assessment
    (this multiple choice question has been scrambled)
  38. 38. RAID ____ drives can be hot swapped.
    A) 2
    B) 5
    C) 4
    D) 3
    B) 5
    (this multiple choice question has been scrambled)
  39. 39. A ____ site provides only rudimentary services and facilities.
    A) warm
    B) cool
    C) hot
    D) cold
    D) cold
    (this multiple choice question has been scrambled)
  40. 40. The transfer of large batches of data to an off-site facility is called ____.
    A) remote journaling
    B) security perimter
    C) database shadowing
    D) electronic vaulting
    D) electronic vaulting
    (this multiple choice question has been scrambled)

What would you like to do?

Home > Flashcards > Print Preview