SRA221 PreQuiz5

The flashcards below were created by user guntoro on FreezingBlue Flashcards.

  1. 1. A standard is a plan or course of action that conveys instructions from an organization’s senior management to those who make decisions, take actions, and perform other duties.
    False – A Policy is
  2. 2. Quality security programs begin and end with policy.
  3. 3. Each policy should contain procedures and a timetable for periodic review.
  4. 4. A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee’s actions.
    False - company will NOT protect them, and the company is NOT liable
  5. 5. ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.
    False - Rule-based policies are more specific to the operation of a system than ACLs are
  6. 6. To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date.
  7. 7. Failure to develop an information security system based on the organization’s mission, vision, and culture guarantees the failure of the information security program.
  8. 8. Information security safeguards provide two levels of control: managerial and remedial.
    False - Three levels of control: managerial, operational, and technical.
  9. 9. Informational controls guide the development of education, training, and awareness programs for users, administrators, and management.
    False - Operational
  10. 10. Every member of the organization needs a formal degree or certificate in information security.
    False – NOT every member
  11. 11. A disaster recovery plan addresses the preparation for and recovery from a disaster, whether natural or man-made.
  12. 12. Disaster recovery personnel must know their roles without supporting documentation.
  13. 13. The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies.
  14. 14. The vision of an organization is a written statement of an organization’s purpose.
    False – Mission
  15. 15. A(n) integrated information security policy is also known as a general security policy.
    False - enterprise
  16. 16. Policies are living documents that must be managed.
  17. 17. The security blueprint is the basis for the design, selection, and implementation of all security program elements including such things as policy implementation and ongoing policy management.
  18. 18. Technical controls are the tactical and technical implementations of security in the organization.
  19. 19. A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations.
  20. 20. A(n) IR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.
    False - A business continuity (BC) plan
  21. 21. A(n) full backup only archives the files that have been modified that day, and thus requires less space and time than the differential.
    False - Incremental backup
  22. 22. Effective management includes planning and ____.
    a. organizing
    b. leading
    c. controlling
    d. All of the above
    D. All of the above
  23. 23. ____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
    A. Managerial
    B. Operational
    C. Informational
    D. Technical
    A. Managerial
    (this multiple choice question has been scrambled)
  24. 24. A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.
    A. IR
    B. DR
    C. BC
    D. CM
    A. IR
    (this multiple choice question has been scrambled)
  25. 25. The first phase in the development of the contingency planning process is the ____.
    A. BIA
    B. IRP
    C. BRP
    D. DP9
    A. BIA
    (this multiple choice question has been scrambled)
  26. 26. An alert ____ is a document containing contact information for the people to be notified in the event of an incident.
    A. message
    B. roster
    C. plan
    D. list
    B. Roster
    (this multiple choice question has been scrambled)
  27. 27. Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
    A. plan
    B. recovery
    C. evaluation
    D. assessment
    D. Assessment
    (this multiple choice question has been scrambled)
  28. 28. Implementing multiple types of technology and thereby precluding that the failure of one system will compromise the security of information is referred to as ____________________.
  29. 29. A(n) ____________________ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.
  30. 30. Computer ____________________ is the process of collecting, analyzing, and preserving computer-related evidence.
Card Set:
SRA221 PreQuiz5
2014-01-27 02:46:24
SRA221 PreQuiz5

SRA221 PreQuiz5
Show Answers: