Blitz Practice – Flashcards
Unlock all answers in this set
Unlock answersquestion
______________ is an authorization method in which access to resources is decided by the user's formal status. a. Knowledge b. Decentralized access control c. Authority-level policy d. Physically constrained user interface
answer
c. Authority-level policy
question
____________ is the process of managing changes to computer/device configuration or application software. a. Sprint b. Change control c. Proactive change management d. Procedure control
answer
b. Change control
question
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security _____________ and awareness program. a. Guidelines b. Training c. Environment d. Documentation
answer
b. Training
question
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured. True or False?
answer
True
question
Most often passphrases are used for public and private key authentication. True or False?
answer
True
question
Residual risk is the risk that remains after you have installed countermeasures and controls. True or False?
answer
True
question
Notification, response, recovery and follow-up, and documentation are all components of what process? a. Incident handling b. Corrective control c. Business impact analysis (BIA) d. Countermeasure
answer
a. Incident handling
question
A(n) __________ is a measurable occurrence that has an impact on the business. a. Critical business function b. Corrective control c. Cost d. Event
answer
d. Event
question
The primary task of an organization's ___________ team is to control access to systems or resources. a. Management b. Security administration c. Compliance liaison d. Software development
answer
b. Security administration
question
The term need-to-know refers to a device used as a logon authenticator for remote users of a network. True or False?
answer
False
question
____________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification. a. Smart card b. Relationships c. Need-to-know d. Multi-tenancy
answer
c. Need-to-know
question
What is meant by certification? a. A strategy to minimize risk by rotating employees between various systems or duties b. The formal acceptance by the authorizing official of the risk of implementing the system c. A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies d. The technical evaluation of a system to provide assurance that you have implemented the system correctly
answer
d. The technical evaluation of a system to provide assurance that you have implemented the system correctly
question
A security awareness program includes _____________. a. Motivating users to comply with security policies b. Informing users about trends and threats in society c. Teaching employees about security objectives d. All of the above
answer
d. All of the above
question
Among common recovery location options, this is one that can take over operation quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data. a. Hot site b. Alternate processing center c. Warm site d. Cold site
answer
a. Hot site
question
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems. a. Physical access control b. authentication c. Event-based synchronous system d. Security kernel
answer
d. Security kernel
question
A time-based synchronization system is a mechanism that limits access to computer systems and network resources. True or False?
answer
False
question
The ____________ team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event. a. Management b. Compliance liaison c. IT Group d. Security administration
answer
d. Security administration