Blitz Practice – Flashcards

______________ is an authorization method in which access to resources is decided by the user's formal status. a. Knowledge b. Decentralized access control c. Authority-level policy d. Physically constrained user interface

____________ is the process of managing changes to computer/device configuration or application software. a. Sprint b. Change control c. Proactive change management d. Procedure control

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security _____________ and awareness program. a. Guidelines b. Training c. Environment d. Documentation

An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured. True or False?

Most often passphrases are used for public and private key authentication. True or False?

Residual risk is the risk that remains after you have installed countermeasures and controls. True or False?

Notification, response, recovery and follow-up, and documentation are all components of what process? a. Incident handling b. Corrective control c. Business impact analysis (BIA) d. Countermeasure

A(n) __________ is a measurable occurrence that has an impact on the business. a. Critical business function b. Corrective control c. Cost d. Event

The primary task of an organization's ___________ team is to control access to systems or resources. a. Management b. Security administration c. Compliance liaison d. Software development

The term need-to-know refers to a device used as a logon authenticator for remote users of a network. True or False?

____________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification. a. Smart card b. Relationships c. Need-to-know d. Multi-tenancy

What is meant by certification? a. A strategy to minimize risk by rotating employees between various systems or duties b. The formal acceptance by the authorizing official of the risk of implementing the system c. A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies d. The technical evaluation of a system to provide assurance that you have implemented the system correctly

A security awareness program includes _____________. a. Motivating users to comply with security policies b. Informing users about trends and threats in society c. Teaching employees about security objectives d. All of the above

Among common recovery location options, this is one that can take over operation quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data. a. Hot site b. Alternate processing center c. Warm site d. Cold site

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems. a. Physical access control b. authentication c. Event-based synchronous system d. Security kernel

A time-based synchronization system is a mechanism that limits access to computer systems and network resources. True or False?

The ____________ team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event. a. Management b. Compliance liaison c. IT Group d. Security administration