Chapter 6 (Test 2) – Flashcards

Unlock all answers in this set

Unlock answers
question
Which of the following is the definition of system owner? a. The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO b. A benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products c. Fixing something that is broken or defective, such as by addressing or removing vulnerabilities d. The individual or team responsible for performing the security test and evaluation for the system, and for preparing the report for the AO on the risk of operating the system
answer
a. The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO
question
Enacting changes in response to reported problems is called _______. a. Change control b. Reactive change management c. Compliance liaison d. Job rotation
answer
b. Reactive change management
question
_________ ensures that any changes to a production system are tested, documented, and approved. a. Change control b. Classification c. Compliance d. Configuration control
answer
a. Change control
question
Your organization's ______________ sets the tone for how you approach related activities. a. Guidelines b. Security policy c. Assets d. Configuration
answer
b. Security policy
question
A security awareness program includes _______________. a. Motivating users to comply with security policies b. Informing users about trends and threats in society c. Teaching employees about security objectives d. All of the above
answer
d. All of the above
question
When an information security breach occurs in your organization, a ____________ helps determine what happened to the system and when. a. Security event log b. Security policy c. Baseline d. Functional policy
answer
a. Security event log
question
The term guideline refers to a group that oversees all proposed changes to systems and networks. True or False?
answer
False
question
The term remediation refers to fixing something before it is broken, defective, or vulnerable. True or False?
answer
True
question
Your organization's ____________ sets the tone for how you approach related activities. a. Configuration b. Security policy c. Assets d. Guidelines
answer
b. Security policy
question
When an information security breach occurs in your organization, a ___________ helps determine what happened to the system and when. a. Functional policy b. Security event log c. Security policy d. Baseline
answer
b. Security event log
question
What is meant by authorizing official (AO)? a. The process of managing changes to computer/device configuration or application software b. An individual to enact changes in response to reported problems c. A senior manager who reviews a certification report and makes the decision to approve the system for implementation d. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
answer
c. A senior manager who reviews a certification report and makes the decision to approve the system for implementation
question
When security seems to get in the way of an employee's productivity, they'll often bypass security measures to complete their work more quickly. True or False?
answer
True
question
The process of managing the baseline settings of a system device is called ___________. a. Guideline b. Configuration control c. Baseline d. Sprint
answer
b. Configuration control
question
A security awareness program includes ______________. a. Teaching employees about security objectives b. Informing users about trends and threats in society c. Motivating users to comply with security policies d. All of the above
answer
d. All of the above
question
Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software. True or False?
answer
True
question
System owners are in control of data classification. True or False?
answer
False
question
For all the technical solutions you can advise to secure your systems, the ___________ remains your greatest challenge. a. Administration b. Certifier c. Regulations d. Human element
answer
d. Human element
question
___________ ensures that any changes to a production system are tested, documented, and approved. a. Classification b. Change control c. Configuration control d. Compliance
answer
b. Change control
question
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system? a. Compliance liaison b. Remediation c. System owners d. Certifier
answer
d. Certifier
question
An organization must comply with rules on two levels: regulatory compliance and organizational compliance. True or False?
answer
True
question
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules? a. Agile development b. Waterfall model c. Baseline d. Sprint
answer
a. Agile development
question
The process of managing the baseline settings of a system device is the definition of configuration control. True or False?
answer
True
question
Organizations should train employees on security, and that training should be repeated at specified intervals. True or False?
answer
True
question
What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective? a. Security administration b. Proactive change management c. Authorizing official (AO) d. Procedure
answer
d. Procedure
question
____________ is the process of managing changes to computer/device configuration or application software. a. Procedure control b. Change control c. Sprint d. Proactive change management
answer
b. Change control
question
One of the most popular types of attacks on computer systems involves _______________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks. a. The World Wide Web b. Social engineering c. Worms d. Cloud computing
answer
b. Social engineering
question
The process of managing the baseline settings of a system device is the definition of configuration control. True or False?
answer
True
question
From the perspective of a ____________ professional, configuration management evaluates the impact a modification might have on security. a. Security b. Administration c. Management d. IT
answer
a. Security
question
Enacting changes in response to reported problems is called _____________. a. Reactive change management b. Compliance liaison c. Change control d. Job rotation
answer
a. Reactive change management
question
Initiating changes to avoid expected problems is the definition of proactive change management. True or False?
answer
True
question
What is meant by standard? a. The formal acceptance by the authorizing official of the risk of implementing the system b. A benchmark used to make sure that a system provides a minimum level of security across multiple application and across different products c. Recorded information from system events that describes security-related activity d. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
answer
d. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
question
Accreditation is management's formal acceptance of risk and their permission to implement. True or False?
answer
True
question
The term guideline refers to a group that oversees all proposed changes to systems and networks. True or False?
answer
False
question
The term functional policy describes a statement of an organization's management direction for security in such specific functional areas as e-mail, remote access, and internet surfing. True or False?
answer
True
question
An organization must comply with two rules: regulatory compliance and organizational compliance. True or False?
answer
True
question
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security _____________. a. Training b. Documentation c. Guidelines d. Environment
answer
a. Training
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New