CompTIA: Security+ Chapter 14 Test

question

guideline
answer

A collection of suggestions that should be implemented are referred to as a: -Security Policy -Baseline -Guideline -Security Procedure
question

values
answer

A person’s fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person’s: -Morals -Values -Ethics -Standards
question

security policy
answer

A written document that states how an organization plans to protect the company’s information technology assets is a: -Security Policy -Guideline -Security Procedure -Standard
question

change management team (CMT)
answer

Due to the potential impact of changes that can affect all users in a organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes? -Change Management Team (CMT) -Incident Response Team (IRT) -Security Control Team (SCT) -Compliance Team (CT)
question

acceptable use policies
answer

Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment? -Acceptable Use Policies -Encryption Policies -Data Loss Policies -VPN Policies
question

bittorrent
answer

​What is the most common type of P2P network? -Kazaa -Bittorrent -eDonkey -Sneakernet
question

security-related human resource policy
answer

Policies that include statements regarding how an employee’s information technology resources will be addressed are part of a: -VPN Policy -Acceptable Use Policy -Security-Related Human Resource Policy -Technical Policy
question

A document that outlines specific requirements or rules that must be met
answer

Select below the option that best describes a policy: -A collection of requirements specific to the system or procedure that must be met by everyone -A collection of suggestions that should be implemented -A list of all items that have a positive economic value -A document that outlines specific requirements or rules that must be met
question

social networking
answer

Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites? -social networking -social engineering -social management -social control
question

morals
answer

What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called? -Morals -Ethics -Standards -Morays
question

ethics
answer

What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments? -Values -Morals -Ethics -Standards
question

risk
answer

What concept below is at the very heart of information security? -threat -mitigation -risk -management
question

incident management
answer

What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization? -Incident reporting -Incident management -incident handling -incident planning
question

visual
answer

What kind of learners learn from taking notes, being at the front of the class, and watching presentations? -Kinesthetic -Auditory -Spatial -Visual
question

privacy
answer

What kind of policy outlines how organizations use personal information it collects? -VPN -network -encryption -privacy
question

incident response
answer

What may be defined as the components required to identify, analyze, and contain an incident? -Vulnerability response -Incident response -Risk response -Threat response
question

kinesthetic
answer

What type of learner learns best through hands-on approaches? -Visual -Auditory -Kinesthetic -Spatial
question

auditory
answer

What type of learner tends to sit in the middle of the class and learns best through lectures and discussions? -Visual -Auditory -Kinesthetic -Spatial
question

andragogical
answer

Which term below describes the art of helping an adult learn? -andragogical -pedagogical -deontological -metagogical
question

P2P
answer

Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server? -Peer -Client-server -P2P -Share
question

incident management
answer

The “framework” and functions required to enable inident response and incident handling within an organization.​
question

operational risk control type
answer

Risk control type that covers the operational procedures to limit risk​
question

technical risk control type
answer

​A risk control type that involves using technology to control risk
question

change management
answer

A methodology for making modifications to a system and keeping track of those changes.​
question

single loss expectancy (SLE)
answer

​The expected monetary loss every time a risk occurs.
question

privacy policy
answer

A security policy that outlines how the organization uses personal information it collects.​
question

false negative
answer

​An event that in the beginning is considered to be a risk yet turns out to not be one.
question

acceptable use policy (AUP)
answer

​A policy that defines the actions users may perform while access systems and networking equipment
question

peer-to-peer network
answer

​A network that does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network.
question

false negative
answer

​An event that does not appear to be a risk but actually turns out to be one.
question

False
answer

(T/F) A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.
question

True
answer

(T/F) Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.
question

True
answer

(T/F) Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
question

True
answer

(T/F) The first phase of the security policy cycle involves a vulnerability assessment.
question

True
answer

(T/F) The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the users.
question

standard
answer

A(n) ____________________ is a collection of requirements specific to the system or procedure that must be met by everyone.
question

audit
answer

A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.
question

pedagogical
answer

Most people are taught using a(n) ____________________ approach.
question

change management
answer

____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
question

principles
answer

When designing a security policy, many organizations follow a standard set of ____________________.

Get instant access to
all materials

Become a Member