Please enter something
Home Page Science Medicine Health Computing Disaster Recovery Plan Information Security Chapter 5 - Flashcards

Information Security Chapter 5 – Flashcards

Jacob Patel
8 July 2022
105 test answers

Unlock all answers in this set

Unlock answers 105
question
A firewall can be a single device or a firewall extranet, which consists of multiple firewalls creating a buffer between the outside and inside networks.
answer
False
question
A(n) full backup only archives the files that have been modified that day, and thus requires less space and time than the differential.
answer
False
question
A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations.
answer
True
question
NIST documents can assist in the design of a security framework.
answer
True
question
The security framework is a more detailed version of the security blueprint.
answer
False
Unlock the answer
question
Technical controls are the tactical and technical implementations of security in the organization.
answer
True
Unlock the answer
question
A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.
answer
False
Unlock the answer
question
ISO/IEC 17799 is more useful than any other information security management approach.
answer
False
Unlock the answer
question
The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies.
answer
True
Unlock the answer
question
Quality security programs begin and end with policy.
answer
True
Unlock the answer
question
A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions.
answer
False
Unlock the answer
question
A disaster recovery plan addresses the preparation for and recovery from a disaster, whether natural or man-made.
answer
True
Unlock the answer
question
Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks.
answer
True
Unlock the answer
question
Proxy servers can temporarily store a frequently visited Web page, and thus are sometimes called demilitarized servers.
answer
False
Unlock the answer
question
NIST 800-14, The Principles for Securing Information Technology Systems, provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size.
answer
False
Unlock the answer
question
A cold site provides many of the same services and options of a hot site.
answer
False
Unlock the answer
question
ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.
answer
False
Unlock the answer
question
Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator.
answer
True
Unlock the answer
question
NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans.
answer
True
Unlock the answer
question
A service bureau is an agency that provides a service for a fee.
answer
True
Unlock the answer
question
The Federal Agency Security Practices (FASP) site is a popular place to look up best practices.
answer
True
Unlock the answer
question
A standard is a plan or course of action that conveys instructions from an organization's senior management to those who make decisions, take actions, and perform other duties.
answer
False
Unlock the answer
question
Failure to develop an information security system based on the organization's mission, vision, and culture guarantees the failure of the information security program.
answer
True
Unlock the answer
question
One of the basic tenets of security architectures is the layered implementation of security, which is called defense in layers.
answer
False
Unlock the answer
question
A(n) integrated information security policy is also known as a general security policy.
answer
False
Unlock the answer
question
Each policy should contain procedures and a timetable for periodic review.
answer
True
Unlock the answer
question
A(n) IR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.
answer
False
Unlock the answer
question
Additional redundancy to RAID can be provided by mirroring entire servers called redundant servers or server fault tolerance.
answer
True
Unlock the answer
question
Disaster recovery personnel must know their roles without supporting documentation.
answer
True
Unlock the answer
question
A(n) honeynet is usually a computing device or a specially configured computer that allows or prevents access to a defined area based on a set of rules.
answer
False
Unlock the answer
question
Every member of the organization needs a formal degree or certificate in information security.
answer
False
Unlock the answer
question
Informational controls guide the development of education, training, and awareness programs for users, administrators, and management.
answer
False
Unlock the answer
question
Management controls address the design and implementation of the security planning process and security program management.
answer
True
Unlock the answer
question
Database shadowing only processes a duplicate in real-time data storage but does not duplicate the databases at the remote site.
answer
False
Unlock the answer
question
The gateway router can be used as the front-line defense against attacks, as it can be configured to allow only set types of protocols to enter.
answer
True
Unlock the answer
question
Laws are more detailed statements of what must be done to comply with policy.
answer
False
Unlock the answer
question
Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.
answer
True
Unlock the answer
question
Host-based IDPSs are usually installed on the machines they protect to monitor the status of various files stored on those machines.
answer
True
Unlock the answer
question
Within security perimeters the organization can establish security circles.
answer
False
Unlock the answer
question
The global information security community has universally agreed with the justification for the code of practices as identified in the ISO/IEC 17799.
answer
False
Unlock the answer
question
You can create a single comprehensive ISSP document covering all information security issues.
answer
True
Unlock the answer
question
The Security Area Working Group endorses ISO/IEC 17799.
answer
False
Unlock the answer
question
The standard should begin with a clear statement of purpose.
answer
False
Unlock the answer
question
To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date.
answer
True
Unlock the answer
question
Some policies may also need a(n) sunset clause indicating their expiration date.
answer
True
Unlock the answer
question
The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.
answer
True
Unlock the answer
question
The vision of an organization is a written statement of an organization's purpose.
answer
False
Unlock the answer
question
A(n) capability table specifies which subjects and objects users or groups can access.
answer
True
Unlock the answer
question
Information security safeguards provide two levels of control: managerial and remedial.
answer
False
Unlock the answer
question
Policies are living documents that must be managed.
answer
True
Unlock the answer
question
SP 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, must be customized to fit the particular needs of a(n) organization.
answer
True
Unlock the answer
question
A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people.
answer
False
Unlock the answer
question
The ISSP sets out the requirements that must be met by the information security blueprint or framework.
answer
False
Unlock the answer
question
The security blueprint is the basis for the design, selection, and implementation of all security program elements including such things as policy implementation and ongoing policy management.
answer
True
Unlock the answer
question
Systems-specific security policies are formalized as written documents readily identifiable as policy.
answer
False
Unlock the answer
question
Strategic planning is the process of moving the organization towards its ____.
answer
Vision
Unlock the answer
question
The ____________________ of an organization is a written statement about the organization's goals answering the question of where the organization will be in five years.
answer
Vision
Unlock the answer
question
Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
answer
Assessment
Unlock the answer
question
Effective management includes planning and ____.
answer
Controlling Organizing and Leading
Unlock the answer
question
The transfer of live transactions to an off-site facility is called ____________________.
answer
Remote Journaling
Unlock the answer
question
The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.
answer
EISP
Unlock the answer
question
A(n) ____________________ server performs actions on behalf of another system.
answer
Proxy
Unlock the answer
question
What country adopted ISO/IEC 17799?
answer
Britain
Unlock the answer
question
The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
answer
Security
Unlock the answer
question
A(n) ____________________ is a contract between two or more organizations that specifies how each will assist the other in the event of a disaster.
answer
Mutual Agreement
Unlock the answer
question
____ controls address personnel security, physical security, and the protection of production inputs and outputs.
answer
Operational
Unlock the answer
question
A(n) ____________________ is a plan or course of action that conveys instructions from an organization's senior management to those who make decisions, take actions, and perform other duties.
answer
Policy
Unlock the answer
question
Computer ____________________ is the process of collecting, analyzing, and preserving computer-related evidence.
answer
Forensics
Unlock the answer
question
A ____ site provides only rudimentary services and facilities.
answer
Cold
Unlock the answer
question
A(n) ____________________ is a detailed examination of the events that occurred from first detection to final recovery.
answer
AAR or After- Action Review
Unlock the answer
question
A(n) ____________________ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
answer
Incident
Unlock the answer
question
Security ____ are the areas of trust within which users can freely communicate.
answer
Domains
Unlock the answer
question
The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.
answer
CISO
Unlock the answer
question
____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
answer
Managerial
Unlock the answer
question
RAID ____ drives can be hot swapped.
answer
5
Unlock the answer
question
The transfer of large batches of data to an off-site facility is called ____.
answer
Electronic Vaulting
Unlock the answer
question
The first phase in the development of the contingency planning process is the ____.
answer
BIA
Unlock the answer
question
The policy champion and manager is called the policy ____________________.
answer
Administrator
Unlock the answer
question
Implementing multiple types of technology and thereby precluding that the failure of one system will compromise the security of information is referred to as ____________________.
answer
Redundancy
Unlock the answer
question
An attack ____________________ is a detailed description of the activities that occur during an attack.
answer
Profile
Unlock the answer
question
A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
answer
Framework
Unlock the answer
question
Incident ____________________ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets.
answer
Response
Unlock the answer
question
The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____.
answer
IETF
Unlock the answer
question
A buffer against outside attacks is frequently referred to as a(n) ____.
answer
DMZ
Unlock the answer
question
____________________ controls are security processes that are designed by strategic planners and implemented by the security administration of the organization.
answer
Managerial
Unlock the answer
question
A(n) ____________________ backup is the storage of all files that have changed or been added since the last full backup.
answer
Differential
Unlock the answer
question
____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.
answer
Network
Unlock the answer
question
An alert ____ is a document containing contact information for the people to be notified in the event of an incident.
answer
Roster
Unlock the answer
question
A(n) ____________________ site is a fully configured computer facility, with all services, communications links, and physical plant operations including heating and air conditioning.
answer
Hot
Unlock the answer
question
A(n) ____________________ message is a scripted description of an incident, usually just enough information so that each individual knows what portion of the IR plan to implement, and not enough to slow down the notification process.
answer
Alert
Unlock the answer
question
Some policies may need a(n) ____________________ indicating their expiration date.
answer
Sunset Clause
Unlock the answer
question
A(n) ____________________ is a device that selectively discriminates against information flowing into or out of the organization.
answer
Firewall
Unlock the answer
question
____________________-specific security policies often function as standards or procedures to be used when configuring or maintaining systems.
answer
Systems
Unlock the answer
question
The stated purpose of ____ is to "give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization."
answer
ISO/IEC 27002
Unlock the answer
question
The security ____________________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
answer
Framework
Unlock the answer
question
Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.
answer
De jure
Unlock the answer
question
A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.
answer
IR
Unlock the answer
question
Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.
answer
Access Controls Firewalls and Proxy servers
Unlock the answer
question
A(n) _________________________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.
answer
Business Continuity
Unlock the answer
question
____ often function as standards or procedures to be used when configuring or maintaining systems.
answer
SysSPs
Unlock the answer
question
Incident ____________________ is the process of examining a potential incident, or incident candidate, and determining whether or not the candidate constitutes an actual incident.
answer
Classification
Unlock the answer
question
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____.
answer
Blueprint
Unlock the answer
question
A security ____________________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world.
answer
Perimeter
Unlock the answer
question
RAID Level 1 is commonly called disk ____________________.
answer
Mirroring
Unlock the answer
question
The actions taken during and after a disaster are referred to as ____________________ management.
answer
Crisis
Unlock the answer
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New
Get unstuck with AI assistant right now
  • Enter your topic/question
  • Receive an explanation
Pro tips to get quality response
  • Ask one question at a time
  • Enter a specific assignment topic
  • Aim at least 500 characters
Question
What is the right structure for an essay
Answer
A paragraph is a related group of sentences that develops one main idea. Each paragraph in the body of the essay should contain:
  • a topic sentence that states the main or controlling idea
  • supporting sentences to explain and develop the point you’re making
  • evidence from your reading or an example from the subject area that supports your point
  • analysis of the implication/significance/impact of the evidence finished off with a critical conclusion you have drawn from the evidence.