Flashcards and Answers – Chapter 14
Unlock all answers in this set
Unlock answersquestion
A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.
answer
audit
question
What kind of policy outlines how organizations use personal information it collects? a. network b. privacy c. VPN d. encryption
answer
privacy
question
Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment? a. Acceptable use policies b. Data loss policies c. Encryption policies d. VPN policies
answer
Acceptable use policies
question
A written document that states how an organization plans to protect the company's information technology assets is a: a. security procedure b. standard c. guideline d. security policy
answer
security policy
question
What type of learner learns best through hands-on approaches? a. Kinesthetic b. Auditory c. Spatial d. Visual
answer
Kinesthetic
question
____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
answer
Change management
question
A person's fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person's: a. Ethics b. Values c. Standards d. Morals
answer
Values
question
Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability. (T/F)
answer
True
question
What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization? a. Incident handling b. Incident planning c. Incident reporting d. Incident management
answer
Incident management
question
Policies that include statements regarding how an employee's information technology resources will be addressed are part of a: a. technical policy b. security-related human resource policy c. acceptable use policy d. VPN policy
answer
security-related human resource policy.
question
Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites? a. social engineering b. social management c. social control d. social networking
answer
social networking
question
What is the most common type of P2P network? a. BitTorrent b. eDonkey c. Kazaa d. Sneakemet
answer
Bittorrent
question
Select below the option that best describes a policy: a. A document that outlines specific requirements or rules that must be me. b. A collection of requirements specific to the system or procedure that must be met by everyone c. A list of all items that have a positive economic value d. A collection of suggestions that should be implemented.
answer
A document that outlines specific requirements or rules that must be met
question
What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments? a. Ethics b. Morals c. Standards d. Values
answer
Ethics
question
A(n) ____________________ is a collection of requirements specific to the system or procedure that must be met by everyone.
answer
standard
question
Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server? a. P2P b. Peer c. Client-server d. Share
answer
P2P
question
Which term below describes the art of helping an adult learn? a. metagogical b. deontological c. pedagogical d. andragogical
answer
andragogical
question
What kind of learners learn from taking notes, being at the front of the class, and watching presentations? a. Visual b. Kinesthetic c. Auditory d. Spatial
answer
Visual
question
What type of learner tends to sit in the middle of the class and learns best through lectures and discussions? a. Visual b. Auditory c. Spatial d. Kinesthetic
answer
Auditory
question
What may be defined as the components required to identify, analyze, and contain an incident? a. Incident response b. Threat response c. Vulnerability response d. Risk response
answer
Incident response
question
The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the users. (T/F)
answer
True
question
Due to the potential impact of changes that can affect all users in a organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes? a. change management team b. compliance team c. incident response team d. security control team
answer
change management team
question
A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment. (T/F)
answer
False
question
The first phase of the security policy cycle involves a vulnerability assessment. (T/F)
answer
True
question
What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called? a. Ethics b. Standards c. Morays d. Morals
answer
Morals
question
When designing a security policy, many organizations follow a standard set of ____________________.
answer
principles
question
The "framework" and functions required to enable incident response and incident handling within an organization.
answer
Incident management
question
Risk control type that covers the operational procedures to limit risk
answer
Operational risk control type
question
A risk control type that involves using technology to control risk
answer
Technical risk control type
question
A methodology for making modifications to a system and keeping track of those changes
answer
Change management
question
The expected monetary loss every time a risk occurs
answer
Single Loss Expectancy (SLE)
question
A security policy that outlines how the organization uses personal information it collects.
answer
Privacy policy
question
An event that in the beginning is considered to be a risk yet turns out to not be one
answer
False positive
question
A policy that defines the actions users may perform while access systems and networking equipment
answer
Acceptable use policy (AUP)
question
A network that does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network.
answer
Peer-topeer network
question
An event that does not appear to be a risk but actually turns out to be one
answer
False negative
question
Most organizations follow a three-phase cycle in the development and maintenance of a security policy. (T/F)
answer
True
question
What concept below is at the very heart of information security? a. mitigation b. risk c. threat d. management
answer
risk
question
Most people are taught using a(n) ____________________ approach.
answer
pedagogical
question
A collection of suggestions that should be implemented are referred to as a: a. security policy b. baseline c. security procedure d. guideline
answer
guideline
