Answered You can hire a professional tutor to get the answer.

QUESTION

Chapter 3 Operational/Organizational Security 1. What are the four steps that make up the policy life cycle?

Chapter 3 Operational/Organizational Security

1. What are the four steps that make up the policy life cycle?

• A. policies

• B. procedures

• C. standards

• D. guidelines

2. Which term describes a method to check the security of a system by simulating an attack by a malicious individual?

• A. Vulnerability assessment

• B. Penetration test

• C. Due diligence

• D. Due care

3. Which type of classification includes categories such as High, Medium, Low, Confidential, Private, and Public?

• A. Human resources classification

• B. Acceptable use classification

• C. Change management classification

• D. Information classification

4. Which term refers to ensuring each individual in the organization is supplied with only the absolute minimum amount of information and privileges they need to perform their work tasks?

• A. Need to know

• B. Defense in depth

• C. Exception handling

• D. Economy of mechanism

5. What is a leading cause of account hijacking?

• A. Improper use and/or control over passwords

• B. Ineffective data classification programs

• C. Ineffective service level agreements

• D. A business partnership agreement (BPA)

6. Which term refers to a security principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone?

• A. Due diligence

• B. Separation of duties

• C. Defense in depth

• D. Least privilege

7. Which term is concerned with guaranteeing fundamental fairness, justice and liberty in relation to an individual's legal rights

• A. Due diligence

• B. Due care

• C. Due process

• D. Acceptable use

8. Who is responsible for defining data handling characteristics?

• A. The system owner

• B. The data owner

• C. Executive users

• D. Privileged users

9. Which term refers to contractual agreements between entities that describe specified levels of service that the servicing entity agrees to guarantee for the customer?

• A. Business partnership agreement (BPA)

• B. Interconnection security agreement (ISA)

• C. Service level agreement (SLA)

• D. Memorandum of understanding (MOU)

10. Which document lays out a uniform set of rules associated with partnerships to resolve any partnership terms?

• A. Memorandum of understanding (MOU)

• B. Uniform Partnership Act (UPA)

• C. Interconnection security agreement (ISA)

• D. Service level agreement (SLA)

11. Which term refers to the security perimeter, with its several layers of security, along with additional security mechanisms that may be implemented on a system (such as user IDs/passwords)?

• A. Defense-in-depth

• B. Peer-to-peer communication

• C. Public switched telephone network (PSTN)

• D. Client-server communication

12. Which term eliminates the traditional land lines in an organization and replaces them with special telephones that connect to the IP data network?

• A. Voice over IP (VoIP)

• B. Peer-to-peer communication

• C. Client-server communication

• D. Public switched telephone network (PSTN)

TRUE / FALSE

13. (p. 48) Generally, policies should be updated more frequently than the procedures that implement them.

14. (p. 49) Data requires a data owner.

15. (p. 53) Password length is critical to password-based security

16. (p. 67) Nondisclosure agreements (NDAs) are frequently used to delineate the level and type of information, and with whom it can be shared.

17. (p. 68) An intrusion detection system (IDS) is often part of the security perimeter for an organization.

Show more
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question