Questions
ayuda
option
My Daypo

ERASED TEST, YOU MAY BE INTERESTED ONInfo sec part 2

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
Info sec part 2

Description:
INFO SEC TEST 2

Author:
AVATAR

Creation Date:
14/03/2021

Category:
Others

Number of questions: 113
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
The organization must be able to demonstrate that the policy has been uniformly enforced- regardless of employee status or assignment. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
Written instructions provided by management that inform employees and others in the workplace about proper behavior regarding the use of information and information assets. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
Specifications of authorization that govern the rights and privileges of users to a particular information asset Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
An integration of access control lists (focusing on assets) and capability tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
Lattice-based access control with rows of attributes associated with a particular subject (such as a user). Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
Configuring firewalls- intrusion detection and prevention systems (IDPSs)- and proxy servers—use specific configuration scripts that represent the configuration rule policy Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
A framework or security model customized to an organization- including implementation details. Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
A specification of a model to be followed during the design- selection- and initial and ongoing implementation of all subsequent security controls- including information security policies- security education and training programs- and technological controls. Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
It illustrates how information is under attack from a variety of sources. It illustrates the ways in which people access information. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
It is designed and implemented policies- people (education- training- and awareness programs)- and technology. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
A strategy for the protection of information assets that uses multiple layers and different types of controls (managerial- operational- and technical) to provide optimal protection. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
Information security safeguards that focus on administrative planning- organizingleading- and controlling- and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
Information security safeguards focusing on lower-level planning that deals with the functionality of the organization’s security. These safeguards include disaster recovery and incident response planning. operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
Information security safeguards that focus on the application of modern technologiessystems- and processes to protect information assets. These safeguards include firewalls- virtual private networks- and IDPSs. operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
It is a managerial program designed to improve the security of information assets by providing targeted knowledge- skills- and guidance for an organization’s employees operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
The documented product of business continuity planning. Occurs concurrently with the DR plan when the damage is major or ongoing. operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
The actions taken to develop and implement the BC policy. Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT).
The actions taken to implement a combined DR and BC policy- and plan. Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT).
The actions taken to incident response- disaster recovery- and business continuity efforts- as well as preparatory business impact analysis. It includes incident response planning (IRP)- disaster recovery planning (DRP)- and business continuity planning (BCP) Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT).
It leads all CP efforts. Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT).
The documented product. It focuses on restoring systems. Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
The actions taken. Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
The documented product. It focuses on immediate response- but if the attack is there Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
An investigation and assessment of the various adverse events that can affect the organization. The BIA attempts to answer the question- “How will it affect us?” Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
The total amount of time the system owner or authorizing official is willing to accept for a mission/business process outage or disruption- including all impact considerations. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT).
The point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage (given the most recent backup copy of the data). Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT).
The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources- supported mission/business processes- and the MTD. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT).
The amount of effort (expressed as elapsed time) necessary to make the business function operational after the technology element is recovered (as identified with RTO). Tasks include testing and validation of the system. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT).
It is important to collect critical information about each business unit before prioritizing the business units. Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification.
Identify Resource Requirements. Once the organization has created a prioritized list of its mission and business processes- it needs to determine which resources would be required to recover those processes and associated assets Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification.
Identify Recovery Priorities for System Resources To do so- it needs to understand the information assets used by those processes. Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification.
The process of examining an incident candidate and determining whether it constitutes an actual incident (both host-based and network-based). Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification.
Information or information systems become unavailable. Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
Users report corrupt data files- garbage where data should be- or data that looks wrong. Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
You are notified of sensitive information leaks or informed that information you thought was protected has been disclosed Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
Organizational policies that address information or information security have been violated. Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
The law has been broken- and the organization’s information assets are involved. Violation of law Alert message Alert roster After-action review.
A scripted description of the incident that usually contains just enough information so that each person knows what portion of the IR plan to implement without slowing down the notification process. Violation of law Alert message Alert roster After-action review.
A document that contains contact information for people to be notified in the event of an incident. Violation of law Alert message Alert roster After-action review.
A detailed examination and discussion of the events that occurred- from first detection to final recovery Violation of law Alert message Alert roster After-action review.
The process of collecting- analyzing- and preserving computer-related evidence. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS).
A physical object or documented information entered into a legal proceeding that proves an action occurred or identifies the intent of a perpetrator Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS).
in which applications are provided for a fee but hosted on third-party systems and accessed over the Internet and the Web. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS).
in which development platforms are available to developers for a fee and are hosted by third parties. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS).
which is informally known as Everything as a Service- provides hardware and operating systems resources to host whatever the organization wants to implement. Again- the service is hosted by a third party for a fee. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
One of the newest options available as a specialized disaster recovery Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
The duplication of all files that have changed or been added since the last full backup Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
The duplication of all files for an entire system- including all applications- operating systems components- and data Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
The duplication of only the files that have been modified since the previous incremental backup. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
An approach to disk mirroring in which each drive has its own controller to provide additional redundancy Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
It is where the computer records all data to twin drives simultaneously- providing a backup if the primary drive fails. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
L1- It is where one logical volume is created by storing data across several available hard drives in segments called stripes. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
A hard drive feature that allows individual drives to be replaced without powering down the entire system and without causing a fault during the replacement. Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
A system of drives that stores information across Multiple units to spread out data and minimize the impact of a single drive failure. Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
provided by mirroring entire servers to provide redundant capaA level of redundancy city for services Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
A facility that provides only rudimentary services- with no computer hardware or peripherals. Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
A backup strategy to store duplicate online transaction data along with duplicate databases at the remote site on a redundant server. Database shadowing Hot site Warm site Bonus.
A fully configured computing facility that includes all services- communications linksand physical plant operations Database shadowing Hot site Warm site Bonus.
A facility that provides many of the same services and options as a hot site- but typically without installed and configured software applications Database shadowing Hot site Warm site Bonus.
Bonus Database shadowing Hot site Warm site Bonus.
The adoption and implementation of an innovative business model- method technique- resource- or technology in order to outperform the competition. competitive advantage risk assessment risk control risk identification.
A determination of the extent to which an organization’s information assets are exposed to risk. competitive advantage risk assessment risk control risk identification.
The application of controls that reduce the risks to an organization’s information assets to an acceptable level competitive advantage risk assessment risk control risk identification.
The recognition- enumeration- and documentation of risks to an organization’s information assets competitive advantage risk assessment risk control risk identification.
The process of identifying risk- assessing its relative magnitude- and taking steps to reduce it to an acceptable level. risk management residual risk In Asset Identification - People Procedures.
The risk to information assets that remains even after current controls have been applied. risk management residual risk In Asset Identification - People Procedures.
Position name- number- or ID (avoid using people’s names and stick to identifying positions- roles- or functions)- supervisor- security clearance level- special skills risk management residual risk In Asset Identification - People Procedures.
Description- intended purpose- relationship to software- hardware- and networking elements- storage location for reference- storage location for update risk management residual risk In Asset Identification - People Procedures.
Classification- owner- creator- and manager- the size of data structure- data structure used (sequential or relational)- online or offline- location- backup procedures employed. Data Name IP address Media access control (MAC) address.
Make sure that the names you choose are meaningful to all the groups that use the information. You should adopt naming standards that do not convey information to potential system attackers Data Name IP address Media access control (MAC) address.
This can be a useful identifier for network devices and servers- but it does not usually apply to software. You can- however- use a relational database to track software instances on specific servers or networking devices Data Name IP address Media access control (MAC) address.
They are sometimes called electronic serial numbers or hardware addresses. Data Name IP address Media access control (MAC) address.
For hardware- you can develop a list of element types- such as servers- desktop networking devices- or test equipment. For software elements- you may develop a list of types that includes operating systems- custom applications by type (accounting- HRor payroll- for example)- packaged applications- and specialty applications- such as firewall programs. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
This information falls under asset inventory- which can be performed once the identification process is started. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
The logical location is most useful for networking devices and indicates the logical network where the device is connected Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
triples Apairing of an asset with a threat and identification of vulnerabilities that exist between the two. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
Likelihood? Attack Success Probability Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
Asset Value ? Probable Loss Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
exposure factor (EF) * asset value (AV). Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
single loss expectancy (SLE) * annualized rate of occurrence (ARO) Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
The number of successful attacks that are expected to occur within a specified time period. attack success probability Likelihood loss frequency transference risk control strategy.
The probability that a specific vulnerability within an organization will be the target of an attack. attack success probability Likelihood loss frequency transference risk control strategy.
The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range. attack success probability Likelihood loss frequency transference risk control strategy.
It attempts to shift risk to other assets- other processes- or other organizations. attack success probability Likelihood loss frequency transference risk control strategy.
It indicates the organization is willing to accept the current level of risk. Acceptance termination risk control strategy access control access control list (ACL).
It eliminates all risk associated with an information asset by removing it from service or handling decision points Acceptance termination risk control strategy access control access control list (ACL).
The selective method by which systems specify who may use a particular resource and how they may use it. Acceptance termination risk control strategy access control access control list (ACL).
Specifications of authorization that govern the rights and privileges of users to a particular information asset. Acceptance termination risk control strategy access control access control list (ACL).
An access control approach whereby the organization specifies the use of objects based on some attribute of the user or system. attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) lattice-based access control (LBAC).
In a lattice-based access control- the row of attributes associated with a particular subject (such as a user). attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) lattice-based access control (LBAC).
Access controls that are implemented at the discretion or option of the data user. attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) lattice-based access control (LBAC).
A variation on the MAC form of access control- which assigns users a matrix of authorizations for particular areas of access- incorporating the information assets of subjects such as users and objects. attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) lattice-based access control (LBAC).
A required- structured data classification scheme that rates each collection of information as well as each user. mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
They are implemented by a central authority mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
An example of a nondiscretionary control where privileges are tied to the role a user performs in an organization- and are inherited when a user is assigned to that role mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
An example of a nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that task. mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
An integration of access control lists (focusing on assets) and capabilities tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings. access control matrix accountability authentication authorization.
The access control mechanism that ensures all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as audibility. access control matrix accountability authentication authorization.
The access control mechanism that requires the validation and verification of an unauthenticated entity’s purported identity. access control matrix accountability authentication authorization.
The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels. access control matrix accountability authentication authorization.
It is the method by which systems determine whether and how to admit a user into a trusted area of the organization—that is-information system- restricted areas such as computer rooms- and the entire physical location Access control dumb card identification passphrase.
An authentication card that contains digital user data- such as a personal identification number (PIN)- against which user input is compared Access control dumb card identification passphrase.
The access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system Access control dumb card identification passphrase.
A plain-language phrase- typically longer than a password- from which a virtual password is derived. Access control dumb card identification passphrase.
A secret word or combination of characters that only the user should know- a password is used to authenticate the user. password smart card biometric access control minutiae.
An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN. password smart card biometric access control minutiae.
The use of physiological characteristics to provide authentication for a provided identification. password smart card biometric access control minutiae.
In biometric access controls- unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created password smart card biometric access control minutiae.
Firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device. address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall.
A firewall type that can react to network traffic and create or modify configuration rules to adapt address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall.
In information security- a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall.
A device capable of functioning both as a firewall and an application layer proxy server. address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall.
This relies on individual characteristics- such as fingerprints- palm or prints virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce.
Report abuse Consent Terms of use