| Question ID 21558 |
All of the following are basic components of a security policy EXCEPT the |
| Option A |
definition of the issue and statement of relevant terms. |
| Option B |
statement of roles and responsibilities |
| Option C |
statement of applicability and compliance requirements. |
| Option D |
statement of performance of characteristics and requirements. |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:15:05
| Question ID 21559 |
A security policy would include all of the following EXCEPT |
| Option A |
Background |
| Option B |
Scope statement |
| Option C |
Audit requirements |
| Option D |
Enforcement |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:15:45
| Question ID 21560 |
Which one of the following is an important characteristic of an information security policy? |
| Option A |
Identifies major functional areas of information. |
| Option B |
Quantifies the effect of the loss of the information. |
| Option C |
Requires the identification of information owners. |
| Option D |
Lists applications that support the business function. |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:16:22
| Question ID 21561 |
Ensuring the integrity of business information is the PRIMARY concern of |
| Option A |
Encryption Security |
| Option B |
Procedural Security. |
| Option C |
Logical Security |
| Option D |
On-line Security |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:18:16
| Question ID 21562 |
Which of the following would be the first step in establishing an information security program? |
| Option A |
Adoption of a corporate information security policy statement |
| Option B |
Development and implementation of an information security standards manual |
| Option C |
Development of a security awareness-training program |
| Option D |
Purchase of security access control software |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:18:49
| Question ID 21563 |
Which of the following department managers would be best suited to oversee the development of an |
| Option A |
Information Systems |
| Option B |
Human Resources |
| Option C |
Business operations |
| Option D |
Security administration |
| Correct Answer | C |
Description
Update Date and Time 2018-03-10 07:19:22
| Question ID 21564 |
What is the function of a corporate information security policy? |
| Option A |
Issue corporate standard to be used when addressing specific security problems. |
| Option B |
Issue guidelines in selecting equipment, configuration, design, and secure operations. |
| Option C |
Define the specific assets to be protected and identify the specific tasks which must be completed to |
| Option D |
Define the main security objectives which must be achieved and the security framework to meet business |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:20:02
| Question ID 21565 |
Why must senior management endorse a security policy? |
| Option A |
So that they will accept ownership for security within the organization. |
| Option B |
So that employees will follow the policy directives. |
| Option C |
So that external bodies will recognize the organizations commitment to security. |
| Option D |
So that they can be held legally accountable. |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:20:36
| Question ID 21566 |
In which one of the following documents is the assignment of individual roles and responsibilities MOST |
| Option A |
Security policy |
| Option B |
Enforcement guidelines |
| Option C |
Acceptable use policy |
| Option D |
Program manual |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:21:11
| Question ID 21567 |
Which of the following defines the intent of a system security policy? |
| Option A |
A definition of the particular settings that have been determined to provide optimum security. |
| Option B |
A brief, high-level statement defining what is and is not permitted during the operation of the system. |
| Option C |
A definition of those items that must be excluded on the system. |
| Option D |
A listing of tools and applications that will be used to protect the system. |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:21:50
| Question ID 21568 |
When developing an information security policy, what is the FIRST step that should be taken? |
| Option A |
Obtain copies of mandatory regulations. |
| Option B |
Gain management approval. |
| Option C |
Seek acceptance from other departments. |
| Option D |
Ensure policy is compliant with current working practices. |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:22:54
| Question ID 21569 |
Which one of the following should NOT be contained within a computer policy? |
| Option A |
Definition of management expectations. |
| Option B |
Responsibilities of individuals and groups for protected information. |
| Option C |
Statement of senior executive support. |
| Option D |
Definition of legal and regulatory controls. |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:23:29
| Question ID 21570 |
Which one of the following is NOT a fundamental component of a Regulatory Security Policy? |
| Option A |
What is to be done. |
| Option B |
When it is to be done. |
| Option C |
Who is to do it. |
| Option D |
Why is it to be done |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:24:01
| Question ID 21571 |
Which one of the following statements describes management controls that are instituted to implement a |
| Option A |
They prevent users from accessing any control function. |
| Option B |
They eliminate the need for most auditing functions. |
| Option C |
They may be administrative, procedural, or technical. |
| Option D |
They are generally inexpensive to implement. |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:24:33
| Question ID 21572 |
Which must bear the primary responsibility for determining the level of protection needed for information |
| Option A |
IS security specialists |
| Option B |
Senior Management |
| Option C |
Seniors security analysts |
| Option D |
system auditors |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:25:07
| Question ID 21573 |
Which of the following choices is NOT part of a security policy? |
| Option A |
definition of overall steps of information security and the importance of security |
| Option B |
statement of management intend, supporting the goals and principles of information security |
| Option C |
definition of general and specific responsibilities for information security management |
| Option D |
description of specific technologies used in the field of information security |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:25:41
| Question ID 21574 |
In an organization, an Information Technology security function should: |
| Option A |
Be a function within the information systems functions of an organization |
| Option B |
Report directly to a specialized business unit such as legal, corporate security or insurance |
| Option C |
Be lead by a Chief Security Officer and report directly to the CEO |
| Option D |
Be independent but report to the Information Systems function |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:26:53
| Question ID 21575 |
Which of the following embodies all the detailed actions that personnel are required to follow? |
| Option A |
Standards |
| Option B |
Guidelines |
| Option C |
Procedures |
| Option D |
Baselines |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:27:27
| Question ID 21576 |
A significant action has a state that enables actions on an ADP system to be traced to individuals who may |
| Option A |
Violations of security policy. |
| Option B |
Attempted violations of security policy. |
| Option C |
Non-violations of security policy. |
| Option D |
Attempted violations of allowed actions. |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:27:59
| Question ID 21577 |
Network Security is a |
| Option A |
Product |
| Option B |
protocols |
| Option C |
ever evolving process |
| Option D |
quick-fix solution |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:28:30
| Question ID 21578 |
Security is a process that is: |
| Option A |
Continuous |
| Option B |
Indicative |
| Option C |
Examined |
| Option D |
Abnormal |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:28:59
| Question ID 21579 |
What are the three fundamental principles of security? |
| Option A |
Accountability, confidentiality, and integrity |
| Option B |
Confidentiality, integrity, and availability |
| Option C |
Integrity, availability, and accountability |
| Option D |
Availability, accountability, and confidentiality |
| Correct Answer | B |
Description
Update Date and Time 2018-03-10 07:29:35
| Question ID 21580 |
Which of the following prevents, detects, and corrects errors so that the integrity, availability, and confidentiality |
| Option A |
Communications security management and techniques |
| Option B |
Networks security management and techniques |
| Option C |
Clients security management and techniques |
| Option D |
Servers security management and techniques |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:30:47
| Question ID 21581 |
Which of the following prevents, detects, and corrects errors so that the integrity, availability, and confidentiality |
| Option A |
Communications security management and techniques |
| Option B |
Networks security management and techniques |
| Option C |
Clients security management and techniques |
| Option D |
Servers security management and techniques |
| Correct Answer | A |
Description
Update Date and Time 2018-03-10 07:30:47
| Question ID 21582 |
Making sure that the data is accessible when and where it is needed is which of the following? |
| Option A |
Confidentiality |
| Option B |
integrity |
| Option C |
acceptability |
| Option D |
availability |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:31:29
| Question ID 21583 |
Which of the following describes elements that create reliability and stability in networks and systems and |
| Option A |
Availability |
| Option B |
Acceptability |
| Option C |
Confidentiality |
| Option D |
Integrity |
| Correct Answer | A |
Description
Update Date and Time 2018-03-10 07:32:03
| Question ID 21584 |
Most computer attacks result in violation of which of the following security properties? |
| Option A |
Availability |
| Option B |
Confidentiality |
| Option C |
Integrity and control |
| Option D |
All of the choices. |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:32:37
| Question ID 21585 |
Which of the following are objectives of an information systems security program? |
| Option A |
Threats, vulnerabilities, and risks |
| Option B |
Security, information value, and threats |
| Option C |
Integrity, confidentiality, and availability. |
| Option D |
Authenticity, vulnerabilities, and costs. |
| Correct Answer | C |
Description
Update Date and Time 2018-03-10 07:33:10
| Question ID 21586 |
An area of the Telecommunications and Network Security domain that directly affects the Information Systems |
| Option A |
Netware availability |
| Option B |
Network availability |
| Option C |
Network acceptability |
| Option D |
Network accountability |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:33:50
| Question ID 21587 |
The Structures, transmission methods, transport formats, and security measures that are used to provide |
| Option A |
The Telecommunications and Network Security domain |
| Option B |
The Telecommunications and Netware Security domain |
| Option C |
The Technical communications and Network Security domain |
| Option D |
The Telnet and Security domain |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:34:26
| Question ID 21588 |
Which one of the following is the MOST crucial link in the computer security chain? |
| Option A |
Access controls |
| Option B |
People |
| Option C |
Management |
| Option D |
Awareness programs |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:35:48
| Question ID 21589 |
The security planning process must define how security will be managed, who will be responsible, and |
| Option A |
Who practices are reasonable and prudent for the enterprise. |
| Option B |
Who will work in the security department. |
| Option C |
What impact security will have on the intrinsic value of data. |
| Option D |
How security measures will be tested for effectiveness. |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:36:23
| Question ID 21590 |
Information security is the protection of data. Information will be protected mainly based on: |
| Option A |
Its sensitivity to the company. |
| Option B |
Its confidentiality. |
| Option C |
Its value. |
| Option D |
All of the choices. |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:36:55
| Question ID 21591 |
Organizations develop change control procedures to ensure that |
| Option A |
All changes are authorized, tested, and recorded. |
| Option B |
Changes are controlled by the Policy Control Board (PCB). |
| Option C |
All changes are requested, scheduled, and completed on time. |
| Option D |
Management is advised of changes made to systems. |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:37:34
| Question ID 21592 |
Within the organizational environment, the security function should report to an organizational level that |
| Option A |
Has information technology oversight. |
| Option B |
Has autonomy from other levels. |
| Option C |
Is an external operation. |
| Option D |
Provides the internal audit function. |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:38:47
| Question ID 21593 |
What is the MAIN purpose of a change control/management system? |
| Option A |
Notify all interested parties of the completion of the change. |
| Option B |
Ensure that the change meets user specifications. |
| Option C |
Document the change for audit and management review. |
| Option D |
Ensure the orderly processing of a change request. |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:39:25
| Question ID 21594 |
Which of the following is most relevant to determining the maximum effective cost of access control? |
| Option A |
the value of information that is protected |
| Option B |
management's perceptions regarding data importance |
| Option C |
budget planning related to base versus incremental spending. |
| Option D |
the cost to replace lost data |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:39:58
| Question ID 21595 |
Which one of the following is the MAIN goal of a security awareness program when addressing senior |
| Option A |
Provide a vehicle for communicating security procedures. |
| Option B |
Provide a clear understanding of potential risk and exposure. |
| Option C |
Provide a forum for disclosing exposure and risk analysis. |
| Option D |
Provide a forum to communicate user responsibilities. |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:40:34
| Question ID 21596 |
In developing a security awareness program, it is MOST important to |
| Option A |
Understand the corporate culture and how it will affect security. |
| Option B |
Understand employees preferences for information security. |
| Option C |
Know what security awareness products are available. |
| Option D |
Identify weakness in line management support. |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:41:27
| Question ID 21597 |
Which of the following would be best suited to provide information during a review of the controls over the |
| Option A |
Systems programmer |
| Option B |
Legal stuff |
| Option C |
Business unit manager |
| Option D |
Programmer |
| Correct Answer | C |
Description
Update Date and Time 2018-03-10 07:42:05
| Question ID 21598 |
Which of the following would be best suited to provide information during a review of the controls over the |
| Option A |
Systems programmer |
| Option B |
Legal stuff |
| Option C |
Business unit manager |
| Option D |
Programmer |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:42:06
| Question ID 21599 |
Which of the following best explains why computerized information systems frequently fail to meet the needs of |
| Option A |
Inadequate quality assurance (QA) tools |
| Option B |
Constantly changing user needs |
| Option C |
Inadequate user participation in defining the system's requirements |
| Option D |
Inadequate project management. |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:42:37
| Question ID 21600 |
Which of the following is not a compensating measure for access violations? |
| Option A |
Backups |
| Option B |
Business continuity planning |
| Option C |
Insurance |
| Option D |
Security awareness |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:43:37
| Question ID 21601 |
Risk analysis is MOST useful when applied during which phase of the system development process? |
| Option A |
Project identification |
| Option B |
Requirements definition |
| Option C |
System construction |
| Option D |
Implementation planning |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:44:15
| Question ID 21602 |
Which one of the following is not one of the outcomes of a vulnerability analysis? |
| Option A |
Quantative loss assessment |
| Option B |
Qualitative loss assessment |
| Option C |
Formal approval of BCP scope and initiation document |
| Option D |
Defining critical support areas |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:44:49
| Question ID 21603 |
Which of the following is not a part of risk analysis? |
| Option A |
Identify risks |
| Option B |
Quantify the impact of potential threats |
| Option C |
Provide an economic balance between the impact of the risk and the cost of the associated |
| Option D |
Choose the best countermeasure |
| Correct Answer | D |
Update Date and Time 2018-03-10 07:45:56
| Question ID 21604 |
A new worm has been released on the Internet. After investigation, you have not been able to determine if you |
| Option A |
Evaluate evolving environment. |
| Option B |
Contact your anti-virus vendor. |
| Option C |
Discuss threat with a peer in another organization. |
| Option D |
Wait for notification from an anti-virus vendor. |
| Correct Answer | B |
Update Date and Time 2018-03-10 07:47:05
| Question ID 21605 |
When conducting a risk assessment, which one of the following is NOT an acceptable social engineering |
| Option A |
Shoulder surfing |
| Option B |
Misrepresentation |
| Option C |
Subversion |
| Option D |
Dumpster diving |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:47:38
| Question ID 21606 |
Which one of the following risk analysis terms characterizes the absence or weakness of a risk-reducing safegaurd? |
| Option A |
Threat |
| Option B |
Probability |
| Option C |
Vulnerability |
| Option D |
Loss expectancy |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:48:20
| Question ID 21607 |
Risk is commonly expressed as a function of the |
| Option A |
Systems vulnerabilities and the cost to mitigate. |
| Option B |
Types of countermeasures needed and the system's vulnerabilities. |
| Option C |
Likelihood that the harm will occur and its potential impact. |
| Option D |
Computer system-related assets and their costs. |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:48:53
| Question ID 21608 |
How should a risk be handled when the cost of the countermeasures outweighs the cost of the risk? |
| Option A |
Reject the risk |
| Option B |
Perform another risk analysis |
| Option C |
Accept the risk |
| Option D |
Reduce the risk |
| Correct Answer | C |
Update Date and Time 2018-03-10 07:49:26
| Question ID 21609 |
Which of the following is an advantage of a qualitative over quantitative risk analysis? |
| Option A |
It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. |
| Option B |
It provides specific quantifiable measurements of the magnitude of the impacts |
| Option C |
It makes cost-benefit analysis of recommended controls easier |
| Correct Answer | A |
Update Date and Time 2018-03-10 07:49:59
