Scrty Strgy & Plcy Exam

· Question 1

2 out of 2 points

   
  One of the processes designed to eradicate maximum possible security risks is to ________________, which limits access credentials to the minimum required to conduct any activity and ensures that access is authenticated to particular individuals.      
 
Selected Answer: Correct

harden

Correct Answer: Correct

harden

 

     

· Question 2

0 out of 2 points

   
  One of seven domains of a typical IT infrastructure is the user domain. Within that domain is a range of user types, and each type has specific and distinct access needs. Which of the following types of users has the responsibility of creating and putting into place a security program within an organization?      
 
Selected Answer: Incorrect

systems administrators

Correct Answer: Correct

security personnel

 

     

· Question 3

2 out of 2 points

   
  Which of the following user types is responsible for audit coordination and response, physical security and building operations, and disaster recovery and contingency planning?      
 
Selected Answer: Correct

security personnel

Correct Answer: Correct

security personnel

 

     

· Question 4

0 out of 2 points

   
  Imagine a scenario in which an employee regularly shirks the organization’s established security policies in favor of convenience. What does this employee’s continued violation suggest about the culture of risk management in the organization?      
 
Selected Answer: Incorrect

that the employee requires further training to gain a deeper knowledge of the policies

Correct Answer: Correct

that the organization lacks a good risk culture wherein employees have “buy in”

 

     

· Question 5

0 out of 2 points

   
  Which of the following user groups has both the business needs of being able to access the systems, network, and application to complete contracted services, and access capability that is limited to particular sections of the systems, network, and application?      
 
Selected Answer: Incorrect

guests and general public

Correct Answer: Correct

vendors

 

     

· Question 6

2 out of 2 points

   
  Security policies that clarify and explain how rights are assigned and approved among employees can ensure that people have only the access needed for their jobs. Which of the following is not accomplished when prior access is removed?      
 
Selected Answer: Correct

minimizes future instances of human error

Correct Answer: Correct

minimizes future instances of human error

 

     

· Question 7

0 out of 2 points

   
  Aside from human user types, there are two other non-human user groups. Known as account types, ________________ are accounts implemented by the system for the purpose of supporting automated service, and ___________________ are accounts that remain non-human until individuals are assigned access and can use them to recover a system following a major outage.      
 
Selected Answer: Incorrect

control partners, system accounts

Correct Answer: Correct

system accounts, contingent IDs

 

     

· Question 8

2 out of 2 points

   
  Which of the following is the most important reason why data needs to be both retrievable and properly stored?      
 
Selected Answer: Correct

Companies need to maintain data or the purpose of keeping an audit trail.

Correct Answer: Correct

Companies need to maintain data or the purpose of keeping an audit trail.

 

     

· Question 9

0 out of 2 points

   
  There are many different types of automated controls that are configured into devices for the purpose of enforcing a security policy. Which of the following is not an automated control?      
 
Selected Answer: Incorrect

network segmentation

Correct Answer: Correct

log reviews

 

     

· Question 10

0 out of 2 points

   
  One of the different manual controls necessary for managing risk is ________________, which is a type of formal management verification. In the process, management confirms that a condition is present and that security controls and policies are in place.      
 
Selected Answer: Incorrect

background checks

Correct Answer: Correct

attestation

 

     

· Question 11

2 out of 2 points

   
  The information security organization performs a significant role in the implementation of solutions that mitigate risk and control solutions. Because the security organization institutes the procedures and policies to be executed, they occupy role of ____________________.      
 
Selected Answer: Correct

subject matter expert (SME)

Correct Answer: Correct

subject matter expert (SME)

 

     

· Question 12

0 out of 2 points

   
  ___________________ are responsible for the monitoring of activities the pre, middle, and post stages of goal implementation, whereas __________________are responsible for the monitoring of activities following the implementation and are called upon to evaluate whether or not the goals have been achieved.      
 
Selected Answer: Incorrect

Project committees, management committees

Correct Answer: Correct

Management committees, government committees

 

     

· Question 13

2 out of 2 points

   
  The executive management has the responsibility of connecting many lines of business to bring resolution to strategy business issues. However, their ultimate responsibility is to ___________________________.      
 
Selected Answer: Correct

enforce policies at the executive and enterprise levels

Correct Answer: Correct

enforce policies at the executive and enterprise levels

 

     

· Question 14

0 out of 2 points

   
  There are number of issues to consider when composing security policies. One such issue concerns the use of security devices. One such device is a ____________, which is a network security device with characteristics of a decoy that serves as a target that might tempt a hacker.      
 
Selected Answer: Incorrect

threat vector

Correct Answer: Correct

honeypot

 

     

· Question 15

0 out of 2 points

   
  A ______________________ is an apparatus for risk management that enables the organization to comprehend its risks and how those risks might impact the business.      
 
Selected Answer: Incorrect

risk mitigation assess self-assessment (RMASA)

Correct Answer: Correct

risk and control self-assessment (RCSA)

 

     

· Question 16

0 out of 2 points

   
  If an organization is creating a customized data classification scheme, it is important to keep in mind the accepted guidelines. Which of the following is not one these guidelines?      
 
Selected Answer: Incorrect

Connect the classification to particular handling requirements.

Correct Answer: Correct

Make recommendations for how audits can be conducted.

 

     

· Question 17

2 out of 2 points

   
  Of the risk management strategies, _________________ refers to the act of not engaging in actions that lead to risk, whereas ____________________refers to acquiescence in regard to the risks of particular actions as well as their potential results .      
 
Selected Answer: Correct

risk avoidance, risk acceptance

Correct Answer: Correct

risk avoidance, risk acceptance

 

     

· Question 18

0 out of 2 points

   
  Despite the fact that there exists no mandatory scheme of data classification for private industry, there are four classifications used most frequently. Which of the following is not one of the four?      
 
Selected Answer: Incorrect

internal

Correct Answer: Correct

moderately sensitive

 

     

· Question 19

2 out of 2 points

   
  When constructing policies regarding data _______________, it is important that these policies offer particular guidance on separation of duties (SOD), and that there are procedures that verify SOD requirements.      
 
Selected Answer: Correct

access

Correct Answer: Correct

access

 

     

· Question 20

0 out of 2 points

   
  The term ________________ denotes data that is being stored on devices like a universal serial bus (USB) thumb drive, laptop, server, DVD, CD, or server. The term ______________ denotes data that exists in a mobile state on the network, such as data on the Internet, wireless networks, or a private network.      
 
Selected Answer: Incorrect

data in transit, data on record

Correct Answer: Correct

data at rest, data in transit

 

     

· Question 21

0 out of 2 points

   
  Consider this scenario: A major software company finds that code has been executed on an infected machine in its operating system. As a result, the company begins working to manage the risk and eliminates the vulnerability 12 days later. Which of the following statements best describes the company’s approach?      
 
Selected Answer: Incorrect

The company effectively implemented quality control.

Correct Answer: Correct

The company effectively implemented patch management.

 

     

· Question 22

0 out of 2 points

   
  ___________________ is a term that denotes a user’s capability to authenticate once to access the network and then have automatic authentication on different applications and devices afterward.      
 
Selected Answer: Incorrect

Access control

Correct Answer: Correct

Single sign-on

 

     

· Question 23

2 out of 2 points

   
  The ______________________ denotes the application software and technology that concerns a wide range of topics from the data management to the systems that process information.      
 
Selected Answer: Correct

system/application domain

Correct Answer: Correct

system/application domain

 

     

· Question 24

0 out of 2 points

   
  Domain security control requirements are embodied in several different types of documents. One such document is known as _______________________, which uses a hierarchical organizing structure to identify the key terms and their explanations.      
 
Selected Answer: Incorrect

a guidelines document

Correct Answer: Correct

a dictionary

 

     

· Question 25

0 out of 2 points

   
  A procure document should accompany every baseline document. Which of the following is a true statement about the circumstances for when a procedure document needs to be created to support the baseline document?      
 
Selected Answer: Incorrect

Every device configuration requires a specific procedure, so there needs to be a related procedure document.

Correct Answer: Correct

Because many configuration processes reuse the same procedure, there does not need to be a new procedure document for every configuration.

 

     

· Question 26

2 out of 2 points

   
  An important principle in information security is the concept of layers of security, which is often referred to as layered security, or defense in depth. Which of the following is not an example of a layer of security?      
 
Selected Answer: Correct

a control standard

Correct Answer: Correct

a control standard

 

     

· Question 27

2 out of 2 points

   
  Baseline LAN standards are concerned with network traffic monitoring because no matter how good firewalls and routers can be, they are still not 100% effective. Thus, _________________ offer a wide range of protection because they seek out patterns of attack.      
 
Selected Answer: Correct

intrusion systems

Correct Answer: Correct

intrusion systems

 

     

· Question 28

0 out of 2 points

   
  In general, WAN-specific standards identify specific security requirements for WAN devices. For example, the ____________________ explains the family of controls needed to secure the connection from the internal network to the WAN router, whereas the ______________________ identifies which controls are vital for use of Web services provided by suppliers and external partnerships.      
 
Selected Answer: Incorrect

WAN router security standard, Domain Name System

Correct Answer: Correct

WAN router security standard, Web services standard

 

     

· Question 29

0 out of 2 points

   
  Which of the following control standards in the system/application domain maintains control of both managing errors and ensuring against potentially damaging code?      
 
Selected Answer: Incorrect

authentication

Correct Answer: Correct

developer-related standards

 

     

· Question 30

0 out of 2 points

   
  In order to form an IRT, an organization is required to create a charter; this document identifies the authority, mission, and goals of a committee or team, and there are a number of different types of IRT models for doing this. Which of the following models permits an IRT to have the complete authority to ensure a breach is contained?      
 
Selected Answer: Incorrect

IRT that acts in a coordination role

Correct Answer: Correct

IRT that provides on-site response

 

     

· Question 31

0 out of 2 points

   
  An organization’s _______________________ is a particular group of differently skilled individuals who are responsible for attending to serious security situations.      
 
Selected Answer: Incorrect

disaster recovery plan team (DRPT)

Correct Answer: Correct

incident response team (IRT)

 

     

· Question 32

2 out of 2 points

   
  There are particular tools and techniques that the IRT utilizes to gather forensic evidence, including ____________________, which articulates the manner used to document and protect evidence.      
 
Selected Answer: Correct

chain of custody

Correct Answer: Correct

chain of custody

 

     

· Question 33

2 out of 2 points

   
  While the amount of data known as mission-critical depends on the organization and industry, such data should only represent less than ____________ percent of the data population.      
 
Selected Answer: Correct

15

Correct Answer: Correct

15

 

     

· Question 34

0 out of 2 points

   
  In general, the IRT is comprised of a team with individuals that have different specialties; one such individual is the ___________________, who offers analytical skills and risk management. This specialist has focused forensic skills necessary for the collection and analysis of evidence.      
 
Selected Answer: Incorrect

information technology subject matter experts

Correct Answer: Correct

information security representative

 

     

· Question 35

2 out of 2 points

   
  To measure the effectiveness of the IRT, which of the following does not need to be evaluated?      
 
Selected Answer: Correct

the tests provided to employees to ensure their response to incidents

Correct Answer: Correct

the tests provided to employees to ensure their response to incidents

 

     

· Question 36

2 out of 2 points

   
  ___________________ are attacks that obtain access by means of remote services, such as vendor networks, employee remote access tools, and point-of sale (POS) devices.      
 
Selected Answer: Correct

Insecure remote access

Correct Answer: Correct

Insecure remote access

 

     

· Question 37

0 out of 2 points

   
  In order to build security policy implementation awareness across the organization, there should be ____________________ who partner with other team and departments to promote IT security through different communication channels.      
 
Selected Answer: Incorrect

several IT department specialists

Correct Answer: Correct

multiple executive supporters

 

     

· Question 38

2 out of 2 points

   
  The department responsible for providing security training to new employees is the _______________.      
 
Selected Answer: Correct

HR

Correct Answer: Correct

HR

 

     

· Question 39

0 out of 2 points

   
  A major defense corporation rolls out a campaign to manage persistent threats to its infrastructure. The corporation decides to institute a ___________________ to identify and evaluate the knowledge gaps that can be addressed through additional training for all employees, even administrators and management.      
 
Selected Answer: Incorrect [None Given]
Correct Answer: Correct

needs assessment

 

     

· Question 40

2 out of 2 points

   
  Training that happens in a classroom has many benefits, but which of the following is the one of the most significant drawbacks concerning the instructors’ abilities?      
 
Selected Answer: Correct

Instructors with sufficient expertise are difficult to find.

Correct Answer: Correct

Instructors with sufficient expertise are difficult to find.

 

     

· Question 41

2 out of 2 points

   
  While there are many ways that policy objectives and goals can be described, some techniques are more effective than others for persuading an organization to implement them. Which of the following is not one of the effective techniques for persuading people to follow policy objectives and goals?      
 
Selected Answer: Correct

explaining the careful process of design and approval that went into creating the polices

Correct Answer: Correct

explaining the careful process of design and approval that went into creating the polices

 

     

· Question 42

2 out of 2 points

   
  The goal of employee awareness and training is to ensure that individuals are equipped with the tools necessary for the implementation of security policies. Which of the following is one of the other benefits of a successfully enacted training and awareness program?      
 
Selected Answer: Correct

instituting chances for employees to gather new skills, which can foster enhanced job satisfaction

Correct Answer: Correct

instituting chances for employees to gather new skills, which can foster enhanced job satisfaction

 

     

· Question 43

2 out of 2 points

   
  A ________________ is a technological term used in security policy to describe a future state in which specific goals and objectives have been achieved and which processes, resources, and tools are needed to achieve those goals and objectives.      
 
Selected Answer: Correct

target state

Correct Answer: Correct

target state

 

     

· Question 44

0 out of 2 points

   
  Microsoft domains offer _______________ in order to enhance security for certain departments or users in an organization. This method allows security gaps to close and security settings to be increased for some computers or users.      
 
Selected Answer: Incorrect

configuration management policies

Correct Answer: Correct

group policy

 

     

· Question 45

0 out of 2 points

   
  In order to assess policy compliance, many organizations will use a report card. The evaluation tools are comprised of criteria based on an organization’s requirements. Which of the following is not one the elements that would be included on a report card?      
 
Selected Answer: Incorrect

security settings

Correct Answer: Correct

number of random audits performed

 

     

· Question 46

2 out of 2 points

   
  The window of ________________ is the time between when an opportunity for risk is identified and when the risk is ultimately eliminated by a patch.      
 
Selected Answer: Correct

vulnerability

Correct Answer: Correct

vulnerability

 

     

· Question 47

0 out of 2 points

   
  There are a number of automated tools created by Microsoft that can be used to verify compliance. Once such tool is the ____________________, which is a free download that locates system vulnerabilities by sending queries. This tool can scan multiple systems in a network and maintain a history of reports for all prior scans.      
 
Selected Answer: Incorrect

Nessus

Correct Answer: Correct

Microsoft Baseline Security Analyzer (MBSA)

 

     

· Question 48

0 out of 2 points

   
  There are several different best practices available for implementation when creating a plan for IT security policy compliance monitoring. One such practice is to design a baseline derived from the security policy, which entails _________________.      
 
Selected Answer: Incorrect

using a security policy document as a blueprint

Correct Answer: Correct

using images when feasible in the implementation of new operating systems

 

     

· Question 49

2 out of 2 points

   
  A __________________________ is a term that refers to the original image that is duplicated for deployment. Using this image saves times by eradicating the need for repeated changes to configuration and tweaks to performance.      
 
Selected Answer: Correct

gold master

Correct Answer: Correct

gold master

 

     

· Question 50

0 out of 2 points

   
  In order to ensure compliance, organizations deploy both new and current technologies. Which of the following is not one these new technologies?      
 
Selected Answer: Incorrect

COSO Internal Compliance Framework

Correct Answer: Correct

Common Platform Enumeration (CPE)

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!