logo image

Chapter 6 (Test 2)

Which of the following is the definition of system owner?

a. The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO

b. A benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products

c. Fixing something that is broken or defective, such as by addressing or removing vulnerabilities

d. The individual or team responsible for performing the security test and evaluation for the system, and for preparing the report for the AO on the risk of operating the system

a. The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO
Enacting changes in response to reported problems is called _______.

a. Change control

b. Reactive change management

c. Compliance liaison

d. Job rotation

b. Reactive change management
_________ ensures that any changes to a production system are tested, documented, and approved.

a. Change control

b. Classification

c. Compliance

d. Configuration control

a. Change control
Your organization’s ______________ sets the tone for how you approach related activities.

a. Guidelines

b. Security policy

c. Assets

d. Configuration

b. Security policy
A security awareness program includes _______________.

a. Motivating users to comply with security policies

b. Informing users about trends and threats in society

c. Teaching employees about security objectives

d. All of the above

d. All of the above
When an information security breach occurs in your organization, a ____________ helps determine what happened to the system and when.

a. Security event log

b. Security policy

c. Baseline

d. Functional policy

a. Security event log
The term guideline refers to a group that oversees all proposed changes to systems and networks.

True or False?

False
The term remediation refers to fixing something before it is broken, defective, or vulnerable.

True or False?

True
Your organization’s ____________ sets the tone for how you approach related activities.

a. Configuration

b. Security policy

c. Assets

d. Guidelines

b. Security policy
When an information security breach occurs in your organization, a ___________ helps determine what happened to the system and when.
a. Functional policy
b. Security event log
c. Security policy
d. Baseline
b. Security event log
What is meant by authorizing official (AO)?

a. The process of managing changes to computer/device configuration or application software

b. An individual to enact changes in response to reported problems

c. A senior manager who reviews a certification report and makes the decision to approve the system for implementation

d. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization

c. A senior manager who reviews a certification report and makes the decision to approve the system for implementation
When security seems to get in the way of an employee’s productivity, they’ll often bypass security measures to complete their work more quickly.

True or False?

True
The process of managing the baseline settings of a system device is called ___________.

a. Guideline

b. Configuration control

c. Baseline

d. Sprint

b. Configuration control
A security awareness program includes ______________.

a. Teaching employees about security objectives

b. Informing users about trends and threats in society

c. Motivating users to comply with security policies

d. All of the above

d. All of the above
Sprint means one of the small project iterations used in the “agile” method of developing software, in contrast with the usual long project schedules of other ways of developing software.

True or False?

True
System owners are in control of data classification.

True or False?

False
For all the technical solutions you can advise to secure your systems, the ___________ remains your greatest challenge.

a. Administration

b. Certifier

c. Regulations

d. Human element

d. Human element
___________ ensures that any changes to a production system are tested, documented, and approved.

a. Classification

b. Change control

c. Configuration control

d. Compliance

b. Change control
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?

a. Compliance liaison

b. Remediation

c. System owners

d. Certifier

d. Certifier
An organization must comply with rules on two levels: regulatory compliance and organizational compliance.

True or False?

True
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?

a. Agile development

b. Waterfall model

c. Baseline

d. Sprint

a. Agile development
The process of managing the baseline settings of a system device is the definition of configuration control.

True or False?

True
Organizations should train employees on security, and that training should be repeated at specified intervals.

True or False?

True
What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?

a. Security administration

b. Proactive change management

c. Authorizing official (AO)

d. Procedure

d. Procedure
____________ is the process of managing changes to computer/device configuration or application software.

a. Procedure control

b. Change control

c. Sprint

d. Proactive change management

b. Change control
One of the most popular types of attacks on computer systems involves _______________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks.

a. The World Wide Web

b. Social engineering

c. Worms

d. Cloud computing

b. Social engineering
The process of managing the baseline settings of a system device is the definition of configuration control.

True or False?

True
From the perspective of a ____________ professional, configuration management evaluates the impact a modification might have on security.

a. Security

b. Administration

c. Management

d. IT

a. Security
Enacting changes in response to reported problems is called _____________.

a. Reactive change management

b. Compliance liaison

c. Change control

d. Job rotation

a. Reactive change management
Initiating changes to avoid expected problems is the definition of proactive change management.

True or False?

True
What is meant by standard?

a. The formal acceptance by the authorizing official of the risk of implementing the system

b. A benchmark used to make sure that a system provides a minimum level of security across multiple application and across different products

c. Recorded information from system events that describes security-related activity

d. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization

d. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
Accreditation is management’s formal acceptance of risk and their permission to implement.

True or False?

True
The term guideline refers to a group that oversees all proposed changes to systems and networks.

True or False?

False
The term functional policy describes a statement of an organization’s management direction for security in such specific functional areas as e-mail, remote access, and internet surfing.

True or False?

True
An organization must comply with two rules: regulatory compliance and organizational compliance.

True or False?

True
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security _____________.

a. Training

b. Documentation

c. Guidelines

d. Environment

a. Training

Need essay sample on "Chapter 6 (Test 2)"? We will write a custom essay sample specifically for you for only .90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register
Signup & Access Essays

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy