Question 1

A policy that addresses security as it relates to human resources is known as a(n) ____ policy.&#10;A) VPN&#10;B) acceptable use&#10;C) security-related human resource&#10;D) technical

Accepted Answer

A security-related human resource policy would specifically address security issues related to employees or contractors who work for the organization. This could include measures such as background checks, security training, and access control. The other options, VPN, acceptable use, and technical, are more general security policies that do not focus specifically on human resources.

Question 2

____ are generally considered to be the most important information security policies.&#10;A) Acceptable use policies&#10;B) Encryption policies&#10;C) Data loss policies&#10;D) VPN policies

Accepted Answer

Acceptable use policies are considered the most important information security policies as they define the rules and guidelines for the proper use of an organization's technology and information assets. They help in preventing unauthorized access, misuse, and abuse of these assets by employees and other stakeholders. Encryption policies, data loss policies, and VPN policies are also essential in protecting sensitive data and ensuring secure communications, but they are usually built upon the foundation laid by an acceptable use policy.

Question 3

At the heart of information security is the concept of ____.&#10;A) threat&#10;B) mitigation&#10;C) risk&#10;D) management

Accepted Answer

Risk is the central concept in information security as it involves assessing the likelihood and impact of potential security threats and vulnerabilities. This is essential for developing effective security strategies and implementing appropriate controls to protect valuable assets. Threats, mitigation, and management are all important components of information security, but they are all related to managing risk.

Question 4

____ are a person's fundamental beliefs and principles used to define what is good, right, and just.&#10;A) Morals&#10;B) Values&#10;C) Ethics&#10;D) Standards

Accepted Answer

The description is of values. Morals and ethics are closely related concepts, but they refer more specifically to personal conduct and behavior, whereas values are more fundamental beliefs that guide behavior. Standards could refer to specific rules or expectations but are not as overarching as values.

Question 5

Most organizations follow a three-phase cycle in the development and maintenance of a security policy.

Accepted Answer

The three phases are typically: development, implementation, and maintenance/revision.

Question 6

____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.&#10;A) Values&#10;B) Morals&#10;C) Ethics&#10;D) Standards

Accepted Answer

Ethics can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments. Values refer to the beliefs and principles that guide individuals or society while morals refer to individual beliefs and practices about what is right or wrong. Standards refer to the set of guidelines or criteria used to measure quality or excellence in a particular domain.

Question 7

The objective of incident response is to restore normal operations as quickly as possible with the least possible impact on either the business or the users.

Accepted Answer

This is the main objective of incident response - to minimize the impact of the incident and restore normal operations as quickly as possible.

Question 8

____ is the planning, coordination, communications, and planning functions that are needed in order to resolve an incident in an efficient manner.&#10;A) Incident reporting&#10;B) Incident management&#10;C) Incident planning&#10;D) Incident handling

Accepted Answer

The answer of ____ is the planning, coordination, communications, and...

Question 9

A(n) ____ policy is designed to produce a standardized framework for classifying information assets.&#10;A) VPN&#10;B) acceptable use&#10;C) privacy&#10;D) classification of information

Accepted Answer

The classification of information policy is designed to provide a standardized framework for identifying and categorizing information assets based on their sensitivity and the degree of protection they require. This policy helps organizations ensure that information is handled appropriately and protected in accordance with its level of importance and potential risk if accessed or disclosed. VPN policies relate to secure remote access to organizational resources, acceptable use policies relate to appropriate use of technology resources, and privacy policies relate to protecting individuals' personal information.

Question 10

Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.

Accepted Answer

Audits are designed to ensure that an organization's security measures are being implemented effectively and that any weaknesses or vulnerabilities are identified and remedied promptly to prevent exploitation by attackers. This helps to improve overall security and mitigate the risk of cyber attacks.

Question 11

____ may be defined as the components required to identify, analyze, and contain that incident.&#10;A) Vulnerability response&#10;B) Incident response&#10;C) Risk response&#10;D) Threat response

Accepted Answer

The answer of ____ may be defined as the components...

Question 12

Education in an enterprise is limited to the average employee.

Accepted Answer

The answer of Education in an enterprise is limited to...

Question 13

____ can be defined as the &#34;framework&#34; and functions required to enable incident response and incident handling within an organization.&#10;A) Incident reporting&#10;B) Incident management&#10;C) Incident handling&#10;D) Incident planning

Accepted Answer

The answer of ____ can be defined as the &#34;framework&#34;...

Question 14

Because the impact of changes can potentially affect all users, and uncoordinated changes can result in security vulnerabilities, many organizations create a(n) ____ to oversee the changes.&#10;A) change management team&#10;B) incident response team&#10;C) security control team&#10;D) compliance team

Accepted Answer

The answer of Because the impact of changes can potentially...

Question 15

A ____ is a written document that states how an organization plans to protect the company's information technology assets.&#10;A) security policy&#10;B) guideline&#10;C) security procedure&#10;D) standard

Accepted Answer

The answer of A ____ is a written document that...

Question 16

____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.&#10;A) Morals&#10;B) Ethics&#10;C) Standards&#10;D) Morays

Accepted Answer

The answer of ____ are values that are attributed to...

Question 17

A ____ is a collection of suggestions that should be implemented.&#10;A) security policy&#10;B) baseline&#10;C) guideline&#10;D) security procedure

Accepted Answer

The answer of A ____ is a collection of suggestions...

Question 18

A(n) ____ policy outlines how the organization uses personal information it collects.&#10;A) VPN&#10;B) network&#10;C) encryption&#10;D) privacy

Accepted Answer

The answer of A(n) ____ policy outlines how the organization...

Question 19

A ____ is a document that outlines specific requirements or rules that must be met.&#10;A) procedure&#10;B) standard&#10;C) guideline&#10;D) policy

Accepted Answer

The answer of A ____ is a document that outlines...

Question 20

A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.

Accepted Answer

The answer of A due process policy is a policy...

Question 21

What are the duties of the CMT?

Accepted Answer

The answer of What are the duties of the CMT?...

Question 22

The Web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or school contacts are called ____ sites.&#10;A) social networking&#10;B) social engineering&#10;C) social management&#10;D) social control

Accepted Answer

The answer of The Web sites that facilitate linking individuals...

Question 23

Which roles should be represented on the security policy development team?

Accepted Answer

The answer of Which roles should be represented on the...

Question 24

What are the typical classification designations of government documents?

Accepted Answer

The answer of What are the typical classification designations of...

Question 25

____ learners learn through a lab environment or other hands-on approaches.&#10;A) Visual&#10;B) Auditory&#10;C) Kinesthetic&#10;D) Spatial

Accepted Answer

The answer of ____ learners learn through a lab environment...

Question 26

____ learners tend to sit in the middle of the class and learn best through lectures and discussions.&#10;A) Visual&#10;B) Auditory&#10;C) Kinesthetic&#10;D) Spatial

Accepted Answer

The answer of ____ learners tend to sit in the...

Question 27

What is a general security tip for using a social networking site?

Accepted Answer

The answer of What is a general security tip for...

Question 28

List two characteristics of a policy.

Accepted Answer

The answer of List two characteristics of a policy....

Question 29

A(n) ____ approach is the art of helping an adult learn.&#10;A) andragogical&#10;B) pedagogical&#10;C) deontological&#10;D) metagogical

Accepted Answer

The answer of A(n) ____ approach is the art of...

Question 30

When designing a security policy, many organizations follow a standard set of ____________________.

Accepted Answer

The answer of When designing a security policy, many organizations...

Question 31

____ networks are typically used for connecting devices on an ad hoc basis for file sharing of audio, video, and data, or real-time data transmission such as telephony traffic.&#10;A) Peer&#10;B) Client-server&#10;C) P2P&#10;D) Share

Accepted Answer

The answer of ____ networks are typically used for connecting...

Question 32

List one reason why social networking sites are popular with attackers.

Accepted Answer

The answer of List one reason why social networking sites...

Question 33

List and describe two risk categories.

Accepted Answer

The answer of List and describe two risk categories....

Question 34

A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.

Accepted Answer

The answer of A(n) ____________________ is a methodical examination and...

Question 35

____ learners learn through taking notes, being at the front of the class, and watching presentations.&#10;A) Kinesthetic&#10;B) Auditory&#10;C) Spatial&#10;D) Visual

Accepted Answer

The answer of ____ learners learn through taking notes, being...

Question 36

____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.

Accepted Answer

The answer of ____________________ seeks to approach changes systematically and...

Question 37

A(n) ____________________ is a collection of requirements specific to the system or procedure that must be met by everyone.

Accepted Answer

The answer of A(n) ____________________ is a collection of requirements...

Question 38

List four attributes that should be compiled for new equipment in the change management documentation.

Accepted Answer

The answer of List four attributes that should be compiled...

Question 39

Most people are taught using a(n) ____________________ approach.

Accepted Answer

The answer of Most people are taught using a(n) ____________________...

Question 40

Identify two opportunities for security education and training.

Accepted Answer

The answer of Identify two opportunities for security education and...

Question 41

Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.

Accepted Answer

The answer of Contrast the difference between a pedagogical approach...

Question 42

Match between columns&#10;                        Premises: Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Periodic reviewing of a subject's privileges over an object&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Refers to a methodology for making modifications and keeping track of those changes&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;Grouping individuals and organizations into clusters or groups based on some sort of affiliation&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;A subject's access level over an object, such as a user's ability to open a payroll file&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;The likelihood that the threat agent will exploit the vulnerability&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A person or element that has the power to carry out a threat&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A flaw or weakness that allows a threat agent to bypass security&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm&#10;A type of action that has the potential to cause harm

Accepted Answer

The Answer of Privilege management and Threat and Threat agent is...

Deck 14: Risk Mitigation