Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 4: Planning for Security

Full screen (f)
exit full mode
Question
You can create a single, comprehensive ISSP document covering all information security issues.
Use Space or
up arrow
down arrow
to flip the card.
Question
In 2016, NIST published a new Federal Master Cybersecurity Framework to create a mandatory framework for managing cybersecurity risk for the delivery of critical infrastructure services at every organization in the United States, based on vendor-specific technologies.
Question
The ISSP is a plan which sets out the requirements that must be met by the information security blueprint or framework.
Question
Good security programs begin and end with policy.
Question
The security framework is a more detailed version of the security blueprint.
Question
NIST 800-14's Principles for Securing Information Technology Systems can be used to make sure the needed key elements of a successful effort are factored into the design of an information security program and to produce a blueprint for an effective security architecture.
Question
The global information security community has universally agreed with the justification for the code of practices as identified in the ISO/IEC 17799.
Question
ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.
Question
A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions.
Question
The complete details of ISO/IEC 27002 are widely available to everyone.
Question
Failure to develop an information security system based on the organization's mission, vision, and culture guarantees the failure of the information security program.
Question
A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.
Question
To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.
Question
NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans, and provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size.
Question
The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.
Question
Managerial controls set the direction and scope of the security process and provide detailed instructions for its conduct.
Question
Each policy should contain procedures and a timetable for periodic review.
Question
The ISO/IEC 27000 series is derived from an earlier standard, BS7799.
Question
To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and policy issuance and planned revision dates.
Question
A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.
Question
A(n) strategic ​information security policy is also known as a general security policy, and sets the strategic
direction, scope, and tone for all security efforts._________________________
Question
NIST responded to a mandate and created a voluntary Risk Management Framework that provides an effective approachto manage cybersecurity risks. _________________________
Question
The security model is the basis for the design, selection, and implementation of all security program elements, including policy implementation and ongoing policy and program management. _________________________
Question
Every member of the organization's InfoSec department must have a formal degree or certification in information security.
Question
A disaster recovery plan shows the organization's intended efforts to restore operations at the original site in the aftermath of a disaster.
Question
The key components of the security perimeter include firewalls, DMZs (demilitarized zones), Web servers, and IDPSs. _________________________
Question
A hard drive feature known as "hot swap" is a RAID implementation (typically referred to as RAID Level 1) in which the computer records all data to twin drives simultaneously, providing a backup if the primary drive fails.
Question
Systems-specific security policies are organizational policies that provide detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies. _________________________
Question
A(n) capability table specifies which subjects and objects users or groups can access. _________________________
Question
Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.
Question
A cold site provides many of the same services and options of a hot site, but at a lower cost.
Question
Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site.
Question
The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security management.  _________________________
Question
A security policy should begin with a clear statement of purpose. _________________________
Question
Guidelines are detailed statements of what must be done to comply with policy. _________________________
Question
To remain viable, security policies must have a responsible manager, a schedule of reviews, amethod for making recommendations for reviews, and a policy issuance and revision date. _________________________
Question
Within security perimeters the organization can establish security redundancies, each with differing levels of security, between which traffic must be screened. _________________________
Question
Disaster recovery personnel must know their roles without supporting documentation, which is a function of preparation, training, and rehearsal.
Question
The operational plan documents the organization's intended long-term direction and efforts for the next several years. _________________________
Question
Some policies may also need a(n) sunset clause indicating their expiration date. _________________________
Question
​The goals of information security governance include all but which of the following  

A) Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care 
B) ​Strategic alignment of information security with business strategy to support organizational objectives 
C) ​Risk management by executing appropriate measures to manage and mitigate threats to information resources 
D) ​Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
Question
One of the basic tenets of security architectures is the layered implementation of security, which is called defense in redundancy. _________________________
Question
The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

A) SysSP
B) EISP 
C) GSP
D) ISSP
Question
Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator. _________________________
Question
A(n) disaster is any adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. _________________________
Question
A(n) differential backup only archives the files that have been modified that day, and thus requires less space and time than a full backup. _________________________
Question
A service bureau is an agency that provides a service for a fee. _________________________
Question
The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. _________________________
Question
The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________." 

A) implementation
B) certification 
C) management
D) accreditation
Question
A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

A) standard
B) operational 
C) tactical
D) strategic
Question
A(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. _________________________
Question
An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

A) plan
B) framework 
C) model
D) policy
Question
The process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. _________________________
Question
A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. _________________________
Question
When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems  

A) The standard lacked the measurement precision associated with a technical standard. 
B) It was not as complete as other frameworks. 
C) The standard was hurriedly prepared, given the tremendous impact its adoption could have on industry information security controls. 
D) The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.
Question
A(n) alarming event is an event with negative consequences that could threaten the organization's information assets or operations.__________________
Question
The Computer Security Resource Center at NIST provides several useful documents free of charge in its special publications area. _________________________
Question
________often function as standards or procedures to be used when configuring or maintaining systems.

A) ESSPs
B) EISPs 
C) ISSPs
D) SysSPs
Question
Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards.

A) de formale
B) de public 
C) de jure
D) de facto
Question
Technical controls are the tactical and technical implementations of security in the organization. _________________________
Question
Redundancy can be implemented at a number of points throughout the security architecture, such as in ________.

A) firewalls
B) proxy servers 
C) access controls
D) All of the above
Question
_________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.

A) Damage assessment
B) Containment development 
C) Incident response
D) Disaster assessment
Question
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes __________.

A) controls have been bypassed
B) controls have proven ineffective 
C) controls have failed
D) All of the above
Question
The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

A) technology
B) Internet 
C) people
D) operational
Question
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

A) off-site storage
B) remote journaling 
C) electronic vaulting
D) database shadowing
Question
A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.

A) emergency notification system
B) alert roster 
C) phone list
D) call register
Question
A ____ site provides only rudimentary services and facilities.

A) commercial
B) warm 
C) hot
D) cold
Question
In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to __________.

A) identify and prioritize opportunities for improvement within the context of a continuous and repeatable process 
B) assess progress toward a recommended target state 
C) communicate among local, state, and national agencies about cybersecurity risk 
D) None of these
Question
__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

A) Firewalling
B) Hosting 
C) Redundancy
D) Domaining
Question
The transfer of transaction data in real time to an off-site facility is called ____.

A) off-site storage
B) remote journaling 
C) electronic vaulting
D) database shadowing
Question
________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

A) Managerial
B) Technical 
C) Operational
D) Informational
Question
​Security __________ are the areas of trust within which users can freely communicate.

A) ​perimeters
B) ​domains 
C) ​rectangles
D) ​layers
Question
_________ controls address personnel security, physical security, and the protection of production inputs and outputs.

A) ​Informational
B) Operational 
C) ​Technical
D) ​Managerial
Question
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________.

A) plan
B) standard 
C) policy
D) blueprint
Question
The ____________________ of an organization are the intermediate states obtained to achieve progress toward a goal or goals.
Question
The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees.

A) intentional
B) external 
C) accidental
D) physical
Question
The CPMT conducts the BIA in three stages.  Which of the following is NOT one of those stages  

A) Determine mission/business processes and recovery criticality 
B) Identify recovery priorities for system resources 
C) Identify resource requirements 
D) All of these are BIA stages
Question
According to NIST SP 800-14's security principles, security should ________.

A) support the mission of the organization
B) require a comprehensive and integrated approach 
C) be cost-effective
D) All of the above
Question
RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.

A) replicated
B) resistant 
C) random
D) redundant
Question
__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

A) Networking
B) Proxy 
C) Defense in depth
D) Best-effort
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/109
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 4: Planning for Security
1
You can create a single, comprehensive ISSP document covering all information security issues.
True
2
In 2016, NIST published a new Federal Master Cybersecurity Framework to create a mandatory framework for managing cybersecurity risk for the delivery of critical infrastructure services at every organization in the United States, based on vendor-specific technologies.
False
3
The ISSP is a plan which sets out the requirements that must be met by the information security blueprint or framework.
False
4
Good security programs begin and end with policy.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
5
The security framework is a more detailed version of the security blueprint.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
6
NIST 800-14's Principles for Securing Information Technology Systems can be used to make sure the needed key elements of a successful effort are factored into the design of an information security program and to produce a blueprint for an effective security architecture.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
7
The global information security community has universally agreed with the justification for the code of practices as identified in the ISO/IEC 17799.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
8
ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
9
A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
10
The complete details of ISO/IEC 27002 are widely available to everyone.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
11
Failure to develop an information security system based on the organization's mission, vision, and culture guarantees the failure of the information security program.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
12
A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
13
To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
14
NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans, and provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
15
The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
16
Managerial controls set the direction and scope of the security process and provide detailed instructions for its conduct.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
17
Each policy should contain procedures and a timetable for periodic review.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
18
The ISO/IEC 27000 series is derived from an earlier standard, BS7799.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
19
To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and policy issuance and planned revision dates.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
20
A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
21
A(n) strategic ​information security policy is also known as a general security policy, and sets the strategic
direction, scope, and tone for all security efforts._________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
22
NIST responded to a mandate and created a voluntary Risk Management Framework that provides an effective approachto manage cybersecurity risks. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
23
The security model is the basis for the design, selection, and implementation of all security program elements, including policy implementation and ongoing policy and program management. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
24
Every member of the organization's InfoSec department must have a formal degree or certification in information security.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
25
A disaster recovery plan shows the organization's intended efforts to restore operations at the original site in the aftermath of a disaster.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
26
The key components of the security perimeter include firewalls, DMZs (demilitarized zones), Web servers, and IDPSs. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
27
A hard drive feature known as "hot swap" is a RAID implementation (typically referred to as RAID Level 1) in which the computer records all data to twin drives simultaneously, providing a backup if the primary drive fails.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
28
Systems-specific security policies are organizational policies that provide detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
29
A(n) capability table specifies which subjects and objects users or groups can access. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
30
Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
31
A cold site provides many of the same services and options of a hot site, but at a lower cost.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
32
Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
33
The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security management.  _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
34
A security policy should begin with a clear statement of purpose. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
35
Guidelines are detailed statements of what must be done to comply with policy. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
36
To remain viable, security policies must have a responsible manager, a schedule of reviews, amethod for making recommendations for reviews, and a policy issuance and revision date. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
37
Within security perimeters the organization can establish security redundancies, each with differing levels of security, between which traffic must be screened. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
38
Disaster recovery personnel must know their roles without supporting documentation, which is a function of preparation, training, and rehearsal.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
39
The operational plan documents the organization's intended long-term direction and efforts for the next several years. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
40
Some policies may also need a(n) sunset clause indicating their expiration date. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
41
​The goals of information security governance include all but which of the following  

A) Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care 
B) ​Strategic alignment of information security with business strategy to support organizational objectives 
C) ​Risk management by executing appropriate measures to manage and mitigate threats to information resources 
D) ​Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
42
One of the basic tenets of security architectures is the layered implementation of security, which is called defense in redundancy. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
43
The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

A) SysSP
B) EISP 
C) GSP
D) ISSP
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
44
Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
45
A(n) disaster is any adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
46
A(n) differential backup only archives the files that have been modified that day, and thus requires less space and time than a full backup. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
47
A service bureau is an agency that provides a service for a fee. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
48
The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
49
The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________." 

A) implementation
B) certification 
C) management
D) accreditation
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
50
A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

A) standard
B) operational 
C) tactical
D) strategic
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
51
A(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
52
An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

A) plan
B) framework 
C) model
D) policy
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
53
The process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
54
A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
55
When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems  

A) The standard lacked the measurement precision associated with a technical standard. 
B) It was not as complete as other frameworks. 
C) The standard was hurriedly prepared, given the tremendous impact its adoption could have on industry information security controls. 
D) The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
56
A(n) alarming event is an event with negative consequences that could threaten the organization's information assets or operations.__________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
57
The Computer Security Resource Center at NIST provides several useful documents free of charge in its special publications area. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
58
________often function as standards or procedures to be used when configuring or maintaining systems.

A) ESSPs
B) EISPs 
C) ISSPs
D) SysSPs
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
59
Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards.

A) de formale
B) de public 
C) de jure
D) de facto
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
60
Technical controls are the tactical and technical implementations of security in the organization. _________________________
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
61
Redundancy can be implemented at a number of points throughout the security architecture, such as in ________.

A) firewalls
B) proxy servers 
C) access controls
D) All of the above
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
62
_________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.

A) Damage assessment
B) Containment development 
C) Incident response
D) Disaster assessment
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
63
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes __________.

A) controls have been bypassed
B) controls have proven ineffective 
C) controls have failed
D) All of the above
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
64
The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

A) technology
B) Internet 
C) people
D) operational
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
65
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

A) off-site storage
B) remote journaling 
C) electronic vaulting
D) database shadowing
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
66
A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.

A) emergency notification system
B) alert roster 
C) phone list
D) call register
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
67
A ____ site provides only rudimentary services and facilities.

A) commercial
B) warm 
C) hot
D) cold
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
68
In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to __________.

A) identify and prioritize opportunities for improvement within the context of a continuous and repeatable process 
B) assess progress toward a recommended target state 
C) communicate among local, state, and national agencies about cybersecurity risk 
D) None of these
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
69
__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

A) Firewalling
B) Hosting 
C) Redundancy
D) Domaining
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
70
The transfer of transaction data in real time to an off-site facility is called ____.

A) off-site storage
B) remote journaling 
C) electronic vaulting
D) database shadowing
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
71
________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

A) Managerial
B) Technical 
C) Operational
D) Informational
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
72
​Security __________ are the areas of trust within which users can freely communicate.

A) ​perimeters
B) ​domains 
C) ​rectangles
D) ​layers
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
73
_________ controls address personnel security, physical security, and the protection of production inputs and outputs.

A) ​Informational
B) Operational 
C) ​Technical
D) ​Managerial
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
74
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________.

A) plan
B) standard 
C) policy
D) blueprint
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
75
The ____________________ of an organization are the intermediate states obtained to achieve progress toward a goal or goals.
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
76
The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees.

A) intentional
B) external 
C) accidental
D) physical
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
77
The CPMT conducts the BIA in three stages.  Which of the following is NOT one of those stages  

A) Determine mission/business processes and recovery criticality 
B) Identify recovery priorities for system resources 
C) Identify resource requirements 
D) All of these are BIA stages
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
78
According to NIST SP 800-14's security principles, security should ________.

A) support the mission of the organization
B) require a comprehensive and integrated approach 
C) be cost-effective
D) All of the above
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
79
RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.

A) replicated
B) resistant 
C) random
D) redundant
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
80
__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

A) Networking
B) Proxy 
C) Defense in depth
D) Best-effort
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 109 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree