Question

Chapter 3 Operational/Organizational Security 1. What are the four steps that make up the policy life...

Chapter 3 Operational/Organizational Security

1. What are the four steps that make up the policy life cycle?

• A. policies

• B. procedures

• C. standards

• D. guidelines

2. Which term describes a method to check the security of a system by simulating an attack by a malicious individual?

• A. Vulnerability assessment

• B. Penetration test

• C. Due diligence

• D. Due care

3. Which type of classification includes categories such as High, Medium, Low, Confidential, Private, and Public?

• A. Human resources classification

• B. Acceptable use classification

• C. Change management classification

• D. Information classification

4. Which term refers to ensuring each individual in the organization is supplied with only the absolute minimum amount of information and privileges they need to perform their work tasks?

• A. Need to know

• B. Defense in depth

• C. Exception handling

• D. Economy of mechanism

5. What is a leading cause of account hijacking?

• A. Improper use and/or control over passwords

• B. Ineffective data classification programs

• C. Ineffective service level agreements

• D. A business partnership agreement (BPA)

6. Which term refers to a security principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone?

• A. Due diligence

• B. Separation of duties

• C. Defense in depth

• D. Least privilege

7. Which term is concerned with guaranteeing fundamental fairness, justice and liberty in relation to an individual’s legal rights

• A. Due diligence

• B. Due care

• C. Due process

• D. Acceptable use

8. Who is responsible for defining data handling characteristics?

• A. The system owner

• B. The data owner

• C. Executive users

• D. Privileged users

9. Which term refers to contractual agreements between entities that describe specified levels of service that the servicing entity agrees to guarantee for the customer?

• A. Business partnership agreement (BPA)

• B. Interconnection security agreement (ISA)

• C. Service level agreement (SLA)

• D. Memorandum of understanding (MOU)

10. Which document lays out a uniform set of rules associated with partnerships to resolve any partnership terms?

• A. Memorandum of understanding (MOU)

• B. Uniform Partnership Act (UPA)

• C. Interconnection security agreement (ISA)

• D. Service level agreement (SLA)

11. Which term refers to the security perimeter, with its several layers of security, along with additional security mechanisms that may be implemented on a system (such as user IDs/passwords)?

• A. Defense-in-depth

• B. Peer-to-peer communication

• C. Public switched telephone network (PSTN)

• D. Client-server communication

12. Which term eliminates the traditional land lines in an organization and replaces them with special telephones that connect to the IP data network?

• A. Voice over IP (VoIP)

• B. Peer-to-peer communication

• C. Client-server communication

• D. Public switched telephone network (PSTN)

TRUE / FALSE

13. (p. 48) Generally, policies should be updated more frequently than the procedures that implement them.

14. (p. 49) Data requires a data owner.

15. (p. 53) Password length is critical to password-based security

16. (p. 67) Nondisclosure agreements (NDAs) are frequently used to delineate the level and type of information, and with whom it can be shared.

17. (p. 68) An intrusion detection system (IDS) is often part of the security perimeter for an organization.

0 0
Add a comment Improve this question Transcribed image text
Answer #2

1. What are the four steps that make up the policy life cycle?
Ans: B. procedures
Policy life cycle involves five stages: (1) discussion and debate, (2) political action, (3) legislative proposal, (4) law and regulation,(5) compliance.


2. Which term describes a method to check the security of a system by simulating an attack by a malicious individual?
Ans: B. Penetration test
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall.

3. Which type of classification includes categories such as High, Medium, Low, Confidential, Private, and Public?
Ans: D. Information classification
Information Classification includes restricted data, for that information will categories into High, Medium, Low, Confidential, Private, and Public


4. Which term refers to ensuring each individual in the organization is supplied with only the absolute minimum amount of information and privileges they need to perform their work tasks?
Ans : A. Need to know
For any organization needs to know all the operations and thier functionality to perform well and manage the things easily.

5. What is a leading cause of account hijacking?
A. Improper use and/or control over passwords.
Most of the hacker gains access to these accounts via phishing, though it can also be done with a password cracking tool. A phishing email for example may warn the recipient that their Outlook needs to be updated and that they must click on the link provided, and enter their login. But instead of being a helpful update, it’s really a scam designed to capture your username and password.

6. Which term refers to a security principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone?
Ans: D. Least privilege.
The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work.


7. Which term is concerned with guaranteeing fundamental fairness, justice and liberty in relation to an individual’s legal rights?
Ans: C. Due process.
Due process is the legal requirement that the state must respect all legal rights that are owed to a person. Due process balances the power of law of the land and protects the individual person from it.

8. Who is responsible for defining data handling characteristics?
Ans: D. Privileged users
In any company, the privileged user is an employee with authority to access more than usual company data or make changes to the company network. Companies need privileged users because they have access to source code, file systems and other assets that allow them to upgrade the systems or make other technical changes.
9. Which term refers to contractual agreements between entities that describe specified levels of service that the servicing entity agrees to guarantee for the customer?
Ans: C. Service level agreement (SLA).
A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service provider. SLAs are output-based in that their purpose is specifically to define what the customer will receive.

10. Which document lays out a uniform set of rules associated with partnerships to resolve any partnership terms?
Ans: A. Memorandum of understanding (MOU).
A memorandum of understanding (MOU or MoU) is a formal agreement between two or more parties. Companies and organizations can use MOUs to establish official partnerships.

11. Which term refers to the security perimeter, with its several layers of security, along with additional security mechanisms that may be implemented on a system (such as user IDs/passwords)?
Ans: A. Defense-in-depth.
Defense in Depth (DiD) is an approach to cyber security in which a series of defensive mechanisms are layered in order to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack.

12. Which term eliminates the traditional land lines in an organization and replaces them with special telephones that connect to the IP data network?
Ans: A. Voice over IP (VoIP).
VoIP (voice over IP) is the transmission of voice and multimedia content over Internet Protocol(IP) networks. VoIP historically referred to using IP to connect private branch exchanges, but the term is now used interchangeably with IP telephony.


13. Generally, policies should be updated more frequently than the procedures that implement them.
Ans: FALSE
Generally, policies should be updated more frequently than the procedures that implement them statement is FALSE because both are updated frequently then only the organization perform efficient manner. Policies and procedures in the organization may be so that maintaining a manual becomes a challenge. And by the time the ink dries on the newest edition of the document, a new law or regulation may be enacted that requires changing the manual again. The result is that many organizations have manuals that are incomplete, out of date, badly written, poorly understood, and inadequately enforced. Yet there’s no question that a high-quality policies and procedures manual can provide underlying documentation that helps an organization run effectively and efficiently.

14. Data requires a data owner?
Ans: FALSE.
In most cases, the Data Custodian is not the Data Owner. A system administrator or Data Custodian is a person who has technical control over an information asset dataset.

15. Password length is critical to password-based security?
Ans: TRUE

Many policies require a minimum password length. Eight characters is typical but may not be appropriate. Longer passwords are generally more secure, but some systems impose a maximum length for compatibility with legacy systems.

16. Nondisclosure agreements (NDA) are frequently used to delineate the level and type of information, and with whom it can be shared.
Ans : TRUE

A non-disclosure agreement also known as a confidentiality agreement (CA), confidential disclosure agreement, proprietary information agreement or secrecy agreement (SA), is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to or by third parties.


17. An intrusion detection system (IDS) is often part of the security perimeter for an organization.
Ans: TRUE

Intrusion detection systems are primarily focused on identifying possible incidents, logging information about them, and reporting attempts.

Add a comment
Know the answer?
Add Answer to:
Chapter 3 Operational/Organizational Security 1. What are the four steps that make up the policy life...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT