Quiz 6

Question 1

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Identification

Authentication

Accountability

Authorization

0.5 points  

QUESTION 2

1.     Which of the following would NOT be considered in the scope of organizational compliance efforts?

Laws

Company policy

Internal audit

Corporate culture

0.5 points  

QUESTION 3

1.     Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Reduced operating costs

Access to a high level of expertise

Developing in-house talent

Building internal knowledge

0.5 points  

QUESTION 4

1.     Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Service level agreement (SLA)

Blanket purchase agreement (BPA)

Memorandum of understanding (MOU)

Interconnection security agreement (ISA)

0.5 points  

QUESTION 5

1.     Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Service level agreement (SLA)

Blanket purchase agreement (BPA)

Memorandum of understanding (MOU)

Interconnection security agreement (ISA)

0.5 points  

QUESTION 6

1.     What is NOT a good practice for developing strong professional ethics?

Set the example by demonstrating ethics in daily activities

Encourage adopting ethical guidelines and standards

Assume that information should be free

Inform users through security awareness training

0.5 points  

QUESTION 7

1.     Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)?

Seeking to gain unauthorized access to resources

Disrupting intended use of the Internet

Enforcing the integrity of computer-based information

Compromising the privacy of users

0.5 points  

QUESTION 8

1.     What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?

An organization should collect only what it needs.

An organization should share its information.

An organization should keep its information up to date.

An organization should properly destroy its information when it is no longer needed.

0.5 points  

QUESTION 9

1.     Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Job rotation

Least privilege

Need-to-know

Separation of duties

0.5 points  

QUESTION 10

1.     What is NOT a goal of information security awareness programs?

Teach users about security objectives

Inform users about trends and threats in security

Motivate users to comply with security policy

Punish users who violate policy

0.5 points  

QUESTION 11

1.     Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Baseline

Policy

Guideline

Procedure

0.5 points  

QUESTION 12

1.     Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?

Intimidation

Name dropping

Appeal for help

Phishing

0.5 points  

QUESTION 13

1.     Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

Value

Sensitivity

Criticality

Threat

0.5 points  

QUESTION 14

1.     Which activity manages the baseline settings for a system or device?

Configuration control

Reactive change management

Proactive change management

Change control

0.5 points  

QUESTION 15

1.     What is the correct order of steps in the change control process?

Request, approval, impact assessment, build/test, monitor, implement

Request, impact assessment, approval, build/test, implement, monitor

Request, approval, impact assessment, build/test, implement, monitor

Request, impact assessment, approval, build/test, monitor, implement

0.5 points  

QUESTION 16

1.     Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?

Project initiation and planning

Functional requirements and definition

System design specification

Operations and maintenance

0.5 points  

QUESTION 17

1.     Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Formatting

Degaussing

Physical destruction

Overwriting

0.5 points  

QUESTION 18

1.     In an accreditation process, who has the authority to approve a system for implementation?

Certifier

Authorizing official (AO)

System owner

System administrator

0.5 points  

QUESTION 19

1.     In what type of attack does the attacker send unauthorized commands directly to a database?

Cross-site scripting

SQL injection

Cross-site request forgery

Database dumping

0.5 points  

QUESTION 20

1.     In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Spiral

Agile

Lean

Waterfall