CST 151 ##

Q1. The procedures associated with unfriendly terminations are generally no different from those associated with friendly ones.

    a. True

    b. False

 

Q2. The ____ plan should lay out a comprehensive strategy that will guard against the malicious actions of human beings in the workforce.

    a. data security

    b. personnel security

    c. system security

    d. resource security

 

Q3. Because a lot of IT work is ____, the personnel security process has to state explicit rules to ensure the security of contracted work.

    a. insourced

    b. outsourced

    c. delayed

    d. part-time

 

Q4. In the procedure associated with friendly termination, the user's ____ are removed first.

    a. access privileges

    b. object rights

    c. system rights

    d. logon privileges

 

Q5. Logically, the entry point into the process of assigning privileges to company roles is the ____ process.

    a. role definition

    b. personnel definition

    c. job definition

    d. technical definition

 

Q6. The first step to developing a ____ is a comprehensive inventory of all of the physical assets that fall within the protected space.

    a. Operational Security Plan

    b. Software Security Plan

    c. Risk Management Plan

    d. Physical Security Plan

 

Q7. ____ is the primary factor in a physical security plan because it dictates the form of physical access control.

    a. Environment

    b. Control

    c. Access

    d. Location

 

Q8. ____ methods include people-based solutions such as foot patrols and closed-circuit TV surveillance.

    a. Intrusion elimination

    b. Intrusion diversion

    c. Intrusion detection

    d. Intrusion misdirection

 

Q9. Most physical security plans are developed separately from the planning that defines the activities of the information security process.

    a. True

    b. False

 

Q10. There are normally three classes of items in each of the physical security management baselines: equipment, people, and the ____.

    a. environment

    b. process

    c. procedures

    d. technology

 

Q11. Audit-based intrusion detection depends on data in ____.

    a. system files

    b. memory

    c. system logs

    d. applications

 

Q12. Rules that define the boundaries of ____ are an essential factor in the establishment of a network security function.

    a. access

    b. trust

    c. an organization

    d. the network

 

Q13. The ____ approach to network security entails a partitioned or subdivided topology.

    a. segmented

    b. hub

    c. spoke

    d. ring

 

Q14. Consistency is always a threat to the operation of networks.

    a. True

    b. False

 

Q15. Switches and ____ are the physical components that interconnect the computers within a network.

    a. routers

    b. hubs

    c. firewalls

    d. proxies

 

Q16. Given the number of possible participants in the operations and maintenance process, the logical way to establish a formal security of operations function is through an organization-wide ____ activity.

    a. enterprise continuity

    b. data security

    c. digital forensics

    d. strategic planning

 

Q17. The purpose of the operational security plan is to organize and coordinate the company's security resources, in order to ensure reliable, day-to-day operational assurance of the business.

    a. True

    b. False

 

Q18. The ____ provides an unambiguous statement of how the company will coordinate and control its information security practice.

    a. functional security plan

    b. enterprise security plan

    c. operational security plan

    d. strategic security plan

 

Q19. ____ is a continuous process when it comes to ensuring the integrity of the security system.

    a. Evaluation

    b. Oversight

    c. Management

    d. Review

 

Q20. Threats are often identified before their actual impact is fully understood.

    a. True

    b. False

 

Q21. The deliberate control level of the capability maturity process is based on a ____.

    a. systematic risk assessment

    b. systematic vulnerability assessment

    c. systematic incident assessment

    d. systematic review

 

Q22. The ____ function is responsible for making certain that the individuals who perform specific information security tasks have all of the requisite knowledge, skills, and abilities to carry out their designated duties.

    a. training

    b. awareness

    c. accountability

    d. data security

 

Q23. Behavior that falls within the common norms of a group is known as ____ behavior.

    a. acceptable

    b. unacceptable

    c. tolerable

    d. functional

 

Q24. ____ refers to general or company-wide recognition of the existence of a security requirement or concept.

    a. Attention

    b. Awareness

    c. Accountability

    d. Training

 

Q25. ____ is the internal condition that activates or drives behavior.

    a. Incentive

    b. Awareness

    c. Motivation

    d. Training