Chapter 1 - Information Systems Security Policy Management

Answers
1. 
C
2. 
Standards
3. 
A
4. 
D and E
5. 
Procedure
6. 
D
7. 
C
8. 
Human
9. 
E
10. 
B
11. 
E



John works in the accounting department but travels to other company locations. He must present the past quarter's figures to the chief executive officer (CEO) in the morning. He forgot to update the PowerPoint presentation on his desktop computer at the main office. What is at issue here?
  1. Unauthorized access to the system
  2. Integrity of the data
  3. Availability of the data
  4. Nonrepudiation of the data
  5. Unauthorized use of the system

Governance is the practice of ensuring an entity is in conformance to policies, regulations, ________, and procedures.

COBIT is a widely accepted international best practices policy framework.
  1. True
  2. False

Which of the following are generally accepted as IA tenets but not ISS tenets? (Select two.)
  1. Confidentiality
  2. Integrity
  3. Availability
  4. Authentication
  5. Nonrepudiation

Greg has developed a document on how to operate and back up the new financial sections storage area network. In it, he lists the steps required for powering up and down the system as well as configuring the backup tape unit. Greg has written a ________.

When should a wireless security policy be initially written?
  1. When the industry publishes new wireless standards
  2. When a vendor presents wireless solutions to the business
  3. When the next generation of wireless technology is launched
  4. After a company decides to implement wireless and before it is installed

A toy company is giving its Web site a much-needed facelift. The new Web site is ready to be deployed. It's late October, and the company wants to have the site ready for the holiday rush. The year-end holiday season accounts for 80 percent of its annual revenue. What process would be of particular importance to the toy company at this time?
  1. Continuous improvement
  2. Business process reengineering
  3. Change management
  4. Information security system life cycle

Implementation and enforcement of policies is a challenge. The biggest hindrance to implementation of policies is the ________ factor.

Information systems security policies should support business operations. These policies focus on providing consistent protection of information in the system. This happens by controlling multiple aspects of the information system that directly or indirectly affect normal operations at some point. While there are many different benefits to supporting operations, some are more prevalent than others. Which of the following are aspects of ISS policies that extend to support business operations?
  1. Controlling change to the IT infrastructure
  2. Protecting data at rest and in transit
  3. Protecting systems from the insider threat
  4. B and C only
  5. All the above

Ted is an administrator in the server backup area. He is reviewing the contract for the offsite storage facility for validity. This contract includes topics such as the amount of storage space required, the pickup and delivery of media, response times during an outage, and security of media within the facility. This contract is an example of information security.
  1. True
  2. False

A weakness is found in a system's configuration which could expose client data to unauthorized users. Which of the following best describes the problem?
  1. A new threat was discovered.
  2. A new vulnerability was discovered.
  3. A new risk was discovered.
  4. A and B
  5. B and C
  6. A, B, and C

Answers
1. 
C
2. 
Standards
3. 
A
4. 
D and E
5. 
Procedure
6. 
D
7. 
C
8. 
Human
9. 
E
10. 
B
11. 
E

Comments

Post a Comment

Popular posts from this blog

Solar System Overview Questions and Answers

Image
Which planet is the most massive? Jupiter Which planet type tends to be high mass? Jovian Which planet is the least massive? Mercury Which planet type tends to be low mass? Terrestrial Which planet type tends to be high-density Terrestrial Which planet type tends to be small? Terrestrial Which planet type tends to have many natural satellites? Jovian If Pluto were a planet, which type would it be, if you consider only its size? Terrestrial If Pluto were a planet, which type would it be, if you consider only its density? Jovian If Pluto were a planet, which type would it be, if you consider only its number of satellites? Terrestrial What were the three major components of the solar nebula? Rock and Metal, Hydrogen Compounds, Hydrogen and Helium Gas Which components exist in solid form inside the Rock/Metal condensation line? (By ‘inside’ we mean closer to the center or closer to the protosun.) Non...
Read more

Extra Solar Planets Question and Answer

Image
Drag the phase slider left and right to move the planet into and out of transit mode. The normalized flux (relative amount of star light reaching an observer on Earth) when the planet is off to the side (not transiting) is _________ while the normalized flux when the planet is transiting is __________. (Hint: examine the plot at the top of the applet while you move the phase slider. The number you are looking for is on the left of the plot.) 1.000, 0.990 Now, decrease the planet size by sliding the Planet Properties ‘radius’ slider to the left until it is one-tenth (0.100) the radius of Jupiter. For this configuration, the normalized flux (relative amount of star light reaching an observer on Earth) when the planet is off to he side (not transiting) is ________ while the normalized flux when the planet is transiting is __________. 1.00000, 0.99990 Referring to the two questions above, the transit detection method relies on the difference between the flux when the pl...
Read more

Chapter 3 - U.S. Compliance Laws and Information Security Policy Requirements

Answers 1.   B 2.   E 3.   E 4.   D 5.   Cyberterrorism or cyberwarfare 6.   B 7.   CIPA 8.   B 9.   B 10.   B 11.   D 12.   D 1.  When creating laws and regulations, the government's sole concern is the privacy of the individual. True False 2.  Which of the following are pressures on creating security policies? Shareholder value Regulations Technology vulnerabilities and limitations B and C only All of the above 3.  Which of the following laws require proper security controls for handling privacy data? HIPAA GLBA FERPA B and C Only All of the above 4.  Which of the following are control objectives for PCI DSS? Maintain an information security policy Protect cardholder data Alert when credit cards are illegally used A and B only None of the above 5....
Read more