Upgrade to remove ads
Only ₩37,125/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (21)
Joe is authoring a document that explains to system administrators one way that they might comply with the organization's requirement to encrypt all laptops.
What type of document is Joe writing?
APolicy
B.Guideline
C.Procedure
D.Standard
B.Guideline
Explanation:
The key word in
this scenario is "one way". This indicates that compliance with the document is not mandatory, so Joe must be authoring a guideline.
Incorrect answers:
Policies, Standards and procedures are all mandatory
Which one of the following statements is not true about compensating controls under their PCI DSS?
A.Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another
requirement
B.Controls must meet the intent of the original requirement
C.Controls must meet the rigor of the original requirement
D.Compensating controls must provide a similar level of defense as the original requirement
A. Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement
Explanation:
PCI DSS compensating controls must be "above and beyond" other PCI DSS
requirements.
This specifically bans the use of a control used to meet one requirement as a compensating control for another requirement
What law creates cybersecurity obligations for healthcare providers and others in the health industry?
A.HIPPA
B.FERPA
C.GLBA
D.PCI DSS
A.HIPPA
Explanation:
The Health Insurance Portability and accountability Act (HIPPA) includes security and privacy rules
that affect healthcare providers, health insurers, and health information clearinghouses
Which one of the following is not one of the five core security functions definite by the NIST CyberSecurity framework?
A.Identify
B.Contain
C.Respond
D.Recover
B. Contain
Explanation:
The five security functions described in the NIST Cybersecurity Framework are identify, protect, respond and recover
What is standard applies to information security management controls?
A.9001
B.27001
C.14032
D.57033
B.27001
Explanation:
The International Organization for Standardization (ISO) publishes ISO 27001, a standard document titled "Information technology- Security techniques-Information security management systems- Requirements"
Which one of the following
documents must normally be approved by the CEO or similarly high-level executive?
A.Standard
B.Procedure
C.Guideline
D.Policy
D.Policy
Explanation:
Policies require approval from the highest level of management, usually the CEO
Other documents may often be approved by other managers, such as the CEO
What SABSA architecture layer corresponds to the designers view of security
architecture?
A.Contextual security architecture
B.Conceptual security architecture
C.Logical security architecture
D.Component Security architecture
C.Logical security architecture
Explanation:
The logical security architecture corresponds to the designers view in the SABSA model.
The contextual architecture is the business view, the conceptual architecture is the architects view, and the component architecture is the tradesman's view
What law governs the financial records of publicly traded companies?
A.GLBA
B.SOX
C.FERPA
D.PCI DSS
B.SOX
Explanation:
The Sarbanes-Oxley (SOX) Act applies to the financial records of publicly traded companies and require that those companies have a strong degree of assurance around the IT systems that store and process those records
What TOGAF domain
provides the organizations approach to storing and managing information assets?
A.Business architecture
B.Applications architecture
C.Data architecture
D.Technical architecture
C.Data architecture
Explanation:
In the TOGAF model, the data architecture provides the organizations approach to storing and managing information assets
Which one of the following would not normally would be found in
a organizations information security policy?
A.Statement of the importance of cybersecurity
B.Requirement to use AES-256 encryption
C.Delegation of authority
D.Designation of responsible executive
B.Requirement to use AES-256 encryption
Explanation:
Security polices do not normally contain prescriptive technical guidance, such as a requirement to use a specific encryption algorithm.
This type of detail would not normally be found ion a
security standard
Darren is helping the Human Resources department create a new policy for background checks on new hires.
What type of control is Darren creating?
A.Physical
B.Technical
C.Logical
D.Administrative
D.Administrative
Explanation:
Administrative controls are procedural mechanisms that an organizations follows to implement sound security management practices.
Examples of
administrative controls include user account reviews, employee backgrounds investigations, log reviews and separation of duty policies
Which one of the following control models describes the five core activities associated with IT service management as a service strategy, service design, service transition, service operation, and continual service improvement?
A.COBIT
B.TOGAF
C.ISO 27001
D.ITIL
D.ITIL
Explanation;
The information Technology Infrastructure (ITIL) is a framework that offers a comprehensive approach to IT service management (ITSM) within the modern enterpise.
ITIL covers five core activities; Service Strategy, Service Design, Service Transition, Service operation, and Continual Service Improvement
What compliance obligation applies to merchants and service providers who work with credit card
information?
A.FERPA
B.SOX
C.HIPAA
D.PCI DSS
D.PCI DSS
Explanation:
The Payment card Industry Data Security Standard (PCI DSS) provides detailed rules about the storage, processing, and transmission of credit and debit card information.
PCI DSS is not a low but rather a contractual obligation that applies to credit card merchants and service providers
Which one of the following policies
would typically answer questions about when an organization should destroy records?
A.Data ownership policy
B.Account management policy
C.Password policy
D.Data retention policy?
D.Data retention policy
Explanation:
The data retention policy outlines what information the organization will maintain and the length of time different categories of information will be retained prior to destruction
While
studying an organizations risk management process under the NIST Cybersecurity Framework, Rob determines that the organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity actitivies.
What tier should be assign based on this measure?
A.Tier 1
B.Tier 2
C.Tier 3
D.Tier 4
D.Tier 4
Explanation:
The description provided matches the definition of a Tier 4
(Adaptive) organizations risk management practices under the NIST Cybersecurity Framework
Which one of the following security policy framework components does not contain mandatory guidance for individuals in the organization?
A.Policy
B.Standard
C.Procedure
D.Guideline
D.Guideline
Explanation:
Guidelines are the only element of the security policy framework that are optional.
Compliance
with policies, standards and procedures are mandatory
Tina is creating a set of firewall rules designed to block denial-of-service attacks from entering her organizations network.
What type of control is Tina designing?
A.Logical control
B.Physical control
C.Administrative control
D.Root access control
A.Logical controls
Explanation:
Logical controls are technical controls that enforce
confidentiality, integrity, and availability in the digital space.
Examples of logical security controls include firewall rules, access control lists, intrusion preventive systems and encryption
Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization.
What type of document is Allan
writing?
A.Policy
B.Standard
C.Guideline
D.Procedure
B. Standard
Explanation:
Standards describe specific security controls that must be in place for an organization.
Allan would not include acceptable mechanisms in a high-level policy document, and this information is too general to be useful as a procedure.
Guidelines are not mandatory, so they would not be applicable in this scenario
Which
one of the following is not a common use of the NIST Cybersecurity Framework?
A.Describe the current cybersecurity posture of an organization
B.Describe the target future cybersecurity posture of an organization
C.Communicate
d. Create specific technology requirements for an organization
Explanation:
The NIST Cybersecurity Framework is designed to help organizations describe their current cybersecurity posture, describe their target state for
cybersecurity, identify and prioritize opportunities for improvement, assess progress and communicate with stakeholders about risk.
It does not create specific technology requirements
Shelly is writing a document that describes the steps that incident response teams will follow upon first notice of a potential incident.
What type of document is she creating?
A.Policy
B.Standard
C.Guideline
D.Procedure
D.Procedure
Explanation:
Procedures provide checklist-style sets of step-by-step instruction guiding how employees should react in a given circumstance.
Procedures commonly guide the early stages of incident response
WHat is standard applies to information seucirty management controls?
A.9001
B.27001
C.14032
D.57033
...
Sets with similar terms
ITEC370 Test 2
80 terms
DJFATWILL
CS 332 Chptr 4
56 terms
akilubalt
Cumulative Final Secure Policy
53 terms
nick_saveleski
CSIS 340 - Bob Tucker - Exam 2
80 terms
soccergoal757PLUS
Sets found in the same folder
Chapter 10 Defense in Depth Security Architecture
19 terms
Keegzzz5
Chapter 7 Performing Forensic Analysis
20 terms
Keegzzz5
Chapter 8 Recovery and Post-Incident Response
20 terms
Keegzzz5
Jason Dion's CySA+ Practice Exam 1
60 terms
Keegzzz5
Other sets by this creatorPentest+ Jason Dions Practice Questions
18 terms
Keegzzz5
Sybex Practice Exam Chapter 6 Practice Exam 2
51 terms
Keegzzz5
Sybex Pratice Questions Domain 5 Chapter 5
85 terms
Keegzzz5
Sybex Practice Exam Book Chapter 4
216 terms
Keegzzz5
Verified questions
ENGINEERING
A child's balloon is a sphere 1 ft. in diameter. The balloon is filled with helium $\left(\rho=0.014 \mathrm{lbm} / \mathrm{ft}^{3}\right)$. The balloon material weighs 0.008 $\mathrm{lb} / \mathrm{ft}^{2}$ of surface area. If the child releases the balloon, how high will it rise in the Standard Atmosphere. (Neglect expansion of the balloon as it rises.)
Verified answer
ENGINEERING
A 60 W bulb is on for 10 h. a. What is the energy used in wattseconds? b. What is the energy dissipated in joules? c. What is the energy transferred in watthours? d. How many kilowatthours of energy were dissipated? e. At 12c/kWh, what was the total cost?
Verified answer
ENGINEERING
Consider the vertical rectangular wall of a water tank with a width of 5 m and a height of 8 m. The other side of the wall is open to the atmosphere. The resultant hydrostatic force on this wall is (a) 1570 kN (b) 2380 kN (c) 2505 kN (d) 1410 kN (e) 404 kN
Verified answer
ENGINEERING
Consider the following reaction representing the combustion of propane: $\mathrm{C}_{3} \mathrm{H}_{8}+\mathrm{O}_{2} \rightarrow \mathrm{CO}_{2}+\mathrm{H}_{2} \mathrm{O}$ (a) Balance the equation. (b) How many moles of oxygen are required to burn 1 mol of propane? (c) How many grams of oxygen are required to burn 100 g of propane? (d) At standard temperature and pressure, what volume of oxygen would be required to burn 100 g of propane? If air is 21 percent oxygen, what volume of air at STP would be required? (e) At STP, what volume of $\mathrm{CO}_{2}$ would be produced when 100 g of propane are burned?
Verified answer
Other Quizlet setsreligion test 123456 i like nba2k
15 terms
jamesdanurd
practical 3 lesson 9
86 terms
melinda_tran7
CS241v2
60 terms
succulent_pear
History of Chiropractic - midterm
30 terms
shelton_elaina
Related questionsQUESTION
What is the primary function of a web browser?
15 answers
QUESTION
Mismatch repair requires the ability to distinguish between template and newly synthesized DNA strands. How can E. coli distinguish between these two strands?
15 answers
QUESTION
A nurse assistant has been asked to collect a clean clutch urine specimen from Mr. Jones , a non catheterized person with slight dementia , The NA should?
2 answers
QUESTION
Which is the best way to insure that students will lead a physically active lifestyle.
7 answers