Which policy defines the actions users may perform while accessing systems and networking equipment?

Security - Chapter 15

Assessing risk should include testing of technology assets to identify any vulnerabilities.

Many cloud providers allow customers to perform penetration tests and vulnerability scans without permission and whenever is necessary.

The classification designation of government documents is typically Top Secret, Secret, Unusual, Confidential, and Unclassified.

A subject's privilege over an object should follow the principle of least privilege.

The FIT calculation is another way of reporting MTTF.

A security control is any device or process that is used to reduce risk.

A physical control attempts to discourage security violations before they occur.

Distributive allocation refers to "eliminating" the risk.

Risk avoidance involves identifying the risk and making the decision to engage in the activity.

Vendor-specific guides are useful for configuring web servers, operating systems, applications servers, and network infrastructure devices

What term can be described as a function of threats, consequences of those threats, and the resulting vulnerabilities?

Due to the potential impact of changes that can affect all users in an organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?

What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

What can be defined as the planning, coordination, and communications functions that are needed to resolve an incident in an efficient manner?

A written document that states how an organization plans to protect the company's information technology assets is a:

A collection of suggestions that should be implemented is referred to as a:

Select the option that best describes an asset:

any item that has a positive economic value

Select the option that best describes a policy:

a document that outlines specific requirements or rules that must be net

Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?

What kind of policy defines the actions users may perform while accessing systems and networking equipment?

Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?

Which term below describes the art of helping an adult learn?

What term best describes the ability to continue to function as the size or volume of the enterprise data center expands to meet the growing demands?

What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

What type of learner learns best through hands-on approaches?

What type of control is designed to provide an alternative to normal controls that for some reason cannot be used.?

Which of the following refers to the start-up relationship between partners?

What is a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service?

What describes an agreement between two or more parties and demonstrates a "convergence of will" between the parties so that they can work together?

Which of the following is an agreement that is intended to minimize security risks for data transmitted across a network?

Which of the following is considered to be a common security issue? (Choose all that apply.)

B certificate issues
D authentication isssues

Select the specific type of interview that is usually conducted when an employee leaves the company?

What specific type of mechanism should be utilized by all types of training to provide input from participants on the training's effectiveness so that any needed modifications can be made for future training?

What control is designed to identify any threat that has reached the system?

What type of threat is a threat related to the natural surroundings of an enterprise?

What type of risk calculation uses an "educated guess" based on observation?

qualitative risk calculation

Which threat category affects the long-term goals of the organization?

Which threat category impacts the daily business of the organization?

Which of the following is a network that moves a product from the supplier to the customer and is comprised of vendors that supply raw material, manufacturers who convert the material into products, warehouses that store products, distribution centers tha

Which of the following is a basic measure of reliability for systems that cannot be repaired?

What are the two risk calculation formulas commonly used to calculate expected losses?

ANSWER: The Single Loss Expectancy (SLE) is the expected monetary loss every time a risk occurs and the the Annualized Loss Expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.

What is mean time to recovery (MTTR)?

MTTR is the average amount of time that it will take a device to recover from a failure that is not a terminal failure.

A risk register is a list of potential threats and associated risks. The threats are sometimes rated both before and after controls have been implemented. Often shown as a table, a risk register can help provide a clear snapshot of vulnerabilities and ris

Explain how continuous monitoring can benefit an IT enterprise's operations.

ANSWER: Continuous monitoring allows for a continuous stream of near real-time views of the state of risk to clients, security devices, networks, cloud devices, applications and data. Continuous monitoring can provide valuable insight into assessing exist

Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.

In a pedagogical approach, the subject matter is defined by what the teacher wants to give. In an andragogical approach, learning is organized around situations in life or at work.

List and describe three of the six risk categories.

ANSWER: Strategic: Action that affects the long-term goals of the organization. Compliance: Following a regulation or standard. Financial: Impact of financial decisions or market factors. Operational: Events that impact the daily business of the organizat

Why should authorization be obtained for penetration testing and vulnerability testing?

ANSWER: A penetration or vulnerability test is an attempt to break into a computer network. Because computer crime can carry severe penalties, a tester should have written and signed authority to conduct these tests. Penetration testing may result in disr

Explain the concept of change management.

Change management refers to a methodology for making modifications to a system and keeping track of those changes. In some instances, changes to network or system configurations are made haphazardly to alleviate a pressing problem. Without proper document

What is privilege management?

Privilege management is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.

What is a security control?

ANSWER: A security control is any device or process that is used to reduce risk. That is, it attempts to limit exposure to a danger. There are two levels of security controls, administrative controls and technical controls. Administrative controls are the

What is a network security policy quizlet?

What is a methodology for making modifications to a system and keeping track of those changes?

What can be defined as the planning coordination and communication functions that are needed to resolve an incident in an efficient manner?

Is a written document that states how an organization plans to protect the company's information technology assets?