07 Jan What is a vulnerability

Question 1 (4 points)

Saved

What is pretexting associated with?

Question 1 options:

Hiring personnel

Communication between senior management and general employees

Policy dissemination

Social engineering

Question 2 (4 points)

Saved

Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take?

Question 2 options:

SAP

AUP

None of the above

PAA

Question 3 (4 points)

Saved

Which type of agreement would you have a contract system administrator (temporary worker) sign?

Question 3 options:

PAA

Both A and C

AUP

SAP

Question 4 (4 points)

Saved

A standard for Web Services from an external provider would be part of which set of policies?

Question 4 options:

WAN Domain policies

System/Application Domain policies

User Domain policies

LAN Domain policies

Question 5 (4 points)

Saved

Which of the following would include information on firewalls that handle application traffic?

Question 5 options:

WAN Domain policies

System/Application Domain policies

LAN Domain policies

User Domain policies

Question 6 (4 points)

Saved

A LAN Domain policy would include guidelines for which of the following?

Question 6 options:

Telecommunications

User access rights

IDS and IPS architecture and management

Applications

Question 7 (4 points)

Saved

Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?

Question 7 options:

Secret

Top Secret

Confidential

Unclassified

Question 8 (4 points)

Saved

Which policy outlines the process by which a BCP and DRP plan is activated?

Question 8 options:

Server Policy

Disaster Declaration Policy

RTP

Incident Policy

Question 9 (4 points)

Saved

In a business classification scheme, which classification refers to routine communications within the organization?

Question 9 options:

Highly sensitive

Public

Internal

Sensitive

Question 10 (4 points)

Saved

Triage is performed during which phase of incident response?

Question 10 options:

Discovery

Clean-up

Containing and Minimizing

Reporting

Previous PageNext Page

Question 11 (4 points)

Saved

Evidence from an incident must be documented and protected from the time it’s obtained to the time it’s presented in court. Which tool is used to document this evidence?

Question 11 options:

Writ of evidence

Chain of custody

Incident log

Real evidence docket

Question 12 (4 points)

Saved

According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?

Question 12 options:

An incomplete transaction

Loss of a password

Denial of Service attack

Wi-Fi password loss

Question 13 (4 points)

Saved

Before an incident can be declared, the IRT must develop an incident __________ for incident response.

Question 13 options:

procedure

budget

discovery process

control

Question 14 (4 points)

Saved

What is a benefit of instructor-led classroom training for security awareness?

Question 14 options:

Low cost

Flexibility

Both A and B

Neither A nor B

Question 15 (4 points)

Saved

What is a common consequence of failing to adhere to an acceptable use policy (AUP)?

Question 15 options:

Loss of computer privileges at work

E-mail reminder

Nothing; an AUP is only a guideline

Disciplinary action

Question 16 (4 points)

Saved

Implementing IT security policies is as much about __________ as it is about implementing controls.

Question 16 options:

changing attitudes

changing personnel

disciplinary actions

budgeting

Question 17 (4 points)

Saved

Which of the following is a common cause of security breaches?

Question 17 options:

Outsourced processing to vendors

Improved training and security awareness

Increased employee motivation

Inadequate management and user decisions

Question 18 (4 points)

Saved

What is the name of a common control that is used across a significant population of systems, applications, and operations?

Question 18 options:

Pervasive

Enterprise

Perpetual

Persistent

Question 19 (4 points)

Saved

__________ is/are key(s) to security policy enforcement.

Question 19 options:

IT personnel support

Executive support

Physical controls

A communications plan

Question 20 (4 points)

Saved

Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee’s right to privacy?

Question 20 options:

Encryption

A risk assessment

An acceptable use policy

A data leakage protection system

Question 21 (4 points)

Saved

Which of the following is least likely to indicate the effectiveness of an organization’s security policies?

Question 21 options:

Vulnerability assessments

Detective controls

Policy compliance reviews

An incident response plan

Question 22 (4 points)

Saved

Which organization created the Security Content Automation Protocol (SCAP) as part of its responsibilities under FISMA?

Question 22 options:

Microsoft

The MITRE Corporation

US-CERT

NIST

Question 23 (4 points)

Saved

A(n) __________ can include a computer’s full operating system, applications, and system settings, including security and configuration settings.

Question 23 options:

baseline

image

group policy

patch

Question 24 (4 points)

Saved

What does a configuration management database (CMDB) hold?

Question 24 options:

System configuration information

Policy change documentation

Security policies

None of the above

Question 25 (4 points)

Saved

What is a vulnerability window?

Question 25 options:

The time between when a new vulnerability is discovered and when software developers start writing a patch.

The time required to image a computer.

System downtime associated with a successful attack.

The period of time during which an attacker may launch a DoS attack.