Cybersecurity Chapter 9

0.0(0)
studied byStudied by 3 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/17

flashcard set

Earn XP

Description and Tags

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

18 Terms

1
New cards
Security administration is the group of individuals responsible for planning, designing, implementing, and monitoring an organization’s security plan.
True
2
New cards
The security program requires documentation of :

A. the security process

B. The policies, procedures, and guidelines adopted by the organization

C. The authority of the persons responsible for security

D. All of the above

E. None of the above
D. All of the above
3
New cards
An organization does not have to comply with both regulatory standards and organizational standards.
False
4
New cards
An _____ is a formal contract between an organization and a third-party external organization that details the specific services the firm will provide.
Service level agreement (SLA)
5
New cards
Which software testing method provides random input to see how software handles unexpected data?
Fuzzing
6
New cards
In 1989, the IAB issued a statement of policy about Internet ethics. This document is known as _________.
RFC 1087
7
New cards
______ is the concept that users should be granted only the levels of permissions they need in order to perform their duties.
Principle of least privilege
8
New cards
Which of the following is an example of social engineering?

A. an emotional appeal for help

B. a phishing attack

C. Intimidation

D. Name-dropping

E. All of the above
E. All of the above
9
New cards
Policy sets the tone and culture of the organization.
A. True
10
New cards
______ direct the process of implementing the same hardware and software configurations across an organization to minimize security risk.
Standards
11
New cards
Which of the following is true of procedures?
They provide for places within the process to conduct assurance checks.
12
New cards
Data classification is the responsibility of the person who owns the data.
A. true
13
New cards
The objectives of classifying information include which of the following?

A. to identify data value in accordance with organization policy

B. to identify information protection requirements

C. to standardize classification labeling throughout the organization

D. to comply with privacy law, regulations, and so on

E. All of the above
E. All of the above
14
New cards
Configuration management is the management of modifications made to the hardware, software, firmware, documentation, test plans, and test document of an automated system throughout the system life cycle.
A. True
15
New cards
The change management process includes ___ control and _____ control.
configuration; change
16
New cards
More and more organizations use the term _____ to describe the entire change and maintenance process for application.
System development life cycle (SDLC)
17
New cards
When developing software, you should ensure the application does which of the following?

\
A. has edit checks, range checks, validity checks, and other similar controls

B. checks user authorization

C. has procedures for recovering database integrity in the event of system failure

E. all of the above
E. all of the above
18
New cards
There are several types of software development methods, but most traditional methods are based on the _____ model.
Waterfall