Chapter 03 Quiz (ITN260) - Operational and Organizational Security

5.0(2)
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Get a hint
Hint

Who is responsible for the determination of policies for a given system?

Get a hint
Hint

System owner

Get a hint
Hint

What five phases should be covered in an incident response policy?

Get a hint
Hint

Preparation, detection, containment and eradication, recovery, and follow-up actions

Card Sorting

1/29

Anonymous user
Anonymous user
flashcard set

Earn XP

Description and Tags

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards

Who is responsible for the determination of policies for a given system?

System owner

2
New cards

What five phases should be covered in an incident response policy?

Preparation, detection, containment and eradication, recovery, and follow-up actions

3
New cards

Generally, policies should be updated more frequently than the procedures that implement them. (T/F)

False

4
New cards

Which term refers to the step between the account having access and the account being removed from the system?

Account disablement

5
New cards

Guidelines are mandatory elements regarding the implementation of a policy. (T/F)

False

6
New cards

Which term describes a method to check the security of a system by simulating an attack by a malicious individual?

Penetration test

7
New cards

Which term generally refers to the standard of care a reasonable person is expected to exercise in all situations?

Due care

8
New cards

Which term generally refers to the standard of care a business is expected to exercise in preparation for a business transaction?

Due diligence

9
New cards

Which user type has virtually unlimited power over the system?

system administrator

10
New cards

Which term describes a legal document used to describe a bilateral agreement between parties regarding a set of intended actions between the parties with respect to some common pursuit or goal?

memorandum of understanding (MOU)

11
New cards

Which type of classification includes categories such as High, Medium, Low, Confidential, Private, and Public?

information classification

12
New cards

Which term describes a legal agreement between partners establishing the terms, conditions, and expectations of the relationship between the partners?

business partnership agreement (BPA)

13
New cards

Which term refers to ensuring each individual in the organization is supplied with only the absolute minimum amount of information and privileges they need to perform their work tasks?

need to know

14
New cards

Data requires a data owner. (T/F)

True

15
New cards

Which password best meets typical complexity requirements?

p@ssw0rD

16
New cards

Disabling an account is irreversible. (T/F)

False

17
New cards

Which term is used for people who have data responsibilities?

data owners

18
New cards

Which document lays out a uniform set of rules associated with partnerships to resolve any partnership terms?

Uniform Partnership Act (UPA)

19
New cards

What are the four steps that make up the policy lifecycle?

plan, implement, monitor, and evaluate

20
New cards

Which term describes a high-level statement produced by senior management that outlines both what security means to the organization and the organization's goals for security?

security policy

21
New cards

Maintaining proper information in security training records is a requirement of several laws and regulations. (T/F)

True

22
New cards

Which term refers to a contractual agreement detailing the expectations of the customer and the service provider?

service level agreement (SLA)

23
New cards

Which term is concerned with guaranteeing fundamental fairness, justice, and liberty in relation to an individual's legal rights?

due process

24
New cards

What step can be taken to evaluate the effectiveness of the security measures in place at an organization?

Perform a vulnerability assessment.

25
New cards

Password length is critical to password-based security. (T/F)

True

26
New cards

The purpose of change management is to ensure proper procedures are followed when modifications to the IT infrastructure are made. (T/F)

True

27
New cards

What is one leading cause of account hijacking?

improper use and/or control over passwords

28
New cards

Which term refers to a security principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone?

separation of duties

29
New cards

Before magnetic storage media (such as disks or tapes) is discarded in the trash or sold for salvage, it should have all files deleted and should be overwritten at least times with all 1's, all 0's, and then random characters.

three

30
New cards

Nondisclosure agreements (NDAs) are frequently used to delineate the level and type of company secret information, and with whom it can be shared. (T/F)

True