Chapter 03 Quiz (ITN260) - Operational and Organizational Security

5.0(2)
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/29

flashcard set

Earn XP

Description and Tags

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards
Who is responsible for the determination of policies for a given system?
System owner
2
New cards
What five phases should be covered in an incident response policy?
Preparation, detection, containment and eradication, recovery, and follow-up actions
3
New cards
Generally, policies should be updated more frequently than the procedures that implement them. (T/F)
False
4
New cards
Which term refers to the step between the account having access and the account being removed from the system?
Account disablement
5
New cards
Guidelines are mandatory elements regarding the implementation of a policy. (T/F)
False
6
New cards
Which term describes a method to check the security of a system by simulating an attack by a malicious individual?
Penetration test
7
New cards
Which term generally refers to the standard of care a reasonable person is expected to exercise in all situations?
Due care
8
New cards
Which term generally refers to the standard of care a business is expected to exercise in preparation for a business transaction?
Due diligence
9
New cards
Which user type has virtually unlimited power over the system?
system administrator
10
New cards
Which term describes a legal document used to describe a bilateral agreement between parties regarding a set of intended actions between the parties with respect to some common pursuit or goal?
memorandum of understanding (MOU)
11
New cards
Which type of classification includes categories such as High, Medium, Low, Confidential, Private, and Public?
information classification
12
New cards
Which term describes a legal agreement between partners establishing the terms, conditions, and expectations of the relationship between the partners?
business partnership agreement (BPA)
13
New cards
Which term refers to ensuring each individual in the organization is supplied with only the absolute minimum amount of information and privileges they need to perform their work tasks?
need to know
14
New cards
Data requires a data owner. (T/F)
True
15
New cards
Which password best meets typical complexity requirements?
p@ssw0rD
16
New cards
Disabling an account is irreversible. (T/F)
False
17
New cards
Which term is used for people who have data responsibilities?
data owners
18
New cards
Which document lays out a uniform set of rules associated with partnerships to resolve any partnership terms?
Uniform Partnership Act (UPA)
19
New cards
What are the four steps that make up the policy lifecycle?
plan, implement, monitor, and evaluate
20
New cards
Which term describes a high-level statement produced by senior management that outlines both what security means to the organization and the organization's goals for security?
security policy
21
New cards
Maintaining proper information in security training records is a requirement of several laws and regulations. (T/F)
True
22
New cards
Which term refers to a contractual agreement detailing the expectations of the customer and the service provider?
service level agreement (SLA)
23
New cards
Which term is concerned with guaranteeing fundamental fairness, justice, and liberty in relation to an individual's legal rights?
due process
24
New cards
What step can be taken to evaluate the effectiveness of the security measures in place at an organization?
Perform a vulnerability assessment.
25
New cards
Password length is critical to password-based security. (T/F)
True
26
New cards
The purpose of change management is to ensure proper procedures are followed when modifications to the IT infrastructure are made. (T/F)
True
27
New cards
What is one leading cause of account hijacking?
improper use and/or control over passwords
28
New cards
Which term refers to a security principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone?
separation of duties
29
New cards
Before magnetic storage media (such as disks or tapes) is discarded in the trash or sold for salvage, it should have all files deleted and should be overwritten at least ________ times with all 1's, all 0's, and then random characters.
three
30
New cards
Nondisclosure agreements (NDAs) are frequently used to delineate the level and type of company secret information, and with whom it can be shared. (T/F)
True