Fundamentals of Information Systems Security Chapter 4 Assessment
0.0(0)
Learn
Practice Test
Spaced Repetition
Match
FlashcardsCard Sorting
1/14
Earn XP
Description and Tags
Study Analytics
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
15 Terms
1
New cards
Risk management is responding to a negative
event when it occurs.
event when it occurs.
True
2
New cards
With respect to IT security, a risk can result in
either a positive or a negative effect.
either a positive or a negative effect.
True
3
New cards
According to PMI, which term describes the list of
identified risks?
identified risks?
Risk registe
4
New cards
What is the primary purpose of a business impact
analysis (BIA)
analysis (BIA)
All of the above--
A. To identify, categorize, and prioritize mission
critical business functions
B. To provide a road map for business continuity
and disaster recovery planning
C. To assist organizations with risk management
D. To assist organizations with incident response
planning
A. To identify, categorize, and prioritize mission
critical business functions
B. To provide a road map for business continuity
and disaster recovery planning
C. To assist organizations with risk management
D. To assist organizations with incident response
planning
5
New cards
Which of the following terms defines the amount
of time it takes to recover a production IT system,
application, and access to data?
of time it takes to recover a production IT system,
application, and access to data?
Recovery time objective
6
New cards
The recovery point objective (RPO) defines the
last point in time for _______ recovery that can be
enabled back into production.
last point in time for _______ recovery that can be
enabled back into production.
Data
7
New cards
Which of the following solutions are used for
authenticating a user to gain access to systems,
applications, and data?
authenticating a user to gain access to systems,
applications, and data?
All of the above--
A. Passwords and PINs
B. Smart cards and tokens
C. Biometric devices
D. Digital certificates
A. Passwords and PINs
B. Smart cards and tokens
C. Biometric devices
D. Digital certificates
8
New cards
Which risk management approach requires a dis
tributed approach with business units working
with the IT organization?
tributed approach with business units working
with the IT organization?
OCTAVE
9
New cards
The NIST SP800-30 standard is a _______________
management framework standard for performing
risk management.
management framework standard for performing
risk management.
Risk
10
New cards
Which term indicates the maximum amount of
data loss over a time period?
data loss over a time period?
RPO
11
New cards
Organizations that permit their employees to use
their own laptops or smartphone devices and
connect to the IT infrastructure describe a policy
referred to as:
their own laptops or smartphone devices and
connect to the IT infrastructure describe a policy
referred to as:
BYOD
12
New cards
Which of the following are organizational
concerns for BYOD and mobility?
concerns for BYOD and mobility?
None of the above
13
New cards
__ __ is the U.S. security-related act that governs
regulated health care information.
regulated health care information.
HIPAA
14
New cards
Which U.S. security-related act governs the secu
rity of data specifically for the financial industry
rity of data specifically for the financial industry
GLBA
15
New cards
Which of the following business drivers are
impacting businesses' and organizations' security
requirements and implementations?
impacting businesses' and organizations' security
requirements and implementations?
All of the above -
A. Mobility
B. Regulatory compliance
C. Productivity enhancements
D. Always-on connectivity
A. Mobility
B. Regulatory compliance
C. Productivity enhancements
D. Always-on connectivity
Note 
Flashcards (86)