3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides Flashcards

1
Q

regulatory

A

Government controlled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

inter-national

A

Not American

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Industry-specific Frameworks

A

These are aspects that pertain to specific fields, ie, HIPAA to medical records; SOX to accounting, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Platform/Vendor-specific Guides

A

Specific to the HW / SW you have in your enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Network Infrastructure Devices

A

A Router, a Switch, hopefully not a Hub, any device on your network that allows your device to communicate with other devices, on you local network or the Internet as a whole.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Sarbanes-Oxley

A

Accounting laws - CEO and CFO in an organization are accountable if someone under them is caught breaking a finance law. called SOX on the test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Defense in depth

A

the use of multiple types of access controls in literal or theoretical concentric circles or layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Layer Security

A

Defense in Depth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Vendor Diversity

A

Do not use the same vendor for all devices on your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

User Training

A

conducted during on-boarding, and your policy should give guidance on the frequency of additional training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In order to avoid creating a monolithic security structure, organizations should adopt a wide range of security mechanisms. What is this concept is known as?

A. Defense in depth
B. Control Diversity
C. Intranet buffering
D. Layered Security

A

B. Control Diversity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Of the following, which BEST defines a regulatory security framework?

A. A security guidance established by a government regulation or law.
B. A security guidance crafted by a nongovernment entity.
C. A security guidance crafted to be applicable to one specific industry.
D. A security guidance designed for use within a particular country.

A

A. A security guidance established by a government regulation or law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly