Chapter 1 Assessment Flashcards
Information security is specific to securing infor
mation, whereas information systems security is
focused on the security of the systems that house
the information.
True
Software manufacturers limit their liability when
selling software using which of the following?
End-User License Agreements
The __________ tenet of information systems secu
rity is concerned with the recovery time objective.
Availability
If you are a publicly-traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that
data breach.
True
Organizations that require customer service representatives to access private customer data can best protect customer privacy and make
it easy to access other customer data by using which of the following security controls?
Blocking out customer private data details
and allowing access only to the last four
digits of Social Security numbers or account
number
The __________ is the weakest link in an IT
infrastructure
User Domain
Which of the following security controls can help
mitigate malicious email attachments?
All of the above –
A. Email filtering and quarantining
B. Email attachment antivirus scanning
C. Verifying with users that email source is
reputable
D. Holding all inbound emails with unknown
attachments
You can help ensure confidentiality by implementing __________.
A virtual private network for remote access
Encrypting email communications is needed if
you are sending confidential information within
an email message through the public Internet.
True
Using security policies, standards, procedures,
and guidelines helps organizations decrease
risks and threats
True
A data classification standard is usually part of
which policy definition?
Asset protection policy
A data breach is typically performed after which
of the following?
Unauthorized access to systems and application is obtained
Maximizing availability primarily involves minimizing __________.
All of the above –
A. The amount of downtime recovering from a
disaster
B. The mean time to repair a system or application
C. Downtime by implementing a business continuity plan
D. The recovery time objective
Which of the following is not a U.S. compliance
law or act
PCIDS
Internet IP packets are to cleartext what encrypted IP packets are to __________.
Ciphertext