Chapter 4 Assessment Flashcards

1
Q

Risk management is responding to a negative

event when it occurs.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

With respect to IT security, a risk can result in

either a positive or a negative effect.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

According to PMI, which term describes the list of

identified risks?

A

Risk registe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the primary purpose of a business impact

analysis (BIA)

A

All of the above–
A. To identify, categorize, and prioritize mission
critical business functions
B. To provide a road map for business continuity
and disaster recovery planning
C. To assist organizations with risk management
D. To assist organizations with incident response
planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following terms defines the amount
of time it takes to recover a production IT system,
application, and access to data?

A

Recovery time objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The recovery point objective (RPO) defines the
last point in time for _______ recovery that can be
enabled back into production.

A

Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following solutions are used for
authenticating a user to gain access to systems,
applications, and data?

A
All of the above--
A. Passwords and PINs
B. Smart cards and tokens
C. Biometric devices
D. Digital certificates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which risk management approach requires a dis
tributed approach with business units working
with the IT organization?

A

OCTAVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The NIST SP800-30 standard is a _______________
management framework standard for performing
risk management.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which term indicates the maximum amount of

data loss over a time period?

A

RPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Organizations that permit their employees to use
their own laptops or smartphone devices and
connect to the IT infrastructure describe a policy
referred to as:

A

BYOD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following are organizational concerns for BYOD and mobility?

A

None of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

__ __ is the U.S. security-related act that governs

regulated health care information.

A

HIPAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which U.S. security-related act governs the security of data specifically for the financial industry

A

GLBA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following business drivers are impacting businesses’ and organizations’ security
requirements and implementations?

A
All of the above -
A. Mobility
B. Regulatory compliance
C. Productivity enhancements
D. Always-on connectivity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly