Information Technology and Security

Question 1

Reasonableness

Answer 1

Data validation that considers reliability, validity, and duplicates and identifies them for additional scrutiny.

Question 2

False Reject Rate

Answer 2

Want a higher False Reject Rate to protect data centers.

Question 3

Best way to prevent internal attacks

Answer 3

Security awareness training for all who have access to internal resources.

Question 4

Employee Owned Devices

Answer 4

Greatest risk to business functions and enterprise.

Question 5

Security Awareness Training

Answer 5

Prevent Internal Threats
Reduce social engineering attacks

Question 6

Sings of effective incident response and security awareness

Answer 6

Increased reporting of security events.
Increase number of violation reports.

Question 7

Configuration Management

Answer 7

Establishing baselines for hardware, software, and internally developed systems.
Images are managed here.

Question 8

Change Management

Answer 8

Comprises of the overall governance framework and serves the configuration, release and management issues.

Question 9

Incident Response Process

Answer 9

Detection-identify cause.
Response-limit impact.
Mitigation-remediation
Recovery-full repair of event

Question 10

Indicates the readiness and preparedness of the enterprise to handle unexpected events

Answer 10

Incident Response Plan

Question 11

SDLC

Answer 11

Plan (Initiation)-Begin security, implement internal controls.
Development-security is identified.
Implementation-security is configured and tested.
Operation-maintaining acceptable level security.

Question 12

Test ensuring adequate quality, ensures system can be recovered and meets load requirements.

Answer 12

User Acceptance Testing

Question 13

Unauthorized Disclosure of Sensitive Data

Answer 13

Data Leakage