IS 4550 CHAPTER 14 Flashcards

1
Q

A gateway committee that approves standard technologies and architectures is called ___.

A

ARCHITECTURE REVEIW COMMITTEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Unauthorized sharing of sensitive company information, whether intentional or accidental is called ___.

A

DATA LEAKAGE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A gateway committee that approves external data connections is called ___.

A

EXTERNAL CONNECTION COMMITTEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Committees that review technology activity and provide approvals before the project or activity can proceed to the next stage is called ___.

A

GATEWAY COMMITTEES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The highest ranking lawyer in an organization, who usually reports to the present or CEO. He is asked to give legal opinions on various organization issues, participate in contract negotiations, and to act as a liaison with outside law firms retained by the organization is called ___.

A

GENERAL COUNSEL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network security device that acts as a decoy to analyze hacker activity is called ___.

A

HONEYPOT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Any rules prescribed under the authority of a government entity; establishes legal thresholds is called ___.

A

LAWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A common control, such as the same ID and password, which is used across a significant population of systems, applications, and operations is called ___.

A

PERVASIVE CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A gateway committee that approves project funding, phases, and base requirements is called ___.

A

PROJECT COMMITTEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Established rules of what an organization has to do to meet legal requirements is called ___.

A

REGULATIONS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A gateway committee that approves uses of specific controls for compliance is called ___.

A

SECURITY COMPLIANCE COMMITTEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An individual who has extensive knowledge in a particular field is called ___.

A

SUBJECT MATTER EXPERT (SME)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A gateway committee that approves new vendors and has oversight of existing vendors. They make sure new vendors meet minimum security policy requirements and adequate proof of security controls like a SAS 70 is called ___.

A

VENDOR GOVERNANCE COMMITTEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following is NOT an organizational gateway committee?
  2. Architecture review committee
  3. Internal connection committee
  4. Vendor governance committee
  5. Security compliance committee
A

Internal connection committee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. ___ often focuses on enterprise risk management across multiple lines of business to resolve strategic business issues.
A

Executive management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. The security compliance committee has one role, which is to identify when violations of policies occur.
    TRUE OR FALSE
A

FALSE

17
Q
  1. Which of the following is NOT an access control?
  2. Authentication
  3. Authorization
  4. Decryption
  5. Logging
A

Decryption

18
Q
  1. In which of the following areas might a company monitor its employers’ actions?
  2. Internet
  3. Email
  4. Computers
  5. 1 and 2
  6. All the above
A

Internet
Email
Computers

19
Q
  1. ___ establish how the organization achieves regulatory requirements.
A

Security policies

20
Q
  1. Laws define the specific internal IT processes needed to be compliant.
    TRUE OR FALSE
A

FALSE

21
Q
  1. What is NTO required in modern-day CISO positions?
  2. Must rely on the organization to enforce policy
  3. Needs to have strong law enforcement background
  4. Needs to build relationships and consensus
  5. Must influence behavior and change culture to enforce policy
A

Needs to have strong law enforcement background

22
Q
  1. What is an example of a manual control?
  2. Background checks
  3. Authentication
  4. Access rights reviews
  5. 1 and 3
  6. All the above
A

Background checks

Access rights reviews

23
Q
  1. Which of the following is NOT a reason to monitor employee commuter activity?
  2. Maintaining a productive workforce
  3. Detecting when security policies are not being followed
  4. Finding out whom the employee knows
  5. Ensuring quality and protecting organization’s reputation
A

Finding out whom the employee knows

24
Q
  1. Connecting a personal device to the company network can create legal implications.
    TRUE OR FALSE
A

TRUE

25
Q
  1. Line management does which of the following to make policies operational?
  2. Acts as go-to people for addressing questions
  3. Applies policies consistently
  4. Gathers metric on the policies’ effectiveness
  5. 1 and 3
  6. All the above
A

Acts as go-to people for addressing questions
Applies policies consistently
Gathers metric on the policies’ effectiveness

26
Q
  1. The major challenge in implementing automated security controls is in the deployment of the control.
    TRUE OR FALSE
A

TRUE

27
Q
  1. Which of the following is NOT reviewed when monitoring a user’s email and internet activity?
  2. Data leakage
  3. Viruses and malware
  4. Unauthorized access to sites
  5. Network performance
A

Network performance