IS4550 CHAPTER 11 Flashcards

1
Q

The process of granting permission to some people to access systems, applications, and data is called ___.

A

AUTHORIZATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Automatically removing a classification after a certain period of time, such as 25 years is called ___.

A

AUTOMATIC DECLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A plan on how to continue business after a disaster. It includes a disaster recovery plan as a component is called ___.

A

BUSINESS CONTINUITY PLAN (BCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A formal analysis to determine the impact on an organization in the event that key processes and technology are not available is called ___.

A

BUSINESS IMPACT ANALYSIS (BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The process of labeling information so that only authorized personnel may access it is called ___.

A

CLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A level of government classification that refers to data in which unauthorized disclosure would reasonably be expected to cause some damage to the national security is called ___.

A

CONFIDENTIAL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A plan that provides the detail procedures and processes needed to coordinate operations during a disaster is called ___.

A

CONTINUITY OF OPERATION PLAN (COOP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The process of changing the status of classified data to unclassified data is called ___.

A

DECLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A plan to recover an organizations IT assets during a disaster, including software, data, and hardware is called ___.

A

DISASTER RECOVERY PLAN (DRP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A classification level used to protect highly regulated data or strategic information is called ___.

A

HIGHLY SENSITIVE CLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A classification level for data that would cause disruption to daily operations and some financial loss to the business if leaked is called ___.

A

INTERNAL CLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A process of reviewing specific records when requested and declassifying them if warranted is called ___.

A

MANDATORY DECLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A classification level for data that has no negative impact on the business if released to the public is called ___.

A

PUBLIC CLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A measure of how quickly a business process should be recovered after a disaster. It identifies the maximum allowed downtime for a given business process is called ___.

A

RECOVERY TIME OBJECTIVE (RTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The maximum acceptable level of data loss after a disaster is called ___.

A

RECOVERY POINT OBJECTIVES (RPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A level of government classification that refers to data, the unauthorized disclosure of which would reasonably be expected to cause serious damage to the national security is called ___.

A

SECRET

17
Q

A hardware device or software code that generates a token (usually represented as a series of numbers) at logon. It is extremely difficult and some say impossible to replicate. When assigned to an individual as part of the required logon, it provides assurance of who is accessing the network. This is called ___.

A

SECURITY TOKEN

18
Q

A level of government classification that refers to data that is confidential and not subject to release under the Freedom of Information Act is called ___.

A

SENSITIVE BUT UNCLASSIFIED

19
Q

A classification level for data that would mean significant financial loss if leaked is called ___.

A

SENSITIVE CLASSIFICATION

20
Q

A process of reviewing records exempted from automatic declassification and then removing the data from classification is called ___.

A

SYSTEMATIC DECLASSIFICATION

21
Q

A level of government classification that refers to data, the unauthorized disclosure of which would reasonably be expected to cause grave damage to the national security is called ___.

A

TOP SECRET

22
Q

A level of government classification that refers to data available to the public is called ___.

A

UNCLASSIFIED

23
Q
  1. Which of the following is not a common need for most organizations to classify data?
  2. Protect information
  3. Retain information
  4. Sell information
  5. Recover information
A

Sell information

24
Q
  1. Authorization is the process used to prove the identity of the person accessing systems, applications, and data.
    TRUE OR FALSE
A

FALSE

25
Q
  1. You need to retain data fro what major reasons?
  2. Legal obligation
  3. Needs of the business
  4. For recovery
  5. 1 and 2
  6. All the above
A

Legal obligation
Needs of the business
For recovery

26
Q
  1. What qualities should the data owner possess?
  2. Is in a senior position within the business
  3. Understands the data operations of the business
  4. Understands the importance and value of the information to the business
  5. Understand the ramifications of inaccurate data or unauthorized access
  6. All the above
A
  • Is in a senior position within the business
  • Understands the data operations of the business *Understands the importance and value of the information to the business
  • Understand the ramifications of inaccurate data or unauthorized access
27
Q
  1. In all businesses you will always have data that needs to be protected.
    TRUE OR FALSE
A

TRUE

28
Q
  1. Risk exposure is best-guess professional judgement using a qualitative technique.
    TRUE OR FALSE
A

FALSE

29
Q
  1. The lowest federal government data classification rating for classified material is ___.
A

Confidential

30
Q
  1. Federal agencies can customize their own data classification scheme.
    TRUE OR FALSE
A

FALSE

31
Q
  1. A BIA identifies which of the following?
  2. Critical business processes
  3. Minimum downtime
  4. Process dependencies
  5. All the above
A

Critical business processes
Minimum downtime
Process dependencies

32
Q
  1. A BIA is not required when creating a BCP.

TRUE OR FALSE

A

FALSE

33
Q
  1. What does RTO stand for?
  2. Restoration team objectives
  3. Recovery timeline owner
  4. Restoration time objective
  5. Recovery time objective
A

Recovery time objective

34
Q
  1. A man-made disaster is easier to plan for than a natural disaster.
    TRUE OR FALSE
A

FALSE

35
Q
  1. Data in transit refers to what type of data?
  2. Data backup tapes being moved to a recovery facility
  3. Data on your USB drive
  4. Data traversing a network
  5. Data being stored for later transmission
A

Data traversing a network

36
Q
  1. Encryption protects data at rest from all types of breaches.
    TRUE OR FALSE
A

FALSE