Quiz 15 Flashcards

1
Q

Which of the following is a basic measure of reliability for systems that cannot be repaired?
mean time to failure
mean time to operate
failure in time
mean time to recovery

A

mean time to failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which threat category impacts the daily business of the organization?
compliance
managerial
operational
strategic

A

operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?
kinesthetic
visual
spatial
auditory

A

auditory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The classification designation of government documents is typically Top Secret, Secret, Unusual, Confidential, and Unclassified.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What specific type of mechanism should be utilized by all types of training to provide input from participants on the training’s effectiveness so that any needed modifications can be made for future training?
participant feedback mechanism
training mechanism
feedback mechanism
survey feedback mechanism

A

feedback mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of risk calculation uses an “educated guess” based on observation?
qualitative risk calculation
environmental risk calculation
quantitative risk calculation
observational risk calculation

A

qualitative risk calculation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk avoidance involves identifying the risk and making the decision to engage in the activity.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Select the specific type of interview that is usually conducted when an employee leaves the company.
last interview
exit interview
post interview
initial interview

A

exit interview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which term below describes the art of helping an adult learn?
metagogical
deontological
andragogical
pedagogical

A

andragogical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The FIT calculation is another way of reporting MTTF.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What term can be described as a function of threats, consequences of those threats, and the resulting vulnerabilities?
management
risk
threat
mitigation

A

risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What type of control is designed to provide an alternative to normal controls that for some reason cannot be used?
detective control
deterrent control
compensating control
preventive control

A

compensating control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Distributive allocation refers to “eliminating” the risk.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What kind of policy defines the actions users may perform while accessing systems and networking equipment?
privacy use policy
VPN access policy
acceptable use policy
network use policy

A

acceptable use policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A physical control attempts to discourage security violations before they occur.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A subject’s privilege over an object should follow the principle of least privilege.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following refers to the start-up relationship between partners?
partner beginning
starting partner agreement
partner on-boarding
partner trust

A

partner on-boarding

18
Q

Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?
encryption policies
acceptable use policies
data loss policies
VPN policies

A

acceptable use policies

19
Q

What describes an agreement between two or more parties and demonstrates a “convergence of will” between the parties so that they can work together?
ISA
MOU
BPA
NDA

A

MOU

20
Q

Vendor-specific guides are useful for configuring web servers, operating systems, applications servers, and network infrastructure devices.
True
False

A

True

21
Q

Select the option that best describes an asset:
any item that has a positive economic value
any item that is owned by an enterprise
any item that is used by management
any item that is used by all employees

A

any item that has a positive economic value

22
Q

What can be defined as the planning, coordination, and communications functions that are needed to resolve an incident in an efficient manner?
incident reporting
incident planning
incident handling
incident management

A

incident handling

23
Q

What control is designed to identify any threat that has reached the system?
deterrent control
preventive control
compensating control
detective control

A

detective control

24
Q

What type of learner learns best through hands-on approaches?
auditory
kinesthetic
spatial
visual

A

kinesthetic

25
Q

Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?
social engineering network
social control network
social management network
social media network

A

social media network

26
Q

What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?
incident reporting
incident planning
incident handling
incident management

A

incident management

27
Q

Assessing risk should include testing of technology assets to identify any vulnerabilities.
True
False

A

True

28
Q

Which threat category affects the long-term goals of the organization?
compliance
managerial
strategic
operational

A

strategic

29
Q

Which of the following is considered to be a common security issue? (Choose all that apply.)
authentication issues
certificate issues
encrypted credentials
management issues

A

authentication issues
certificate issues

30
Q

Many cloud providers allow customers to perform penetration tests and vulnerability scans without permission and whenever is necessary.
True
False

A

False

31
Q

What type of threat is a threat related to the natural surroundings of an enterprise?
environmental threat
external threat
biological threat
internal threat

A

environmental threat

32
Q

What term best describes the ability to continue to function as the size or volume of the enterprise data center expands to meet the growing demands?
adaptability
flexibility
scalability
automation

A

scalability

33
Q

Which of the following is an agreement that is intended to minimize security risks for data transmitted across a network?
BPA
MOU
SLA
ISA

A

ISA

34
Q

A security control is any device or process that is used to reduce risk.
True
False

A

True

35
Q

What is a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service?
ISA
MOU
BPA
SLA

A

SLA

36
Q

Due to the potential impact of changes that can affect all users in an organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?
compliance team
security control team
incident response team
change management team

A

change management team

37
Q

A collection of suggestions that should be implemented is referred to as a:
security procedure
baseline
guideline
security policy

A

guideline

38
Q

A written document that states how an organization plans to protect the company’s information technology assets is a:
guideline
standard
security procedure
security policy

A

security policy

39
Q

Select the option that best describes a policy:
A collection of suggestions that should be implemented
A list of all items that have a positive economic value
A document that outlines specific requirements or rules that must be met
A collection of requirements specific to the system or procedure that must be met by everyone

A

A document that outlines specific requirements or rules that must be met

40
Q

Which of the following is a network that moves a product from the supplier to the customer and is comprised of vendors that supply raw material, manufacturers who convert the material into products, warehouses that store products, distribution centers that deliver them to the retailers, and retailers who bring the product to the consumer?

A

supply chain