security policies

Question 1

_______ is performed to ensure that critical business functions will be available to those that must have access to those functions

Answer 1

business continuity

Question 2

a _________ identifies appropriate disaster responses in order to maintain business operations during reduced or restricted infrastructure and resource capabilities.

Answer 2

Business Continuity Plan (BCP)

Question 3

when a small number of individuals get together and test just one part of the BCP this is called

Answer 3

a tabletop exercise

Question 4

in a _________ , a larger number of individuals get together and work though a larger-scale simulation that incorporates many parts of the BCP

Answer 4

medium exercise

Question 5

this involves a large number of individuals using realistic scenario that may involve full-scale practice exercises effort

Answer 5

complex exercise

Question 6

a ________ is similar to a BCP, but can also refer to the preparations and institutions maintained by the United States government

Answer 6

Continuity of Operations Planning (COOP)

Question 7

a _______ focuses on how losses will effect an organization.

Answer 7

Business Impact Analysis (BIA)

Question 8

the _______ identifies short-term actions to take to stop the incident and restore critical functions so the organization can continue to operate.

Answer 8

Disaster Recovery Plan (DRP) identifies

Question 9

this defines the security requirements for a computer system when designing, assembling, delivering, installing, configuring, and initializing applications and data

Answer 9

common criteria

Question 10

____ manages the interaction between subjects and objects using an access control database.

Answer 10

reference monitor

Question 11

the actual operating system implementation of the reference monitor concept is called

Answer 11

security kernel

Question 12

using the reference monitor method, the system gives the user a _____ which allows them to access resources associated with their account

Answer 12

tokens

Question 13

__________ separates various processes and tasks into trusted rings.

Answer 13

Ring architecture

Question 14

_________ separates the trusted from the untrusted.

Answer 14

security perimeter

Question 15

_________ restricts the ability of a program to read and write to memory according to its permissions or access level.

Answer 15

confinement

Question 16

_________ protect a system from exploitation by controlling the amount of a subject’s access to system resources, such as memory.

Answer 16

bounds

Question 17

__________ separates the resources used by one process from the resources used by other processes.

Answer 17

isolation

Question 18

______ define the rules for communication between layers.

Answer 18

application programing interfaces (APIs)

Question 19

________ is a layering security technique that causes information within a single layer to be hidden from upper and lower layers of processing, thus securing individual layers.

Answer 19

hiding

Question 20

if refers to the product or system that is being evaluated.

Answer 20

Target of Evaluation

TOE

Question 21

a _________ is an application running on a real system that mimics hardware platforms in order to support the running of multiple operating systems on a single real machine.

Answer 21

virtual machine

Question 22

VMWare and Microsoft hyper -v is an example of

Answer 22

virtual machine software

Question 23

________ are the documents that explicitly identify the terms and conditions of employment

Answer 23

employment agreement

Question 24

a legal contract between the organization and the employee that specifies the employee is not to disclose the organization’s confidential information.

Answer 24

non disclosure agreement

Question 25

it prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization.

Answer 25

Non-compete agreement

Question 26

________ specifies the organization’s ownership of intellectual property created by the employee during the employment period.

Answer 26

ownership of materials agreement

Question 27

it documents the security classification levels of information and the guidelines for handling each level of classified materials.

Answer 27

Data handling and

classification policy

Question 28

the _______ is designed to prevent confidential information being left where it is easily accessible.

Answer 28

clean desk policy

Question 29

the _______ identifies the employee’s rights to use company property such as Internet access and computer equipment for personal use

Answer 29

acceptable use agreement

Question 30

the ______ outlines the organization’s monitoring activities

Answer 30

employee monitoring agreement