Chat with AI
Deck 13: Security Policy Design and Implementation
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 13: Security Policy Design and Implementation
1
Which of the following shows how devices are connected and includes an IP allocation register?
A) hardware inventory
B) topology map
C) asset table
D) security policy
A) hardware inventory
B) topology map
C) asset table
D) security policy
B
2
Which of the following is NOT a step in threat and risk assessment?
A) Asset definition
B) Recommendation
C) Resolution
D) Threat assessment
A) Asset definition
B) Recommendation
C) Resolution
D) Threat assessment
C
3
Which of the following would be considered a vulnerability?
A) installation of a firewall
B) antivirus software
C) Internet-connected computer
D) spyware
A) installation of a firewall
B) antivirus software
C) Internet-connected computer
D) spyware
C
4
Which best defines residual risk?
A) risk that occurs as a result of new vulnerabilities
B) the amount of risk remaining after countermeasures are implemented
C) a vulnerability for which the risk has been reduced to zero
D) the cost of implementing solutions to an assessed risk
A) risk that occurs as a result of new vulnerabilities
B) the amount of risk remaining after countermeasures are implemented
C) a vulnerability for which the risk has been reduced to zero
D) the cost of implementing solutions to an assessed risk
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following is a network's ability to detect attacks when they occur and to evaluate the extent of damage and compromise?
A) resistance
B) recovery
C) recognition
D) reliability
A) resistance
B) recovery
C) recognition
D) reliability
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Which is best defined as the ability of a system to continue operations despite a failure?
A) fault tolerance
B) survivability analysis
C) reliability audit
D) adaptation and evolution
A) fault tolerance
B) survivability analysis
C) reliability audit
D) adaptation and evolution
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
The process of reviewing records of network computer activity is called which of the following?
A) monitoring
B) archiving
C) auditing
D) recording
A) monitoring
B) archiving
C) auditing
D) recording
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
An extranet is a backup network that you can use if the main network fails.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
The first step in SNA is the survivability analysis.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
Once written,a security policy should not be altered so that you can maintain consistency.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
What is considered the first step in formulating a security policy?
A) risk analysis
B) elimination of threats
C) risk reduction
D) system monitoring
A) risk analysis
B) elimination of threats
C) risk reduction
D) system monitoring
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
The first phase of the system development life cycle is needs assessment.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
The people that manage security for the organization should not be same people that conduct risk analysis.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is NOT a phase in the system development life cycle?
A) needs assessment
B) security audit
C) system implementation
D) performance monitoring
A) needs assessment
B) security audit
C) system implementation
D) performance monitoring
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is NOT among the six factors needed to create a risk analysis?
A) threats
B) consequences
C) personnel profiles
D) probabilities
A) threats
B) consequences
C) personnel profiles
D) probabilities
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following requires you to assist police by appearing in court or producing evidence?
A) subpoena
B) search warrant
C) the 4th amendment
D) de facto agent
A) subpoena
B) search warrant
C) the 4th amendment
D) de facto agent
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following best describes a Monte Carlo simulation?
A) a technique for simulating an attack on a system
B) a formula that estimates the cost of countermeasures
C) a procedural system that simulates a catastrophe
D) an analytical method that simulates a real-life system for risk analysis
A) a technique for simulating an attack on a system
B) a formula that estimates the cost of countermeasures
C) a procedural system that simulates a catastrophe
D) an analytical method that simulates a real-life system for risk analysis
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following is considered an asset?
A) hacker
B) unpatched Web server
C) disgruntled employee
D) intellectual property
A) hacker
B) unpatched Web server
C) disgruntled employee
D) intellectual property
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following best describes ROI?
A) the chance that a threat will result in lost money
B) how long before an investment will pay for itself
C) the cost of mitigating a threat
D) the benefits of setting security priorities
A) the chance that a threat will result in lost money
B) how long before an investment will pay for itself
C) the cost of mitigating a threat
D) the benefits of setting security priorities
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following defines how employees should use the organization's computing resources?
A) Network and Internet Policy
B) Email and Spam Policy
C) Computing and Resource Policy
D) Acceptable Use Policy
A) Network and Internet Policy
B) Email and Spam Policy
C) Computing and Resource Policy
D) Acceptable Use Policy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Your exposure to risk increases if your organization has one or more factors that increase _____________ probabilities.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a private network that a company sets up as an extension of its corporate intranet
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a private network that a company sets up as an extension of its corporate intranet
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
The __________________ phase of the system development life cycle can lead you to the needs assessment phase where the cycle begins again.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
VPNs create a _____________ to transport information through public communications media.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
routers,cables,bastion hosts,servers,and firewall components that enable employees to communicate with one another
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
routers,cables,bastion hosts,servers,and firewall components that enable employees to communicate with one another
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a document that details additional access options and responsibilities of users with privileged access to resources
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a document that details additional access options and responsibilities of users with privileged access to resources
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
________________ clauses exist in acceptable use policies so that companies can discipline employees whose computer activities interfere with productivity.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
authentication that requires more than one form of verification for a user to be granted access
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
authentication that requires more than one form of verification for a user to be granted access
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
network protocols that encapsulate (wrap)one protocol or session inside another
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
network protocols that encapsulate (wrap)one protocol or session inside another
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
____________________ risk is the amount of risk left over after countermeasures are implemented.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
By providing _________________ through backup systems,you ensure information remains accessible if primary systems go offline.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
situations or conditions that increase threats,which in turn increase risk
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
situations or conditions that increase threats,which in turn increase risk
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
The process called _____________ analysis determines the threats an organization faces.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a method of authentication that grants users limited system access based on their assigned role in the company
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a method of authentication that grants users limited system access based on their assigned role in the company
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
The portion of a security policy that describes who responds when there has been a security breach is called the ______________ response section.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a process of analyzing the threats an organization faces
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a process of analyzing the threats an organization faces
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Search warrants and subpoenas were developed in response to the _____________ Amendment which protects U.S.residents against illegal search and seizure.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
SNA starts with the assumption that a system or network will be ________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a legal document issued by a court that allows authorities to search a particular place for specific evidence
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a legal document issued by a court that allows authorities to search a particular place for specific evidence
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a legal document that requires a person to appear in court,provide testimony, or cooperate with law enforcement
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a legal document that requires a person to appear in court,provide testimony, or cooperate with law enforcement
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
What is the purpose of a privileged access policy?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
When should you update the security policy?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Describe a remote access and wireless connection policy and the use of role-based authentication.Include two-factor authentication in your discussion.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What are three questions you should ask in deciding how your organization should perform risk analysis?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What points should a third-party access policy include? List at least three.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What are the three levels of escalation of threat or security incidents? Describe them.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What should you do if a security policy violation involves a criminal offense? Include the Fourth Amendment in your discussion.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What are three areas in which the use of encryption should be considered to maintain confidentiality?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What are the four steps of Threat and Risk Assessment?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What is a server security policy? List at least three areas the policy should address.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
