What is the primary purpose of source code escrow? |
To obtain change rights over software after a vendor goes out of business |
Who has the responsibility for the development of a security policy? |
Senior management |
What is the most effective means of improving or enforcing security in any environment? |
User awareness training |
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which method should you use to best prevent extracting data from the discs? |
Shredding |
Which of the following is a high-level, general statement about the role of security in the organization? |
Policy |
Which policy specifically protects PII? |
Privacy |
HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what? |
Privacy |
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occuring in the future. What else might you be legally required to do? |
Contact your customers to let them know of the security breach |
Which of the following is a recommendation to use when a specific standard or procedure does not exist? |
Guideline |
Which of the following defines an acceptable use agreement? |
An agreement which identifies the employee's rights to use company property such as Internet access and computer equipment for personal use. |
What is the primary purpose of change control? |
Prevent unmanaged change |
Which of the following best describes the concept of due care or due diligence? |
Reasonable precautions, based on industry best practices, are utilized and implemented |
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow its client? |
Service level agreement |
When informing an employee that they are being terminated, what is the most important activity? |
Disabling their network access |
Which of the following is the best protection against security violations? |
Defense in depth |