Chapter 1 Practice test

Which of the following is NOT a unique function of Information Security Management?

principles

The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process?

authentication

It is possible to take a very complex operation and diagram it in PERT if you can answer three key questions about each activity. Which of the following is NOT one of them?

What other activities require the same resources as this activity?

The first step in solving problems is to gather facts and make assumptions.

F

Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?

people

Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?

Confidentiality

Information security project managers often follow methodologies based on what methodology promoted by the Project Management Institute?

Project Management Body of Knowledge (PMBoK)

What do audit logs that track user activity on an information system provide?

accountability

Which of the following is the first step in the problem-solving process?

Recognize and define the problem

Corruption of information can occur only while information is being stored.

False

In the WBS approach, the project plan is first broken down into tasks placed on the WBS task list. The minimum attributes that should be identified for each task include all but which of the following?

The number of people and other resources needed for each task

Which of the following is the process that develops, creates, and implements strategies for the accomplishment of objectives?

planning

Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives?

organization

The authorization process takes place before the authentication process.

F

Which of the following was originally developed in the late 1950s to meet the need of the rapidly expanding engineering projects associated with government acquisitions such as weapons systems?

PERT

What is one of the most frequently cited failures in project management?

Failure to meet project deadlines

Communications security involves the protection of which of the following?

media, technology, and content

Which of the following is NOT a step in the problem-solving process?

Build support among management for the candidate solution

Which of the following is NOT a knowledge area in the Project Management knowledge body?

Technology

Using the Program Evaluation and Review Technique, which of the following identifies the sequence of events or activities that requires the longest duration to complete, and that therefore cannot be delayed without delaying the entire project?

critical path

the difference between the time needed to complete the critical path and the time needed to arrive at completion using any other path

Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?

policy

The management of human resources must address many complicating factors; which of the following is NOT among them?

All workers operate at approximately the same level of efficiency

A project can have more than one critical path.

T

Which type of planning is used to organize the ongoing, day-to-day performance of tasks?

Operational

The primary goal of external monitoring is to maintain an informed awareness of the state of all of the organization's networks, information systems, and information security defenses

F

resources include people, hardware, and the supporting system elements and resources associated with the management of information in all its states

Physical

According to the Corporate Governance Task Force (CGTF), which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?

Initiating

The National Association of Corporate Directors (NACD) recommends four essential practices for boards of directors. Which of the following is NOT one of these recommended practices?

Hold regular meetings with the CIO to discuss tactical InfoSect planning

In which level of planning are budgeting, resource allocation, and manpower critical components?

tactical

Which of the following should be included in an InfoSec governance program?

An InfoSec risk management methodology

A top-down approach to information security usually begins with a systems administrator's attempt to improve the security of their systems.

F

usually a documented way to circumvent controls or take advantage of weaknesses in control systems

Which type of attack involves sending a large number of connection or information requests to a target?

denial-of-service (DoS)

Penetration testing is often conducted by contractors, who are commonly referred to as black-hats.

F

What is the first phase of the SecSDLC?

investigation

Because it sets out general business intentions, a mission statement does not need to be concise.

F

Which type of planning is the primary tool in determining the long-term direction taken by an organization?

strategic

overflow is an application error that occurs when the system can't handle the amount of data that is sent.

buffer

Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?

back door

A top-down approach to information security usually begins with a systems administrator's attempt to improve the security of their systems.

F

Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct?

managerial controls

Which of the following is a key advantage of the bottom-up approach to security implementation?

utilizes the technical expertise of the individual administrators

Which of the following explicitly declares the business of the organization and its intended areas of operations?

mission statement

phase is the last phase of SecSDLC, but perhaps the most important.

maintenance and change

testing, security personnel simulate or perform specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities.

penetration testing

In which model in the SecSDLC does the work products of each phase fall into the next phase to serve as its starting point?

waterfall

Which of the following is true about planning?

Strategic plans are used to create tactical plans

Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an event?

contingency planning

is a document containing contact information of the individuals to notify in the event of an actual incident.

alert roster

plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets

incident response

When dealing with an incident, the incident response team must conduct a(n) ____________________, which entails a detailed examination of the events that occurred from first detection to final recovery.

after action review

When a disaster renders the current business location unusable, which plan is put into action?

business continuity

Which contingency plan strategy do individuals work on their own tasks and are responsible for identifying the faults in their own procedures?

simulation

The bulk batch-transfer of data to an off-site facility is known as

electronic vaulting

testing of contingency plans, the individuals follow each and every procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals.

full-interruption

In which contingency plan strategy do individuals act as if an actual incident occurred, and begin performing their required tasks and executing the necessary procedures, without interfering with the normal operations of the business?

parallel testing

What is the last stage of the business impact analysis?

prioritize resources associated with the business processes

In which type of site are no computer hardware or peripherals provided?

cold site

In the event of an incident or disaster, which team sets up and starts off-site operations?

business continuity

In most organizations, the COO is responsible for creating the IR plan

F

Which of the following is a tool that can be useful in resolving the issue of what business function is the most critical?

weighted analysis tool

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

conduct an after-action review

Which of the following is a responsibility of the crisis management team?

Activating the alert roster

is an agency that provides, in the case of DR/BC planning, physical facilities for a fee.

full-interruption

If operations at the primary site cannot be quickly restored, the ____________________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site.

BCP BC plan business continuity plan

Which of the following is true about a hot site?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

is an agency that provides, in the case of DR/BC planning, physical facilities for a fee.

service bureau

In a warm site, all services and communications links are fully configured and the site can be fully functional within minutes.

F

When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.

F

Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received

Electronic vaulting

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident

Incident classification

is a document containing contact information of the individuals to notify in the event of an actual incident.

alert roster

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster

F

Chapter 1 Practice test - Subjecto.com

Chapter 1 Practice test

Your page rank:

Total word count: 1585
Pages: 6

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

Which of the following is NOT a unique function of Information Security Management?

principles

The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process?

authentication

It is possible to take a very complex operation and diagram it in PERT if you can answer three key questions about each activity. Which of the following is NOT one of them?

What other activities require the same resources as this activity?

The first step in solving problems is to gather facts and make assumptions.

F

Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?

people

Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?

Confidentiality

Information security project managers often follow methodologies based on what methodology promoted by the Project Management Institute?

Project Management Body of Knowledge (PMBoK)

What do audit logs that track user activity on an information system provide?

accountability

Which of the following is the first step in the problem-solving process?

Recognize and define the problem

Corruption of information can occur only while information is being stored.

False

In the WBS approach, the project plan is first broken down into tasks placed on the WBS task list. The minimum attributes that should be identified for each task include all but which of the following?

The number of people and other resources needed for each task

Which of the following is the process that develops, creates, and implements strategies for the accomplishment of objectives?

planning

Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives?

organization

The authorization process takes place before the authentication process.

F

Which of the following was originally developed in the late 1950s to meet the need of the rapidly expanding engineering projects associated with government acquisitions such as weapons systems?

PERT

What is one of the most frequently cited failures in project management?

Failure to meet project deadlines

Communications security involves the protection of which of the following?

media, technology, and content

Which of the following is NOT a step in the problem-solving process?

Build support among management for the candidate solution

Which of the following is NOT a knowledge area in the Project Management knowledge body?

Technology

Using the Program Evaluation and Review Technique, which of the following identifies the sequence of events or activities that requires the longest duration to complete, and that therefore cannot be delayed without delaying the entire project?

critical path

the difference between the time needed to complete the critical path and the time needed to arrive at completion using any other path

Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?

policy

The management of human resources must address many complicating factors; which of the following is NOT among them?

All workers operate at approximately the same level of efficiency

A project can have more than one critical path.

T

Which type of planning is used to organize the ongoing, day-to-day performance of tasks?

Operational

The primary goal of external monitoring is to maintain an informed awareness of the state of all of the organization’s networks, information systems, and information security defenses

F

resources include people, hardware, and the supporting system elements and resources associated with the management of information in all its states

Physical

According to the Corporate Governance Task Force (CGTF), which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?

Initiating

The National Association of Corporate Directors (NACD) recommends four essential practices for boards of directors. Which of the following is NOT one of these recommended practices?

Hold regular meetings with the CIO to discuss tactical InfoSect planning

In which level of planning are budgeting, resource allocation, and manpower critical components?

tactical

Which of the following should be included in an InfoSec governance program?

An InfoSec risk management methodology

A top-down approach to information security usually begins with a systems administrator’s attempt to improve the security of their systems.

F

usually a documented way to circumvent controls or take advantage of weaknesses in control systems

Which type of attack involves sending a large number of connection or information requests to a target?

denial-of-service (DoS)

Penetration testing is often conducted by contractors, who are commonly referred to as black-hats.

F

What is the first phase of the SecSDLC?

investigation

Because it sets out general business intentions, a mission statement does not need to be concise.

F

Which type of planning is the primary tool in determining the long-term direction taken by an organization?

strategic

overflow is an application error that occurs when the system can’t handle the amount of data that is sent.

buffer

Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?

back door

A top-down approach to information security usually begins with a systems administrator’s attempt to improve the security of their systems.

F

Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct?

managerial controls

Which of the following is a key advantage of the bottom-up approach to security implementation?

utilizes the technical expertise of the individual administrators

Which of the following explicitly declares the business of the organization and its intended areas of operations?

mission statement

phase is the last phase of SecSDLC, but perhaps the most important.

maintenance and change

testing, security personnel simulate or perform specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities.

penetration testing

In which model in the SecSDLC does the work products of each phase fall into the next phase to serve as its starting point?

waterfall

Which of the following is true about planning?

Strategic plans are used to create tactical plans

Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an event?

contingency planning

is a document containing contact information of the individuals to notify in the event of an actual incident.

alert roster

plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets

incident response

When dealing with an incident, the incident response team must conduct a(n) ____________________, which entails a detailed examination of the events that occurred from first detection to final recovery.

after action review

When a disaster renders the current business location unusable, which plan is put into action?

business continuity

Which contingency plan strategy do individuals work on their own tasks and are responsible for identifying the faults in their own procedures?

simulation

The bulk batch-transfer of data to an off-site facility is known as

electronic vaulting

testing of contingency plans, the individuals follow each and every procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals.

full-interruption

In which contingency plan strategy do individuals act as if an actual incident occurred, and begin performing their required tasks and executing the necessary procedures, without interfering with the normal operations of the business?

parallel testing

What is the last stage of the business impact analysis?

prioritize resources associated with the business processes

In which type of site are no computer hardware or peripherals provided?

cold site

In the event of an incident or disaster, which team sets up and starts off-site operations?

business continuity

In most organizations, the COO is responsible for creating the IR plan

F

Which of the following is a tool that can be useful in resolving the issue of what business function is the most critical?

weighted analysis tool

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

conduct an after-action review

Which of the following is a responsibility of the crisis management team?

Activating the alert roster

is an agency that provides, in the case of DR/BC planning, physical facilities for a fee.

full-interruption

If operations at the primary site cannot be quickly restored, the ____________________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site.

BCP BC plan business continuity plan

Which of the following is true about a hot site?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

is an agency that provides, in the case of DR/BC planning, physical facilities for a fee.

service bureau

In a warm site, all services and communications links are fully configured and the site can be fully functional within minutes.

F

When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.

F

Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received

Electronic vaulting

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident

Incident classification

is a document containing contact information of the individuals to notify in the event of an actual incident.

alert roster

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster

F

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending