1. Which of the following is an action that could damage an asset?
-Threat - Any action that could damage an asset.
2. Which law requires all types of financial institutions to protect customers’ private financial information?
-Gramm-Leach Bliley Act(GLBA - Passed in 1999,
3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality?
Protecting Private Data - The process of ensuring data confidentiality.
4. Which of the following is a detailed written definition of how software and hardware are to be used?
-Standard - A detailed written definition for hardware and software and how it is to be used.
5. Which of the following ...view middle of the document...
12. You log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. This is an example of which of the following?
- Logical access control - These control access to a computer system or network.
13. Which of the following is a type of authentication?
- Authentication Types - Knowledge, ownership, characteristics
14. Identify an example of an access control formal model.
- Formal Models Of Access - Discretionary access control (DAC) - The owner of a resource decides who gets in, and changes permissions as needed. The owner can give that job to others.
15. Which of the following access control models is based on a mathematical theory published in 1989 to ensure fair competition?
- Brewer and Nash Integrity Model - based on a mathematical theory published in 1989 to ensure fair competition.
16. Which of the following are primary categories of rules that most organizations must comply with?
-Two levels of Organizational Compliance - Regulatory Compliance, Organizational Compliance
17. Which of the following is not a part of an ordinary IT security policy framework?
- IT Security Policy - A security framework addresses these directives through policies and their supporting elements, such as standards, procedures, baselines, and guidelines.
18. Which of the following helps you determine the appropriate access to classified data?
-Data classification standards - Helps to determine the appropriate access to classify data.
19. Which of the following refers to the management of baseline settings for a system device?
- Configuration control - The management of the baseline settings for a system device.
20. Identify a primary step of the SDLC.
- SDLC - Design is a primary step
21. Which of the following is a process to verify policy compliance?
- Security Auditing - to process to verify policy compliance.
22. When monitoring a system for anomalies, the system is measured against _.
-Baseline - In order to recognize something as abnormal, you first must know what normal looks like (when monitoring systems for anomalies).
23. Which of the following is not a type of penetration test?
- Testing Methods - Black-box testing, White-box testing, Grey-box testing
24. Identify a drawback of log monitoring.
Monitoring Issues - many organizations turn off logs because they produce too much information.
25. Which of the following is not a type of monitoring device?
Verifying Security Controls - Controls that monitor activity include intrusion detection systems (IDS), intrusion prevention systems (IPSs), and firewalls.
26. Identify the primary components of risk management.
- Primary components of Risk Management - Reduction, Avoidance, Mitigation
27. Which of the following is not a part of a quantitative risk assessment?
- BCP - Is not part of quantitative risk assessment
28. What are the primary components of business continuity management (BCM)?