Questions

profilejimpop1998
Quizzes3.pdf
Home>Computer Science homework help>Questions

2 points

Which one of the statements is true?

2 points

To avoid shelfware in electronic policies, they need to be kept (1) _____, (2) updated, and (3) relevant.

Quiz 3

Purpose

This assignment will assess your ability to balance business ef�ciency with security effectiveness.

Overview

This quiz covers Module 3 concepts. It will take about 60 minutes. This is an individual assignment. Make sure to complete all of the module’s reading and preparation before taking the quiz.

The quantitative method has limited use, and the qualitative method is easier for management.

The qualitative method has limited use, and the quantitative method is easier for management.

The CIO should not be included in the security risk analyst management staff.

The quantitative risk analysis takes less time and less cost.

annual

brief

favorable

web-based

1

2

2 points

Which one of the following categories best describes the impact severity stated as “may cause considerable disruption in the business function, system outage, and/or loss of customer or business partner confidence”?

2 points

A good question to ask when determining vulnerabilities that may be exploited is to ask the question:

2 points

Which one of the following is the likelihood of EXTREME occurrence?

Critical

Signi�cant

Serious

Damaging

Why could it go wrong?

When could it go wrong?

What could go wrong?

How could it go wrong?

Likely to occur once per month or less

Likely to occur multiple times per hour

Likely to occur multiple times per day

Likely to occur multiple times per month

3

4

5

2 points

Which one of the following is not a step of the Risk Analysis?

2 points

Which one of the statements is NOT true?

2 points

A ______________ is a suggestion and may not apply in all cases.

Identify potential dangers

Information security governance

Identify vulnerabilities that could be exploited

Categorize the system

Anyone can request the need for a policy to the information security department.

People within the security department will have varying technical expertise, business acumen, and an understanding of the organizational culture.

Security analyst reviews and recommends policy 

Anyone can request the need for a policy to the information security department.  

requirement

guideline 

standard

procedure

6

7

8

2 points

Information security policies are critical, but they can quickly become ______ if their development, management, and distribution are not handled appropriately.

2 points

What is not Risk Analysis?

2 points

Different policy types include except?

shelfware

redundant

software

obsolete

The process that makes the risk decisions

The process that helps organizations target the information security expenditures where they are most needed  

The process that uncovers how well the control environment is protecting the information assets  

The process to understand the state of information security within the company.  

Functional, issue-speci�c policies 

Management speci�c policies

System-speci�c policies

Organizational or program policy

9

10

11

2 points

Which one of the following is not one of the human threats in risk analysis?

2 points

What kind of threats are not included in the risk analysis?

2 points

Even though everyone can apply common sense information security policies are important because ___________.

Espionage

Data entry errors

Shoulder sur�ng

Poor Ventilation

Human threats

Technical threats

Vulnerability threats

Environmental threats

It is a government requirement.

Each person has a different interpretation of what is common sense.

We need to document those policies.

They provide technical education.

12

13

14

2 points

Which one of the statements is NOT true about Developing Information Security Policies?

2 points

Which of the following is not one of the security policy best practices?

2 points

The ______________ is the facilitator of the information security policy development, but should not own them.

Quality reviews need to be performed early in the development process so that the security council and information technology steering committee can devote their time to substantive issues of the policy versus pointing out the typos and correcting spelling.

The information technology steering committee approves policy.

Tracking of reading the policies is not a key feature.

The web-based policy management tools provide the facilities to publish the policies very quickly.

Use directive wording

Conduct management review and sign off 

Write policies to survive 5 to 7 years

Clear policy creation practice 

CIO

information security of�cer

policy developer

CEO

15

16

17

2 points

Functional area implemented policies do not include which of the following?

2 points

Which one of the following does not count as a technical threat?

2 points

Which one of the statements is NOT true?

Standards 

Baselines

Requirements

Guidelines

Power �uctuation

Authorized session takeover

Software failure

Lack of logging

The security of�cer acts as the facilitator for the risk decisions and should not be the one who makes decisions.  

Organizations accept the daily risk

Risk is inherent in everything that we do

The security of�cer must be willing to facilitate the risk discussion with an all-or-nothing approach to risk  

18

19

20