3 hours to complete sec440 computer security

testquestion1.docx

Home >Computer Science homework help >3 hours to complete sec440 computer security

1. (TCO 1) An information security policy is a document that states (Points : 5)

procedures to implement a firewall. an organization plan to safeguard information assets. suggestions on how to create a strong password. guidelines on how to write an acceptable use policy.

Question 2. 2. (TCO 2) The processes, policies, and controls used to develop confidence that security measures are working as intended is the definition of (Points : 5)

insurance. accounting. assurance. availability.

Question 3. 3. (TCO 3) Which is defined as the structure for determining the clearance level of an individual, which must match the classification of data, in order to be granted access? (Points : 5)

For Your Eyes Only Top Secret Secret Mandatory Access Control

Question 4. 4. (TCO 4) Which of the following are types of background checks? (Points : 5)

Credit history Criminal history License verification All of the above

Question 5. 5. (TCO 5) Which of the following are components of a good security incident reporting program? (Points : 5)

Training users to recognize suspicious incidents Establishing a system for reporting incidents Establishing your incident response team All of the above

Question 6. 6. (TCO 4) Which of the following is NOT a type of employment agreement? (Points : 5)

Monitoring and auditing agreement Employee information security agreement Affirmation agreement Acceptable use agreement

Question 7. 7. (TCO 6) Which of the following CANNOT be considered portable storage devices? (Points : 5)

An MP3 player An internal hard disk A USB drive A thumb drive

Question 8. 8. (TCO 7) What happens when a user logs on with a special privilege account? (Points : 5)

All tasks performed during that session will exist under the security context of that account. Only administrative tasks performed during that session will exist under the security context of that account. No malicious code can infect the machine. Web surfing capabilities are always suspended.

Question 9. 9. (TCO 8) If employees using a company-provided application system find what they think is a loophole that allows access to confidential data, they should (Points : 5)

alert their manager and the ISO immediately. verify and test the alleged loophole before alerting anyone. not say anything, unless they are a member of the Incident Response team. alert their manager whenever they happen to have a chance to do so.

Question 10. 10. (TCO 9) The most significant information security regulation for the financial sector is (Points : 5)

Sarbanes-Oxley. HIPAA. Gramm-Leach-Bliley. FERPA.

Question 11. 11. (TCO 10) How many rule sets did the HHS publish? (Points : 5)

2 3 4 5

Question 12. 12. (TCO 10) The Workforce Security regulation says which of the following about implementing procedures for authorization and supervision? (Points : 5)

It is addressable. It is required. It is recommended. It is not needed.

Question 13. 13. (TCO 11) Which of the following concerns publicly traded companies? (Points : 5)

FISMA FERPA SOX GLBA

Question 14. 14. (TCO 11) The U.S. Public Company Accounting Reform and Investor Protection Act of 2002 is also known as (Points : 5)

GLBA. FERPA. FISMA. SOX.

Question 15. 15. (TCO 12) Which of the following is true about small businesses? (Points : 5)

Small businesses can fall under a federal mandate that governs how they handle protected information. Small businesses are too small to fall under any federal mandates. All small businesses are regulated by the Small Business Security Act when it comes to safeguarding protected information. All of the above

Question 16. 16. (TCO 12) Which of the following is correct when it comes to monitoring employees’ use of the Internet? (Points : 5)

It is never acceptable to monitor employees’ use of the Internet. Monitoring employees’ use of the Internet is a serious privacy laws violation. It is acceptable to monitor employees’ use of the Internet if it is part of the acceptable use policy. It is always acceptable to monitor employees’ use of the Internet.

Question 17. 17. (TCO 1) Keeping the policy documents separate from the procedures, standards, and guidelines is (Points : 5)

combining policies and procedures. the preferred approach to organizing information security policies, procedures, standards and guidelines. not the preferred approach to organizing information security policies, procedures, standards, and guidelines. combining standards and guidelines.

Question 18. 18. (TCO 2) Which of the following statements is true? (Points : 5)

A security policy should only include one objective. A security policy should not include any exceptions. A security policy should not include a glossary. A security policy should not list all step-by-step measures that need to be taken.

Question 19. 19. (TCO 3) This classification could be used by the military for items whose unauthorized disclosure could have a negative impact on national security. (Points : 5)

Secret Top Secret Confidential All of the above

Question 20. 20. (TCO 4) Which of the following is a component of an affirmation agreement? (Points : 5)

Statement of authority Background check Job description Credit history

1. (TCO 1) Explain the steps to achieving acceptance of an information security policy within an organization (Points : 40)

Question 2. 2. (TCO 7) Regarding user password management, explain why each of the following are weak information security practices: (1) shared user accounts, (2) unique user accounts with no password required, (3) unique user accounts that never require the password to be changed, and (4) administrators having used their privileged accounts to perform basic user activities. (Points : 40)

Question 3. 3. (TCO 9) What is the Gramm-Leach-Bliley Act? Who enforces GLBA? (Points : 40)

Question 4. 4. (TCO 11) What is NIST's role in securing critical infrastructure? (Points : 40)