Ensuring that the actions of a set of people, applications and systems follow the organization's rules is BEST described as:
A. Compliance management
B. Security management
C. Risk management
D. Mitigation management
Which of the following are the MOST important factors for proactively determining system vulnerabilities?
A. Subscribe to vendor mailing lists and distribute notifications of system requirements
B. Configure firewall, perimeter router and Intrusion Prevention System (IPS)
C. Conduct security testing, vulnerability scanning, and penetration testing
D. Deploy Intrusion Detection System (IDS) and install anti-virus on systems
The amount of risk an organization is willing to accept in pursuit of its mission is known as______________.
A. risk transfer
B. risk mitigation
C. risk acceptance
D. risk tolerance
What two methods are used to assess risk impact?
A. Quantitative and qualitative
B. Qualitative and percent of loss realized
C. Subjective and Objective
D. Cost and annual rate of expectance
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?
A. SNMP traps
B. Syslog
C. File integrity monitoring
D. Application logs
You have implemented the new controls. What is the next step?
A. Perform a risk assessment
B. Monitor the effectiveness of the controls
C. Document the process for the stakeholders
D. Update the audit findings report
Your company has a "no right to privacy" notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee's email account.
What should you do?
A. Deny the request citing national privacy laws
B. None
C. Grant her access, the employee has been adequately warned through the AUP.
D. Assist her with the request, but only after her supervisor signs off on the action.
E. Reset the employee's password and give it to the supervisor.
Which of the following terms is used to describe countermeasures implemented to minimize risks to physical property, information, and computing systems?
A. Security frameworks
B. Security policies
C. Security awareness
D. Security controls
What are the three hierarchically related aspects of strategic planning and in which order should they be done?
A. 1) Information technology strategic planning, 2) Enterprise strategic planning, 3) Cybersecurity or information security strategic planning
B. 1) Cybersecurity or information security strategic planning, 2) Enterprise strategic planning, 3) Information technology strategic planning
C. 1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or information security strategic planning
D. 1) Enterprise strategic planning, 2) Cybersecurity or information security strategic planning, 3) Information technology strategic planning
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.
Which of the following is NOT documented in the SSP?
A. The controls in place to secure the system
B. Name of the connected system
C. The results of a third-party audits and recommendations
D. Type of information used in the system