Download Network Security Chapter 14

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Mobile security wikipedia , lookup

IT risk management wikipedia , lookup

Computer security wikipedia , lookup

Distributed firewall wikipedia , lookup

Do Not Track legislation wikipedia , lookup

Information security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Social engineering (security) wikipedia , lookup

Transcript 
Network Security Chapter 14
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____
1. At its core, a(n) ____ policy is a document that outlines the protections that should be enacted to ensure that
the organization’s assets face minimal risks.
a. safety
c. change management
b. acceptable use
d. security
____
2. A ____ is a collection of requirements specific to the system or procedure that must be met by everyone.
a. recommendation
c. standard
b. guideline
d. policy
____
3. A ____ is a collection of suggestions that should be implemented.
a. guideline
c. policy
b. recommendation
d. standard
____
4. A ____ is a document that outlines specific requirements or rules that must be met.
a. standard
c. guideline
b. policy
d. recommendation
____
5. ____ determines the items that have a positive economic value and may include data, hardware, personnel,
physical assets, and software.
a. Risk assessment
c. Asset identification
b. Threat identification
d. Vulnerability appraisal
____
6. ____ takes a snapshot of the security of the organization as it now stands.
a. Risk mitigation
c. Risk assessment
b. Vulnerability appraisal
d. Threat identification
____
7. ____ involves determining the damage that would result from an attack and the likelihood that the
vulnerability is a risk to the organization.
a. Risk assessment
c. Vulnerability appraisal
b. Risk mitigation
d. Asset identification
____
8. A(n) ____ policy establishes guidelines for effectively reducing the threat of computer viruses on the
organization’s network and computers.
a. acceptable encryption
c. automated forwarded e-mail
b. dial-in access
d. anti-virus
____
9. A(n) ____ policy outlines the requirements and provides the authority for an information security team to
conduct audits and risk assessments, investigate incidents, to ensure conformance to security policies, or to
monitor user activity.
a. database credentials coding
c. automatically forwarded e-mail
b. audit vulnerability scanning
d. analog line
____ 10. A(n) ____ policy defines requirements for storing and retrieving database usernames and passwords.
a. analog line
c. e-mail retention
b. dial-in access
d. database credentials coding
____ 11. A(n) ____ policy helps employees determine what information sent or received by e-mail should be retained
and for how long.
a. e-mail retention
b. extranet
c. router security
d. information sensitivity
____ 12. A(n) ____ policy establishes requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN)
connections to the organization’s network.
a. extranet
c. VPN security
b. server security
d. demilitarized zone security
____ 13. Many organizations have a ____ policy that outlines how the organization uses personal information it
collects.
a. security-related human resource
c. disposal and destruction
b. password management and complexity
d. personally identifiable information
____ 14. Most organizations have a ____ policy that addresses the disposal of resources that are considered
confidential.
a. security-related human resource
c. disposal and destruction
b. password management and complexity
d. personally identifiable information
____ 15. A ____ policy is designed to produce a standardized framework for classifying information assets.
a. classification of information
c. service level agreement
b. change management
d. disposal and destruction
____ 16. ____ refers to a methodology for making changes and keeping track of those changes, often manually.
a. Classification of information
c. Destruction and disposal
b. Change management
d. Service level agreement
____ 17. ____ are a person’s fundamental beliefs and principles used to define what is good, right, and just.
a. Norms
c. Values
b. Morals
d. Ethics
____ 18. ____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.
a. Ethics
c. Codes
b. Morals
d. Norms
____ 19. ____ can be defined as the study of what a group of people understand to be good and right behavior and how
people make those judgments.
a. Ethics
c. Values
b. Codes
d. Morals
____ 20. ____ relies on tricking and deceiving someone to provide secure information.
a. Worm
c. Trojan horse
b. Virus
d. Social engineering
____ 21. One of the most common forms of social engineering is ____, or sending an e-mail or displaying a Web
announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into
surrendering private information.
a. dumpster diving
c. computer hoax
b. phishing
d. pharming
Matching
Match each item with a statement below:
a. Security policy
f.
Due process
b.
c.
d.
e.
Risk management study
Threat agent
Due care
Acceptable encryption policy
g. Due diligence
h. Service level agreement
i. Service level agreement (SLA) policy
____ 22. the care that a reasonable person would exercise under the circumstances
____ 23. any investigation into suspicious employee conduct will examine all material facts
____ 24. a set of management statements that defines an organization’s philosophy of how to safeguard its information
____ 25. any person or thing with the power to carry out a threat against an asset
____ 26. a service contract between a vendor and a client that specifies what services will be provided, the
responsibilities of each party, and any guarantees of service
____ 27. the systematic and structured approach to managing the potential for loss that is related to a threat
____ 28. defines requirements for using cryptography
____ 29. an organizational policy that governs the conditions to be contained in an SLA
____ 30. the principle of treating all accused persons in an equal fashion, using established rules and principles
Related documents
Review Questions
Review Questions
02 Introduction - Software Engineering @ RIT
02 Introduction - Software Engineering @ RIT
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
Assessing vulnerability to climate change in South East Europe
Assessing vulnerability to climate change in South East Europe
A Global Disease Needs a Global Response
A Global Disease Needs a Global Response
Chapter 1: Security Problems in Computing
Chapter 1: Security Problems in Computing
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
GHG Inventory review - E-Learning Module
GHG Inventory review - E-Learning Module
Climate Change and Health A Framework for Discussion
Climate Change and Health A Framework for Discussion
Acronyms abbreviations
Acronyms abbreviations
Testimony - American Security Project
Testimony - American Security Project
Disposal Practices and Policy Options in Santa Barbara
Disposal Practices and Policy Options in Santa Barbara
Outlines
Outlines
A Space Mission Cybersecurity Study
A Space Mission Cybersecurity Study
A Reference Security Management Plan for Energy
A Reference Security Management Plan for Energy
to General Disposal Schedule No. 28
to General Disposal Schedule No. 28