Download File - Information Technology Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
Document related concepts

Unix security wikipedia , lookup

Distributed firewall wikipedia , lookup

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Information security wikipedia , lookup

Transcript 
Chapter 14 Study Guide
____
1. Audits serve to verify that the security protections enacted by an organization are being followed and that
corrective actions can be swiftly implemented before an attacker exploits a vulnerability.
____
2. The objective of incident response is to restore normal operations as quickly as possible with the least
possible impact on either the business or the users.
____
3. Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
____
4. A due process policy is a policy that defines the actions users may perform while accessing systems and
networking equipment.
____
5. Education in an enterprise is limited to the average employee.
____
6. At the heart of information security is the concept of ____.
a. threat b. mitigation c. risk d. management
____
7. Because the impact of changes can potentially affect all users, and uncoordinated changes can result in
security vulnerabilities, many organizations create a(n) ____ to oversee the changes.
a. change management team b. incident response team c. security control team d. compliance team
____
8. ____ may be defined as the components required to identify, analyze, and contain that incident.
a. Vulnerability response b. Incident response c. Risk response d. Threat response
____
9. ____ is the planning, coordination, communications, and planning functions that are needed in order to
resolve an incident in an efficient manner.
a. Incident reporting b. Incident management c. Incident planning d. Incident handling
____ 10. ____ can be defined as the “framework” and functions required to enable incident response and incident
handling within an organization.
a. Incident reporting b. Incident management c. Incident handling d. Incident planning
____ 11. A ____ is a written document that states how an organization plans to protect the company’s information
technology assets.
a. security policy b. guideline c. security procedure d. standard
____ 12. A ____ is a collection of suggestions that should be implemented.
a. security policy b. baseline c. guideline d. security procedure
____ 13. A ____ is a document that outlines specific requirements or rules that must be met.
a. procedure b. standard c. guideline d. policy
____ 14. ____ are generally considered to be the most important information security policies.
a. Acceptable use policies b. Encryption policies c. Data loss policies d. VPN policies
____ 15. A(n) ____ policy outlines how the organization uses personal information it collects.
a. VPN b. network c. encryption d. privacy
____ 16. A policy that addresses security as it relates to human resources is known as a(n) ____ policy.
a. VPN b. acceptable use c. security-related human resource d. technical
____ 17. ____ are a person’s fundamental beliefs and principles used to define what is good, right, and just.
a. Morals b. Values c. Ethics d. Standards
____ 18. ____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.
a. Morals b. Ethics c. Standards d. Morays
____ 19. ____ can be defined as the study of what a group of people understand to be good and right behavior and how
people make those judgments.
a. Values b. Morals c. Ethics d. Standards
____ 20. A(n) ____ policy is designed to produce a standardized framework for classifying information assets.
a. VPN b. acceptable use c. privacy d. classification of information
____ 21. ____ networks are typically used for connecting devices on an ad hoc basis for file sharing of audio, video,
and data, or real-time data transmission such as telephony traffic.
a. Peer b. Client-server c. P2P d. Share
____ 22. The Web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or
school contacts are called ____ sites.
a. social networking b. social engineering c. social management d. social control
____ 23. A(n) ____ approach is the art of helping an adult learn.
a. andragogical b. pedagogical c. deontological d. metagogical
____ 24. ____ learners learn through taking notes, being at the front of the class, and watching presentations.
a. Kinesthetic b. Auditory c. Spatial d. Visual
____ 25. ____ learners tend to sit in the middle of the class and learn best through lectures and discussions.
a. Visual b. Auditory c. Kinesthetic d. Spatial
____ 26. ____ learners learn through a lab environment or other hands-on approaches.
a. Visual b. Auditory c. Kinesthetic d. Spatial
27. A(n) ____________________ is a methodical examination and review that produces a detailed report of its
findings.
28. ____________________ seeks to approach changes systematically and provide the necessary documentation
of the changes.
29. A(n) ____________________ is a collection of requirements specific to the system or procedure that must be
met by everyone.
30. When designing a security policy, many organizations follow a standard set of ____________________.
31. Most people are taught using a(n) ____________________ approach.
Match each term with the correct statement below.
a. Privilege
f.
b. Threat agent
g.
c. Change management
h.
d. Privilege management
i.
e. Vulnerability
Privilege auditing
Threat
Social networking
Risk
____ 32. A type of action that has the potential to cause harm
____ 33. A person or element that has the power to carry out a threat
____ 34. A flaw or weakness that allows a threat agent to bypass security
____ 35. The likelihood that the threat agent will exploit the vulnerability
____ 36. A subject’s access level over an object, such as a user’s ability to open a payroll file
____ 37. The process of assigning and revoking privileges to objects; that is, it covers the procedures of managing
object authorizations
____ 38. Periodic reviewing of a subject’s privileges over an object
____ 39. Refers to a methodology for making modifications and keeping track of those changes
____ 40. Grouping individuals and organizations into clusters or groups based on some sort of affiliation
41. List and describe two risk categories.
42. List four attributes that should be compiled for new equipment in the change management documentation.
43. What are the typical classification designations of government documents?
44. What are the duties of the CMT?
45. List two characteristics of a policy.
46. Which roles should be represented on the security policy development team?
47. List one reason why social networking sites are popular with attackers.
48. What is a general security tip for using a social networking site?
49. Identify two opportunities for security education and training.
50. Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
Chapter 14 Study Guide
Answer Section
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
ANS:
T
T
T
F
F
C
A
B
D
B
A
C
D
A
D
C
B
A
C
D
C
A
A
D
B
C
audit
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
PTS:
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
REF:
536
538-539
541
544
555
535
538
538
538
538
539
540
540
546
546
547
549
549
549
549
552
552
555
556
556
556
PTS: 1
REF: 536
28. ANS: Change management
PTS: 1
29. ANS: standard
REF: 537
PTS: 1
30. ANS: principles
REF: 540
PTS: 1
31. ANS: pedagogical
PTS: 1
32. ANS: G
33. ANS: B
REF: 555
PTS: 1
PTS: 1
REF: 535
REF: 535
34.
35.
36.
37.
38.
39.
40.
41.
ANS: E
PTS: 1
REF: 535
ANS: I
PTS: 1
REF: 535
ANS: A
PTS: 1
REF: 536
ANS: D
PTS: 1
REF: 536
ANS: F
PTS: 1
REF: 536
ANS: C
PTS: 1
REF: 537
ANS: H
PTS: 1
REF: 552
ANS:
Strategic - Action that affects the long-term goals of the organization
Compliance - Following a regulation or standard
Financial - Impact of financial decisions or market factors
Operational - Events that impact the daily business of the organization
Environmental - Actions related to the surroundings
Technical - Events that affect information technology systems
Managerial - Actions that are related to the management of the organization
PTS: 1
REF: 536
42. ANS:
IP and MAC addresses
Equipment name
Equipment type
Function
Inventory tag number
Location
Manufacturer
Manufacturer serial number
Model and part number
Software or firmware version
PTS: 1
REF: 538
43. ANS:
The classification designations of government documents are typically Top Secret, Secret, Confidential, and
Unclassified.
PTS: 1
REF: 538
44. ANS:
Review proposed changes.
Ensure that the risk and impact of the planned change are clearly understood.
Recommend approval, disapproval, deferral, or withdrawal of a requested change.
Communicate proposed and approved changes to coworkers.
PTS: 1
REF: 538
45. ANS:
Policies communicate a consensus of judgment.
Policies define appropriate behavior for users.
Policies identify what tools and procedures are needed.
Policies provide directives for Human Resource action in response to inappropriate behavior.
Policies may be helpful in the event that it is necessary to prosecute violators.
PTS: 1
REF: 541
46. ANS:
Senior level administrator
Member of management who can enforce the policy
Member of the legal staff
Representative from the user community
PTS: 1
REF: 543
47. ANS:
They provide a treasure trove of personal data. Users often include personal information in their profiles for
others to read, such as birthdays, where they live, and their employment history. Attackers may steal this data
and use it for malicious purposes.
Users are generally trusting. Attackers often join a social networking site and pretend to be part of the
network of users. After several days or weeks, users begin to feel they know the attackers and may start to
provide personal information or click embedded links provided by the attacker that load malware onto the
user’s computer.
Social networking Web sites are vulnerable. Because social networking sites have only recently become the
target of attackers, many of these sites have lax security measures and it is easy for attackers to break into the
sites to steal user information.
PTS: 1
REF: 553
48. ANS:
Consider carefully who is accepted as a friend. Once a person has been accepted as a friend, that person will
be able to access any personal information or photographs.
Show “limited friends” a reduced version of your profile. Individuals can be designated “limited friends” who
only have access to a smaller version of the user’s profile. This can be useful for casual acquaintances or
business associates.
Disable options and then reopen them only as necessary. Users should disable options until it becomes
apparent that option is needed, instead of making everything accessible and restricting access after it is too
late.
PTS: 1
REF: 553
49. ANS:
When a new employee is hired
After a computer attack has occurred
When an employee is promoted or given new responsibilities
During an annual departmental retreat
When new user software is installed
When user hardware is upgraded
PTS: 1
REF: 554-555
50. ANS:
In a pedagogical approach, the subject matter is defined by what the teacher wants to give. In an andragogical
approach, learning is organized around situations in life or at work.
PTS: 1
REF: 555
Related documents
Unit 4 - Four Operations : Difference-Multiple
Unit 4 - Four Operations : Difference-Multiple
Biology Chapter 7 Section 1 Review
Biology Chapter 7 Section 1 Review
L.14.7
L.14.7
Chapter 2: Laws and Acts
Chapter 2: Laws and Acts
A2 - JMap
A2 - JMap
Rubric: Cell specialization project
Rubric: Cell specialization project
BIO 420 Mammalian Physiology Name: Homework #3 Fall 2015 1
BIO 420 Mammalian Physiology Name: Homework #3 Fall 2015 1
DOC - Jmap
DOC - Jmap
Module 2 Sample Test
Module 2 Sample Test
Key to Quiz #2 File
Key to Quiz #2 File
Document 87368
Document 87368