CHAPTER FOUR QUIZ SECURITY.doc

Question 1 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  appetite INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 2 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  standard of due care INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 3 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET When deciding which information assets to track, which of the following asset attributes should be considered? Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  All of the above INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 4 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET ____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  a.  Risk INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 5 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET The ____ security policy is a planning document that outlines the process of implementing security in the organization. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  b.  program INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 6 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET ____ usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  a.  DRPs INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 7 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET The military uses a(n) _____-level classification scheme. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  c.  five INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 8 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET Management of classified data includes its storage and ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  All of the above INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 9 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET The concept of competitive ____ refers to the need to avoid falling behind the competition. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  b.  disadvantage INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 10 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET The first phase of risk management is ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  b.  risk identification INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 11 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET ____ is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  c.  Acceptance of risk INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 12 0 out of 4 points INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-incorrect_u.gif" \* MERGEFORMATINET ____ feasibility addresses user acceptance and support, management acceptance and support, and the overall requirements of the organization?s stakeholders. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  b.  Operational INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 13 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET There are individuals who search trash and recycling ? a practice known as ____ ? to retrieve information that could embarrass a company or compromise information security. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  c.  dumpster diving INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 14 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET ____ addresses are sometimes called electronic serial numbers or hardware addresses. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  a.  MAC INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 15 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET The formal process used in decision making regarding the adoption of specific controls is called a(n) ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  c.  CBA INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 16 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET In a(n) _____, each information asset is assigned a score for each critical factor. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  b.  weighted factor analysis INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 17 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  confidential INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 18 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET The probability of a threat occurring is usually a loosely derived table indicating the probability of an attack from each threat type within a given time frame. This value is commonly referred to as the ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  b.  ARO INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 19 0 out of 4 points INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-incorrect_u.gif" \* MERGEFORMATINET The actions an organization can and perhaps should take while the incident is in progress should be defined in a document referred to as the ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  c.  IRP INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 20 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET Risk ____ is the process of applying safeguards to reduce the risks to an organization?s data and information systems. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  c.  control INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 21 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET The ____ security policy is an executive-level document that outlines the organization?s approach and attitude towards information security and relates the strategic value of information security within the organization. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  general INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 22 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET Access controls can be ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  All of the above INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 23 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET In a lattice-based access control structure, the row of attributes associated with a particular subject (such as a user) is referred to as a(n) ____. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  capabilities table INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 24 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET ____ are implemented at the discretion or option of the data user. Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  b.  DAC INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/generic_updown.gif" \* MERGEFORMATINET Question 25 INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/grade-correct_u.gif" \* MERGEFORMATINET A(n) ____ is an authorization issued by the equipment manufacturer for the repair, modification, or update of a piece of equipment that is already in service Answer INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/spacer.gif" \* MERGEFORMATINET Correct Answer: INCLUDEPICTURE "http://bb.gadsdenstate.edu/images/ci/icons/check.gif" \* MERGEFORMATINET  d.  FCO