Question: Question 1 Many organizations have a(n) __________, which is composed of end user devices (including tablets, laptops, and smartphones) on a shared network and that
Question 1
- Many organizations have a(n) __________, which is composed of end user devices (including tablets, laptops, and smartphones) on a shared network and that use distributed system software
|
| central server | |
|
| distributed infrastructure | |
|
| agentless central management tool | |
|
| control environment |
Question 2
- A(n) __________ is a general term used in technology to describe a future state in which
specific goals and objectives have been achieved.
|
| threat vector | |
|
| agent | |
|
| target state | |
|
| communications plan |
Question 3
- A(n) __________ is a device that has the ability and permission to reach out and connect to distributed devices to push changes to the devices.
|
| malware tool | |
|
| asset management tool | |
|
| agentless central management tool | |
|
| change management tool |
Question 4
- Which of the following scenarios illustrates an ideal time to implement security policies to gain the maximum level of organizational commitment?
|
| The policies should be implemented following a new product launch. | |
|
| The policies should be implemented at the same time new customer service policies are introduced. | |
|
| The policies should be implemented to coincide with audit findings in order to minimize security risks. | |
|
| The policies should be implemented at the same time of a new product launch. |
Question 5
- Which of the following is not one of the consequences of an unmotivated employee?
|
| Is prone to bad decision-making | |
|
| Is a target for social engineering pretexts | |
|
| Fails to report a control weakness | |
|
| Lacks self-interest |
Question 6
- A policy is a means of implementing a control, such as a way to prevent or detect a specific type of security breach
True
False
Question 7
- Organizations should create a governance policy committee to monitor policy adoption and effectiveness.
True
False
Question 8
- __________ are more likely to monitor security policy activity after the fact and in the aggregate to assess whether goals are being achieved, whereas __________ are likely to monitor activities before, during, and after as part of running the operations.
|
| Governance committees, management committees | |
|
| Management committees, government committees | |
|
| Governance committees, project committees | |
|
| Project committees, management committees |
Question 9
- Which of the following is instituted by executive management, is responsible for enforcing policies by reviewing technology activity, and greenlights new projects and activities? This committee is the basis of the other committees.
|
| Project committee | |
|
| Vendor governance committee | |
|
| Gateway committee | |
|
| Operational risk committee |
Question 10
- One of the many roles of the security compliance committee is to focus on controls that are widely used across a significant population of applications, systems, and operations. These types of controls are known as __________ controls.
|
| governance | |
|
| pervasive | |
|
| operations | |
|
| automated |
Question 11
- What is the main difference between a law and a regulation?
|
| Security policies try to comply with regulatory requirements. | |
|
| Regulation requirements create procedures for determining legal thresholds. | |
|
| Regulations have authority that derives from the original law. | |
|
| Laws institute legal thresholds. |
Question 12
- Which of the following is a network security device that acts as a decoy for hackers?
|
| Honeypot | |
|
| Demilitarized zone (DMZ) | |
|
| Threat vector | |
|
| Automation device |
Question 13
- Whereas a governance committee deals with the details for maintaining daily business operations, a management committee establishes strategic direction
True
False
Question 14
- Gateway committees are named as such because they are the gateways for
new technology projects entering an organization.
True
False
Question 15
- Companies seek to monitor employee email usage to safeguard against malware, viruses, sensitive information, and data leakage protection (DLP).
True
False
Question 16
- The __________ window is the gap between when a new vulnerability is discovered and when software developers write a patch
|
| threat | |
|
| risk | |
|
| vulnerability | |
|
| impact |
Question 17
- Microsoft offers automated tools that can be used to verify compliance. Once such tool is __________, which queries systems for vulnerabilities, deploys updates, and deploys operating system images to clients.
|
| System Center Configuration Manager (SCCM) | |
|
| Systems Management Server (SMS) | |
|
| Nmap | |
|
| Nessus |
Question 18
- A security baseline is deployed in your organization. You discover that one system is regularly being reconfigured. The security tool fixes it, and then the next scan shows it has changed again. You want to know who or what is making this change. Which is the best first step to resolve the issue?
|
| Redeploy the original security baseline. | |
|
| Enable auditing and then view the audit trail. | |
|
| Reinstall the system. | |
|
| Perform a random audit for compliance. |
Question 19
- There are several different best practices for IT security policy monitoring. One such practice is to create a baseline based on a security policy, which entails:
|
| using a security policy document as a road map. | |
|
| using images whenever possible to deploy new operating systems. | |
|
| routinely tracking rule and regulatory changes. | |
|
| regularly auditing systems after the baseline has been deployed. |
Question 20
- A configuration management database (CMDB) holds the configuration information for systems throughout a system's life cycle.
True
False
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help