1. Microsoft domains offer _______________ in order to enhance security for certain departments or users in an organization. This method allows security gaps to close and security settings to be increased for some computers or users.
group policy
change management policies
configuration management policies
Simple Network Management Protocol (SNMP)
2. When new policies are introduced into an organization, the culture is forced to change. This change entails requiring individuals to cease bad habits and adopt new ways to cope with risk.
True
False
3. ___________________ make use of baselines to identify changes in the behavior of the network.
Anomaly-based intrusion detection systems
Protocols
Authenticated configuration scanners
Misconfiguration remediation
4. The Gramm-Leach-Bliley Act (GLBA) was created to protect confidentiality and security of customer information. Thus, under GLBA, organizations are required to inform regulators quickly if any unauthorized access or breach has occurred. Consider this scenario: A bank teller accesses a customer account out of curiosity. What is best course of action following this event?
The bank should notify the regulator based on the threshold set for the how many records can be subject to unauthorized access.
The bank should notify the teller that she is to be terminated immediately and investigated for suspicious activity.
The bank should notify the regulator immediately because the teller has exhibited suspicious activity.
The bank should notify the regulator because it is evidence that a pervasive control weakness exists.
5. In order to build security policy implementation awareness across the organization, there should be ____________________ who partner with other team and departments to promote IT security through different communication channels.
many HR department personnel
numerous marketing department professionals
multiple executive supporters
several IT department specialists
6. __________________ is a term that denotes the way that a policy either diminishes business disruptions or facilitates the business's success.
Risk and control self-assessment
Business risk
Bolt-on
Compliance
7. While there are many ways that policy objectives and goals can be described, some techniques are more effective than others for persuading an organization to implement them. Which of the following is not one of the effective techniques for persuading people to follow policy objectives and goals?
giving an explanation how the policy will minimize business risk
explaining how the policy will guarantee that the business complies with laws and regulations
explaining how the policy will safeguard against or locate IT security threats
explaining the careful process of design and approval that went into creating the polices
8. A ________________ is a technological term used in security policy to describe a future state in which specific goals and objectives have been achieved and which processes, resources, and tools are needed to achieve those goals and objectives.
threat vector
target state
agent
communications plan
9. After management has created and agreed upon its policies, it must then determine how these policies will be implemented. Which of the following is not one the processes that line management will follow in order to make the new policies operational?
It will ensure that all members on the front-line team have received training.
It will take on the responsibility of being the point person for contact.
It will ensure that users with the most sensitive security access especially adhere to the policies.
It will apply the policies in an even and consistent manner.
10. During the process of developing a communications plan, it is necessary to ask the question, __________________.
"Who is communicating?"
"What is the intended message?"
"What is the target audience?"
"How is it communicated?"