Q1. The procedures associated with unfriendly terminations are generally no different from those associated with friendly ones.
a. True
b. False
Q2. The ____ plan should lay out a comprehensive strategy that will guard against the malicious actions of human beings in the workforce.
a. data security
b. personnel security
c. system security
d. resource security
Q3. Because a lot of IT work is ____, the personnel security process has to state explicit rules to ensure the security of contracted work.
a. insourced
b. outsourced
c. delayed
d. part-time
Q4. In the procedure associated with friendly termination, the user's ____ are removed first.
a. access privileges
b. object rights
c. system rights
d. logon privileges
Q5. Logically, the entry point into the process of assigning privileges to company roles is the ____ process.
a. role definition
b. personnel definition
c. job definition
d. technical definition
Q6. The first step to developing a ____ is a comprehensive inventory of all of the physical assets that fall within the protected space.
a. Operational Security Plan
b. Software Security Plan
c. Risk Management Plan
d. Physical Security Plan
Q7. ____ is the primary factor in a physical security plan because it dictates the form of physical access control.
a. Environment
b. Control
c. Access
d. Location
Q8. ____ methods include people-based solutions such as foot patrols and closed-circuit TV surveillance.
a. Intrusion elimination
b. Intrusion diversion
c. Intrusion detection
d. Intrusion misdirection
Q9. Most physical security plans are developed separately from the planning that defines the activities of the information security process.
a. True
b. False
Q10. There are normally three classes of items in each of the physical security management baselines: equipment, people, and the ____.
a. environment
b. process
c. procedures
d. technology
Q11. Audit-based intrusion detection depends on data in ____.
a. system files
b. memory
c. system logs
d. applications
Q12. Rules that define the boundaries of ____ are an essential factor in the establishment of a network security function.
a. access
b. trust
c. an organization
d. the network
Q13. The ____ approach to network security entails a partitioned or subdivided topology.
a. segmented
b. hub
c. spoke
d. ring
Q14. Consistency is always a threat to the operation of networks.
a. True
b. False
Q15. Switches and ____ are the physical components that interconnect the computers within a network.
a. routers
b. hubs
c. firewalls
d. proxies
Q16. Given the number of possible participants in the operations and maintenance process, the logical way to establish a formal security of operations function is through an organization-wide ____ activity.
a. enterprise continuity
b. data security
c. digital forensics
d. strategic planning
Q17. The purpose of the operational security plan is to organize and coordinate the company's security resources, in order to ensure reliable, day-to-day operational assurance of the business.
a. True
b. False
Q18. The ____ provides an unambiguous statement of how the company will coordinate and control its information security practice.
a. functional security plan
b. enterprise security plan
c. operational security plan
d. strategic security plan
Q19. ____ is a continuous process when it comes to ensuring the integrity of the security system.
a. Evaluation
b. Oversight
c. Management
d. Review
Q20. Threats are often identified before their actual impact is fully understood.
a. True
b. False
Q21. The deliberate control level of the capability maturity process is based on a ____.
a. systematic risk assessment
b. systematic vulnerability assessment
c. systematic incident assessment
d. systematic review
Q22. The ____ function is responsible for making certain that the individuals who perform specific information security tasks have all of the requisite knowledge, skills, and abilities to carry out their designated duties.
a. training
b. awareness
c. accountability
d. data security
Q23. Behavior that falls within the common norms of a group is known as ____ behavior.
a. acceptable
b. unacceptable
c. tolerable
d. functional
Q24. ____ refers to general or company-wide recognition of the existence of a security requirement or concept.
a. Attention
b. Awareness
c. Accountability
d. Training
Q25. ____ is the internal condition that activates or drives behavior.
a. Incentive
b. Awareness
c. Motivation
d. Training