- In an LAN domain, a_______________ is similar to a hub but can filter traffic, a ______________ connects LANs, or a LAN and a WAN, and a ______________ is a software or hardware device that filters traffic in and out of a LAN.
- A key component to IT security component is authorization, which is especially important in large complex organizations with thousands of employees and hundreds of systems. Two methods of authorization are role based access control (RBAC) and attribute based access control (ABAC). Although RBAC and ABAC can provide the same access, which of the following is an advantage of ABAC?
- _______________ is a measurement that quantifies how much information can be transmitted over the network.
- A typical data leakage protection program provides several layers of defense to prevent confidential data from leaving the organization. Which of the following is notone of the layers of defense?
- Of the types of U.S. compliance laws, there are a number of laws that are designed to provide confidence in the markets. _______________ are the beneficiaries of these laws.
- In recent years, ___________________ has emerged as major technology. It provides a way of buying software, infrastructure, and platform services on someone else’s network.
- Which of the following is one of the challenges of the Sarbanes-Oxley (SOX) Act?
- Federal and state governments in the United States establish laws that define how to control, handle, share, and process the sensitive information that the new economy relies on.
___________________are then added to these laws, which are typically written by civil servants to implement the authority of the law.
- The Family Educational Rights and Privacy Act (FERPA) was put into law in 1974, and contains several key elements. Which of the key elements states that schools can share information without permission for legitimate education evaluation reasons as well as for health and safety reasons?
- In order to move data from an unsecure WAN to a secure LAN, you typically begin by segmenting a piece of your LAN into a _________________________, which sits on the outside of your private network facing the public Internet. Servers in this area provide public-facing access to the organization, such as public Web sites.
- To be compliant with the security standards and processes outlined in NIST publications, policies must include key security control requirements. Which of the following is notone of the key requirements?
- As a result of a U.S. Supreme Court ruling challenging the restriction of access to information in libraries, the ________________ was declared constitutional. However, the courts do require schools and libraries to unblock sites when requested by an adult.
- One of the key functionalities of a central management system is inventory management, which does which of the following?
- An organization’s _________________ is a good source for determining what should be in security policies to meet regulatory requirements.
- The term critical infrastructurerefers to key elements of the country’s transportation, energy, communications, and banking systems. Which of the following is not an example of critical infrastructure?
- Though there are many ways to group security policies, a common method is to organize common risks and related policy issues into__________________ that share similarities but are distinctive enough to allow logical separation into more manageable secure areas.
- The____________________ domain refers to any endpoint device used by end users, which is including but not limited to mean any smart device in the end user’s physical possession and any device accessed by the end user, such as a smartphone, laptop, workstation, or mobile device
- Using switches, routers, internal firewalls, and other devices, you can restrict network traffic with a ____________________, which limits what and how computers are able to talk to each other.
- An efficient organization requires the proper alignment of people, processes, and technology. One of the ways good security policies can mitigate this risk is through enforcement. Which of the following situations is an example of enforcement?
- Of the many factors one must consider to ensure security policies and controls align with regulations ; ________________________is/are important to demonstrate coverage of regulatory requirements because they show the importance of each security control.
- _______________refers to an attempt to cause fear or major disruptions in a society through hacking computers. Such attacks target government computers, major companies, or key areas of the economy.
- Remote authentication has always been a concern because the person is coming from a public network, and many companies require two-factor authentication for remote access. Which of the following is notone of the most commonly accepted types of credentials?
- The Information Technology Infrastructure Library (ITIL) is a series of books that describe
IT practices and procedures, and it has five core books called volumes. Which of the following is notone of the five volumes?
- There are several types of domains in the IT infrastructure. Which of the following is notone of these domains?
- In U.S. compliance laws affecting information security policies, there exists a number of concepts with matching objectives. What is the matching objective for the concept of full disclosure?