CSIS 340 Quiz 4

  1. In policies regarding the ______________________of data, it must be guaranteed that the data that exits the private network is secured and monitored; the data should also be encrypted while in transit.
  2. At Stanford University, data is labeled according to a classification scheme that identifies information in the following way: prohibited, restricted, confidential, and unrestricted. Which of the following schemes has Stanford adopted?
  3. One of the most important approaches used to secure personal data is ________________, which is the process used to prove the identity of an individual. ______________, however, is the process used to enable a person’s access privileges.
  4. While it would not be possible to classify all data in an organization, there has nonetheless been an increase in the amount of unstructured data retained in recent years, which has included data and logs. There are many different ways to make the time-consuming and expensive process of retaining data less challenging. Which of the following is notone these approaches?
  5. A risk exposure is defined as the impact to the organization when a situation transpires. The widely accepted formula for calculating exposure is as follows:

    Risk exposure =________________ the event will occur + ____________ if the event occurs

  6. When an incident occurs, there are a number of options that can be pursued. Which of the following actions is recommended when assets of a low value are being attacked?
  7. Of all the needs that an organization might have to classify data, there are three that are most prevalent. Which of the following is notone of the reasons?
  8. When constructing policies regarding data _______________, it is important that these policies offer particular guidance on separation of duties (SOD), and that there are procedures that verify SOD requirements.
  9. In addition to compiling the list of user access requirements, applications, and systems, the BIA also includes processes that are_____________________. These processes safeguard against any risks that might occur due to key staff being unavailable or distracted.
  10. If a vulnerability is not fixed at the root cause, there is a possibility that another route of attack can emerge. This route is known as the ____________________.
  11. In a business impact analysis (BIA), the phase of defining the business’s components and the component priorities, has several objectives. Which of the following is notone the objectives?
  12. In general, the IRT is comprised of a team with individuals that have different specialties; one such individual is the ___________________, which offers analytical skills and risk management. This specialist has focused forensic skills necessary for the collection and analysis of evidence.
  13. In order to form an IRT, an organization is required to create a charter; this document identifies the authority, mission, and goals of a committee or team, and there are a number of different types of IRT models for doing this. Which of the following models permits an IRT to have the complete authority to ensure a breach is contained?
  14. Despite the fact that there exists no mandatory scheme of data classification for private industry, there are four classifications used most frequently. Which of the following is not one of the four?
  15. To measure the effectiveness of the IRT, which of the following does notneed to be evaluated?
  16. Because risk management is a both a governance process and a model that seeks consistent improvement, there is a series of steps to be followed every time a new risk emerges. Which of the following is notone these steps?
  17. It is necessary to retain information for two significant reasons: legal obligation and business needs. Data that occupies the class of ________________ is comprised of records that are required to support operations; the data included might be customer and vendor records.
  18. An organization’s _______________________ is a particular group of differently skilled individuals who are responsible for attending to serious security situations.
  19. Consider this scenario: A company is notified that its servers have been compromised to be the point of departure to attack a host of other companies. The company then initiates an IRT, which is unable to locate the breach. The company then seeks the services of an outside firm that specializes in forensic analysis and intrusions. The outside firm locates the source of the breach and wants to monitor the actions of the intruder. However, the outside firm is informed by its internal legal counsel that the company does not agree with this course of action. Which of the following statements best captures the effectiveness of the company’s IRT policies?
  20. The____________________ identifies the processes entailed in the business continuity plan and/or the disaster recovery plan.
  21. While the amount of data known as mission-criticaldepends on the organization and industry, such data should only represent less than ____________ percent of the data population.
  22. _____________risk is the possible outcome that can occur when an organization or business unsuccessfully addresses its fiscal obligations.
  23. It is important to conduct a nearly continuous evaluation of possible______________ to guarantee that recovery estimates provided to customers are accurate and maintain credibility with customers.
  24. Of the different IRT roles, the _______________is head of the team and issues the ultimate call regarding how to respond to an incident, whereas the __________________ role is to monitor and document all the activity that unfolds during an incident.
  25. There must be security policies in place to set core standards and requirements when it comes to encrypted data. Which of the following is not one of these standards and requirements?
Buy Answer Key
  • Find by class