Which activity manages the baseline settings for a system or device?

NetherCraft 0

QUESTION 1

Janet is identifying the set of privileges that should be
assigned to a new employee in her organization. Which phase of the
access control process is she performing?

Identification
Authentication
Accountability
Authorization

0.5 points   

QUESTION 2

Which of the following would NOT be considered in the scope of
organizational compliance efforts?

Laws
Company policy
Internal audit
Corporate culture

0.5 points   

QUESTION 3

Mark is considering outsourcing security functions to a
third-party service provider. What benefit is he most likely to
achieve?

Reduced operating costs
Access to a high level of expertise
Developing in-house talent
Building internal knowledge

0.5 points   

QUESTION 4

Biyu is making arrangements to use a third-party service
provider for security services. She wants to document a requirement
for timely notification of security breaches. What type of
agreement is most likely to contain formal requirements of this
type?

Service level agreement (SLA)
Blanket purchase agreement (BPA)
Memorandum of understanding (MOU)
Interconnection security agreement (ISA)

0.5 points   

QUESTION 5

Which agreement type is typically less formal than other
agreements and expresses areas of common interest?

Service level agreement (SLA)
Blanket purchase agreement (BPA)
Memorandum of understanding (MOU)
Interconnection security agreement (ISA)

0.5 points   

QUESTION 6

What is NOT a good practice for developing strong professional
ethics?

Set the example by demonstrating ethics in daily activities
Encourage adopting ethical guidelines and standards
Assume that information should be free
Inform users through security awareness training

0.5 points   

QUESTION 7

Which practice is NOT considered unethical under RFC 1087 issued
by the Internet Architecture Board (IAB)?

Seeking to gain unauthorized access to resources
Disrupting intended use of the Internet
Enforcing the integrity of computer-based information
Compromising the privacy of users

0.5 points   

QUESTION 8

What is NOT a principle for privacy created by the Organization
for Economic Cooperation and Development (OECD)?

An organization should collect only what it needs.
An organization should share its information.
An organization should keep its information up to date.
An organization should properly destroy its information when it
is no longer needed.

0.5 points   

QUESTION 9

Karen is designing a process for issuing checks and decides that
one group of users will have the authority to create new payees in
the system while a separate group of users will have the authority
to issue checks to those payees. The intent of this control is to
prevent fraud. Which principle is Karen enforcing?

Job rotation
Least privilege
Need-to-know
Separation of duties

0.5 points   

QUESTION 10

What is NOT a goal of information security awareness
programs?

Teach users about security objectives
Inform users about trends and threats in security
Motivate users to comply with security policy
Punish users who violate policy

0.5 points   

QUESTION 11

Ann is creating a template for the configuration of Windows
servers in her organization. It includes the basic security
settings that should apply to all systems. What type of document
should she create?

Baseline
Policy
Guideline
Procedure

0.5 points   

QUESTION 12

Roger’s organization received a mass email message that
attempted to trick users into revealing their passwords by
pretending to be a help desk representative. What category of
social engineering is this an example of?

Also Check This  Write electron configuration for Te2-?
Intimidation
Name dropping
Appeal for help
Phishing

0.5 points   

QUESTION 13

Aditya is attempting to classify information regarding a new
project that his organization will undertake in secret. Which
characteristic is NOT normally used to make these type of
classification decisions?

Value
Sensitivity
Criticality
Threat

0.5 points   

QUESTION 14

Which activity manages the baseline settings for a system or
device?

Configuration control
Reactive change management
Proactive change management
Change control

0.5 points   

QUESTION 15

What is the correct order of steps in the change control
process?

Request, approval, impact assessment, build/test, monitor,
implement
Request, impact assessment, approval, build/test, implement,
monitor
Request, approval, impact assessment, build/test, implement,
monitor
Request, impact assessment, approval, build/test, monitor,
implement

0.5 points   

QUESTION 16

Marguerite is creating a budget for a software development
project. What phase of the system lifecycle is she undertaking?

Project initiation and planning
Functional requirements and definition
System design specification
Operations and maintenance

0.5 points   

QUESTION 17

Bob is preparing to dispose of magnetic media and wishes to
destroy the data stored on it. Which method is NOT a good approach
for destroying data?

Formatting
Degaussing
Physical destruction
Overwriting

0.5 points   

QUESTION 18

In an accreditation process, who has the authority to approve a
system for implementation?

Certifier
Authorizing official (AO)
System owner
System administrator

0.5 points   

QUESTION 19

In what type of attack does the attacker send unauthorized
commands directly to a database?

Cross-site scripting
SQL injection
Cross-site request forgery
Database dumping

0.5 points   

QUESTION 20

In what software development model does activity progress in a
lock-step sequential process where no phase begins until the
previous phase is complete?

Spiral
Agile
Lean
Waterfall

Answer

Question 1:

The process of providing the access privileges to each employee
of an organization is called as the authoeization. The employee
having these privileges will authenticate himself and after that
he/she can use these privileges.

Hence, the correct choice is authorization.

Question 2:

The laws are not governed by the organizational compliance
programme. The compliance programme may require leal actions to
identify the risks and frauds. The laws are not in the scope of
this programme.

Hence, the correct choice is laws.

Question 3:

The third party service provider can handle security functions
more effectively and the cost to operate these functions will be of
third party service providers. The service providers have expertise
in thei work.

Hence, the correct choice is access to a high level of
expertise
.

Question 4:

There should be a interconnection between the network and the
telecom service providers for the purpose of the given requirement
in the problem. Requirement of this type of interconnection can be
documented in the Interconnection security agreement(ISA).

Hence, the correct choice is Interconnection security
agreement
(ISA).

Question 5:

The areas of common interest are expressed in the memorandum of
understanding agreement (MOU) in which the common interest of two
parties is discussed in the agreement. This type of agreement is
similar to the service level agreement (SLA) but it is less formal
than SLA.

Also Check This  Why are the cities of Santa Clara and San Jose California so expensive for housing?

Hence, the correct choice is Memorandum of understanding
(MOU)
.

Question 6:

The practice of good professional ethics are as follows:

  • Set the examples for users by demonstrating ethics in daily
    life of users. Professionals must be serious about ethics, if they
    want their users to be serious about these ethics.
  • The professionals should adopt the ethical guidelines. They
    should make a difficult decision to set an example of ethics.
  • The users should be aware of their expected ethical behavior.
    The ethics should be used in daily life. Everyone should be aware
    of these ethics.

The users should not assume anything theirselves. It could lead
to an unethical behavior. The third point is an assumption which
leads the users to an unethical behavior.

Hence, the correct choice is assume that information
should be free
.

Question 7:

The Internet architecture board (IAB) declares some practices
unethical which are as follows:

  • An unauthorized access to resources of an organization is
    purely unethical and leads to the lose of the organization.
  • The usage of internet is provided for the work purpose. If
    anyone is using the internet facility in the wrong way or for
    his/her personal use/business, then it will be declared as
    unethical.
  • The information of a company are highly confidential and should
    not be compromised.
  • The enforcement of integirity of computer based information is
    a good practice and it is ethical.

Hence, the correct choice is enforcing the integrity of
computer-based information
.

Question 8:

The information of a company should be highly confidential and
should be kept private within the company. The sharing of any
information related to the organization will breech the privacy
principles defined by the OECD.

Hence, the correct choice is an organization should
share its information
.

Question 9:

This type of control is used to prevent fraud. If a main
activitis performed by all the users, then there will be a great
chance of leaking some confidential information which could lead to
a lose of the organization.

If an activity is separated into multiple tasks which will be
performed by the different group of users, then the work will be
performed more efficiently. This process is called as separation of
duties.

Hence, the correct choice is separation of
duties
.

Question 10:

The security awareness programs can provide information about
the importance of the security standards and breech of these
security standards.

The punishment of users who violates the security ploicies is
not included in the security awareness programs. It is the step
after the violation of the policy.

Hece, the correct choice is punish users who violate
policy
.

Question 11:

A template containing the information about configuration will
be created using baseline model in which the starting information
will be provided.

Hence, the correct choice is baseline.

Question 12:

This type of cyber attack is called as phishing. The process of
sending the emails to an individual and pretending the emails from
a reputated organization to trick the users to get their personal
information is called as phishing.

Also Check This  How much would it cost to install an auxiliary jack in my car?

Hence, the correct choice is phishing.

Question 13:

The threat is not the ethical way of doing things in an
organization. The classification of an information can be based on
value, sensitivity, and criticality of the information but not on
the threat to anyone.

Hence, the correct choice is threat.

Question 14:

The baseline settings for a system or device can be managed by a
process called as configuration control. The configuration control
is used to make a system by which any changes in the system are
performed with the knowledge of the management of the
organization.

Hence, the correct choice is configuration
control
.

Question 15:

The correct order of the change control process is given as
follows:

  • First, there should be a request generated to change anything
    in the system.
  • The management should analyze that what kind of impact will be
    generated after the change in the system.
  • If the change is necessary, then the approval from management
    side needs to be done.
  • The building and testing due to the request of change in the
    system will be performed.
  • Implement the change in the system and then monitor the
    change.

Hence, the correct choice is request, impact assessment,
approval, build/test, implement, and monitor
.

Question 16:

The budget analysis of a project is a part of the planning
phase. The project will not be successful without analyzing the
budget requirement of the project accurately. The budget analysis,
objectives etc of a project needs to be done in the planning and
initiation phase.

Hence, the correct choice is project initiation and
planning
.

Question 17:

If the anyone wants to destroy the data which is stored on the
magnetic media, then the data should be destroyed in a way such
that it cannot be accessible again. The formatted data can be
restored with the help of any hardisks etc.

Hence, the correct choice is formatting.

Question 18:

The authorization officials have rights to approve the system
for implementation because it is important to take approval before
implementing a system.

Hence, the correct choice is authorizing
offcials
.

Question 19:

The process of sending unauthorized commands directly to the
database is called as SQL injection.

Hence, the correct choice is SQL injection.

Question 20:

The waterfall model is based on the linear sequential life
cycle. The process inside the waterfall model will be executed in a
sequential manner. A process cannot be executed before any other
process in the sequence.

Hence, the correct choice is waterfall.


Leave a Reply

Your email address will not be published.