Question 1

The process of reviewing records of network computer activity is called which of the following?

Accepted Answer

A)  monitoring 
B)  archiving 
C)  auditing 
D)  recording 
A)  monitoring 
B)  archiving 
C)  auditing 
D)  recording C

Question 2

What points should a third-party access policy include? List at least three.

Accepted Answer

This third-party access policy should include the following points at a minimum:
Access should be permitted only for company business.
Third parties should be subject to a security screening process.
Precise methods for allowing and denying connectivity should be defined.
The duration of permitted access and the details of terminating access should be defined.
Penalties and consequences for violating access terms should be defined because they are different from those for employees.

Question 3

When should you update the security policy?

Accepted Answer

You should update the security policy based on incidents reported as a result of ongoing security monitoring and any new risks your company faces.Any changes to the policy should then be made available to all employees,either by e-mail or by posting the changes on the company's Web site or intranet.

Question 4

What is the purpose of a privileged access policy?

Accepted Answer

Administrator duties can be covered by a

Question 5

________________ clauses exist in acceptable use policies so that companies can discipline employees whose computer activities interfere with productivity.

Accepted Answer

The answer of ________________ clauses exist in acceptable use policies...

Question 6

Which of the following would be considered a vulnerability?

Accepted Answer

A)  installation of a firewall 
B)  antivirus software 
C)  Internet-connected computer 
D)  spyware 
A)  installation of a firewall 
B)  antivirus software 
C)  Internet-connected computer 
D)  spyware

Question 7

Describe a remote access and wireless connection policy and the use of role-based authentication.Include two-factor authentication in your discussion.

Accepted Answer

A remote access and wireless connection

Question 8

SNA starts with the assumption that a system or network will be ________________.

Accepted Answer

The answer of SNA starts with the assumption that a...

Question 9

Which of the following defines how employees should use the organization's computing resources?

Accepted Answer

A)  Network and Internet Policy 
B)  Email and Spam Policy 
C)  Computing and Resource Policy 
D)  Acceptable Use Policy 
A)  Network and Internet Policy 
B)  Email and Spam Policy 
C)  Computing and Resource Policy 
D)  Acceptable Use Policy

Question 10

Which best defines residual risk?

Accepted Answer

A)  risk that occurs as a result of new vulnerabilities 
B)  the amount of risk remaining after countermeasures are implemented 
C)  a vulnerability for which the risk has been reduced to zero 
D)  the cost of implementing solutions to an assessed risk 
A)  risk that occurs as a result of new vulnerabilities 
B)  the amount of risk remaining after countermeasures are implemented 
C)  a vulnerability for which the risk has been reduced to zero 
D)  the cost of implementing solutions to an assessed risk

Question 11

____________________ risk is the amount of risk left over after countermeasures are implemented.

Accepted Answer

The answer of ____________________ risk is the amount of risk...

Question 12

Which of the following best describes a Monte Carlo simulation?

Accepted Answer

A)  a technique for simulating an attack on a system 
B)  a formula that estimates the cost of countermeasures 
C)  a procedural system that simulates a catastrophe 
D)  an analytical method that simulates a real-life system for risk analysis 
A)  a technique for simulating an attack on a system 
B)  a formula that estimates the cost of countermeasures 
C)  a procedural system that simulates a catastrophe 
D)  an analytical method that simulates a real-life system for risk analysis

Question 13

What are the four steps of Threat and Risk Assessment?

Accepted Answer

Asset definition
Thr

Question 14

MATCHING
-a private network that a company sets up as an extension of its corporate intranet

Accepted Answer

A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities 
A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities

Question 15

MATCHING
-authentication that requires more than one form of verification for a user to be granted access

Accepted Answer

A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities 
A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities

Question 16

What are the three levels of escalation of threat or security incidents? Describe them.

Accepted Answer

Level One (minor to moderate)-These inci

Question 17

MATCHING
-a document that details additional access options and responsibilities of users with privileged access to resources

Accepted Answer

A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities 
A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities

Question 18

MATCHING
-a method of authentication that grants users limited system access based on their assigned role in the company

Accepted Answer

A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities 
A) extranet 
B) network assets 
C) privileged access policy 
D) risk management 
E) role-based authentication
F)search warrant
G)subpoena
H)tunneling protocols
I)two-factor authentication
J)vulnerabilities

Question 19

An extranet is a backup network that you can use if the main network fails.

Accepted Answer

A) True 
 B)False

Question 20

What are three questions you should ask in deciding how your organization should perform risk analysis?

Accepted Answer

How often will risk analysis b

The process of reviewing records of network computer activity is called which of the following?

What points should a third-party access policy include? List at least three.

When should you update the security policy?

What is the purpose of a privileged access policy?

________________ clauses exist in acceptable use policies so that companies can discipline employees whose computer activities interfere with productivity.

Which of the following would be considered a vulnerability?

Describe a remote access and wireless connection policy and the use of role-based authentication.Include two-factor authentication in your discussion.

SNA starts with the assumption that a system or network will be ________________.

Which of the following defines how employees should use the organization's computing resources?

Which best defines residual risk?

____________________ risk is the amount of risk left over after countermeasures are implemented.

Which of the following best describes a Monte Carlo simulation?

What are the four steps of Threat and Risk Assessment?

MATCHING -a private network that a company sets up as an extension of its corporate intranet

MATCHING -authentication that requires more than one form of verification for a user to be granted access

What are the three levels of escalation of threat or security incidents? Describe them.

MATCHING -a document that details additional access options and responsibilities of users with privileged access to resources

MATCHING -a method of authentication that grants users limited system access based on their assigned role in the company

An extranet is a backup network that you can use if the main network fails.

What are three questions you should ask in deciding how your organization should perform risk analysis?

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Intrusion Detection and Prevention Systems

Firewalls

Firewall Design and Management

VPN Concepts

Internet and World Wide Web Security

On-Going Security Management

Filters

Exam 13: Security Policy Design and Implementation

The process of reviewing records of network computer activity is called which of the following?

What points should a third-party access policy include? List at least three.

When should you update the security policy?

What is the purpose of a privileged access policy?

________________ clauses exist in acceptable use policies so that companies can discipline employees whose computer activities interfere with productivity.

Which of the following would be considered a vulnerability?

Describe a remote access and wireless connection policy and the use of role-based authentication.Include two-factor authentication in your discussion.

SNA starts with the assumption that a system or network will be ________________.

Which of the following defines how employees should use the organization's computing resources?

Which best defines residual risk?

____________________ risk is the amount of risk left over after countermeasures are implemented.

Which of the following best describes a Monte Carlo simulation?

What are the four steps of Threat and Risk Assessment?

MATCHING -a private network that a company sets up as an extension of its corporate intranet

MATCHING -authentication that requires more than one form of verification for a user to be granted access

What are the three levels of escalation of threat or security incidents? Describe them.

MATCHING -a document that details additional access options and responsibilities of users with privileged access to resources

MATCHING -a method of authentication that grants users limited system access based on their assigned role in the company

An extranet is a backup network that you can use if the main network fails.

What are three questions you should ask in deciding how your organization should perform risk analysis?

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Intrusion Detection and Prevention Systems

Firewalls

Firewall Design and Management

VPN Concepts

Internet and World Wide Web Security

On-Going Security Management

Filters