Question 1

The document ____ provides a systems developmental lifecycle approach to security assessment of information systems.

Accepted Answer

A)  SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans 
B)  SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations 
C)  SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy 
D)  SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems 
A)  SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans 
B)  SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations 
C)  SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy 
D)  SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems

Question 2

The ____ plan typically focuses on restoring systems at the original site after disasters occur..

Accepted Answer

A)  DR 
B)  IR 
C)  BC 
D)  BIA 
A)  DR 
B)  IR 
C)  BC 
D)  BIA

Question 3

When disaster threatens the viability of the organization at the primary site, disaster recovery undergoes a transition into ____.

Accepted Answer

A)  business continuity 
B)  incident response 
C)  attack planning 
D)  crisis management 
A)  business continuity 
B)  incident response 
C)  attack planning 
D)  crisis management

Question 4

The document ____ makes recommendations for establishing firewall policies and for selecting, configuring, testing, deploying, and managing firewall solutions.

Accepted Answer

A)  SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans 
B)  SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations 
C)  SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy 
D)  SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems 
A)  SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans 
B)  SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations 
C)  SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy 
D)  SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems

Question 5

Match each item with a statement below.
-Basis for the design, selection, and implementation of all security program elements, including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of the security program.

Accepted Answer

A) managerial guidance SysSP document 
B) security training 
C) incident response 
D) business continuity plan 
E) information security policy
F)de jure
G)de facto
H)security blueprint
I)business impact analysis 
A) managerial guidance SysSP document 
B) security training 
C) incident response 
D) business continuity plan 
E) information security policy
F)de jure
G)de facto
H)security blueprint
I)business impact analysis

Question 6

Within a SETA program, ____ is only available to some of the organization's employees.

Accepted Answer

A)  security-related trinkets 
B)  security education 
C)  security training 
D)  security awareness programs 
A)  security-related trinkets 
B)  security education 
C)  security training 
D)  security awareness programs

Question 7

List the sections of the ISO/IEC 27002.

Accepted Answer

1.Risk Assessment and Treatment
2.Securi

Question 8

A security ____________________ is an outline of the overall information security strategy and a roadmap for planned changes to the organization's information security environment.

Accepted Answer

The answer of A security ____________________ is an outline of...

Question 9

List and describe the four phases of incident response.

Accepted Answer

1.Planning-getting ready to handle incid

Question 10

The ____ is an executive-level document, usually drafted by or at least in cooperation with the organization's chief information officer.

Accepted Answer

A)  EISP 
B)  ISSP 
C)  managerial guidance SysSP 
D)  technical specification SysSP 
A)  EISP 
B)  ISSP 
C)  managerial guidance SysSP 
D)  technical specification SysSP

The document ____ provides a systems developmental lifecycle approach to security assessment of information systems.

The ____ plan typically focuses on restoring systems at the original site after disasters occur..

When disaster threatens the viability of the organization at the primary site, disaster recovery undergoes a transition into ____.

The document ____ makes recommendations for establishing firewall policies and for selecting, configuring, testing, deploying, and managing firewall solutions.

Within a SETA program, ____ is only available to some of the organization's employees.

List the sections of the ISO/IEC 27002.

A security ____________________ is an outline of the overall information security strategy and a roadmap for planned changes to the organization's information security environment.

List and describe the four phases of incident response.

The ____ is an executive-level document, usually drafted by or at least in cooperation with the organization's chief information officer.

Introduction to Information Security

Authenticating Users

Introduction to Firewalls

Packet Filtering

Firewall Configuration and Administration

Working With Proxy Servers and Application-Level Firewalls

Implementing the Bastion Host

Encryption - The Foundation for the Virtual Private Network

Setting up a Virtual Private Network

Filters

Exam 2: Security Policies and Standards

The document ____ provides a systems developmental lifecycle approach to security assessment of information systems.

The ____ plan typically focuses on restoring systems at the original site after disasters occur..

When disaster threatens the viability of the organization at the primary site, disaster recovery undergoes a transition into ____.

The document ____ makes recommendations for establishing firewall policies and for selecting, configuring, testing, deploying, and managing firewall solutions.

Within a SETA program, ____ is only available to some of the organization's employees.

List the sections of the ISO/IEC 27002.

A security ____________________ is an outline of the overall information security strategy and a roadmap for planned changes to the organization's information security environment.

List and describe the four phases of incident response.

The ____ is an executive-level document, usually drafted by or at least in cooperation with the organization's chief information officer.

Introduction to Information Security

Authenticating Users

Introduction to Firewalls

Packet Filtering

Firewall Configuration and Administration

Working With Proxy Servers and Application-Level Firewalls

Implementing the Bastion Host

Encryption - The Foundation for the Virtual Private Network

Setting up a Virtual Private Network

Filters