Question 1

Which of the following specifies what should be done?

Accepted Answer

A)  policies 
B)  implementation 
C)  both A and B 
D)  neither A nor B 
A)  policies 
B)  implementation 
C)  both A and B 
D)  neither A nor B

Question 2

A policy specifies ________.

Accepted Answer

A)  what should be done 
B)  how to do it 
C)  both A and B 
D)  neither A nor B 
A)  what should be done 
B)  how to do it 
C)  both A and B 
D)  neither A nor B

Question 3

It is hardest to create good security ________.

Accepted Answer

A)  policies 
B)  procedures 
C)  processes 
D)  culture 
A)  policies 
B)  procedures 
C)  processes 
D)  culture

Question 4

Another term for authorization is ________.

Accepted Answer

A)  permission 
B)  authentication 
C)  scope 
D)  establishing the creator of a file 
A)  permission 
B)  authentication 
C)  scope 
D)  establishing the creator of a file

Question 5

________ focus on suspicious packets.

Accepted Answer

A)  Firewalls 
B)  IDSs 
C)  both A and B 
D)  neither A nor B 
A)  Firewalls 
B)  IDSs 
C)  both A and B 
D)  neither A nor B

Question 6

Attackers only need to find a single weakness to break in.Consequently,companies must ________.

Accepted Answer

A)  have comprehensive security 
B)  have insurance 
C)  do risk analysis 
D)  only give minimum permissions 
A)  have comprehensive security 
B)  have insurance 
C)  do risk analysis 
D)  only give minimum permissions

Question 7

Firewall operation takes place during the ________ phase.

Accepted Answer

A)  plan 
B)  protect 
C)  response 
D)  none of the above 
A)  plan 
B)  protect 
C)  response 
D)  none of the above

Question 8

Real-time fail-over with synchronized data centers ________.

Accepted Answer

A)  is expensive 
B)  minimizes downtime 
C)  both A and B 
D)  neither A nor B 
A)  is expensive 
B)  minimizes downtime 
C)  both A and B 
D)  neither A nor B

Question 9

Which of the following is true?

Accepted Answer

A)  Guidelines must be followed. 
B)  Guidelines must be considered. 
C)  both A and B 
D)  neither A nor B 
A)  Guidelines must be followed. 
B)  Guidelines must be considered. 
C)  both A and B 
D)  neither A nor B

Question 10

Communication with the media should be restricted which of the following?

Accepted Answer

A)  the public relations department 
B)  the legal department 
C)  the IT department 
D)  the security department 
A)  the public relations department 
B)  the legal department 
C)  the IT department 
D)  the security department

Question 11

On sensitive resources,authenticated parties should get ________.

Accepted Answer

A)  least permissions 
B)  standard permissions 
C)  no permissions 
D)  maximum permissions 
A)  least permissions 
B)  standard permissions 
C)  no permissions 
D)  maximum permissions

Question 12

In IDS log files,relevant events are ________.

Accepted Answer

A)  usually clustered tightly together 
B)  usually spread out in the log file 
C)  usually only available in log files for individual devices 
D)  usually found in the log files of routers 
A)  usually clustered tightly together 
B)  usually spread out in the log file 
C)  usually only available in log files for individual devices 
D)  usually found in the log files of routers

Question 13

If a person knows his or her role in an organizational system,________.

Accepted Answer

A)  they are dangerous 
B)  they are likely to report security violations 
C)  they are likely to act appropriately in unexpected circumstances 
D)  all of the above 
A)  they are dangerous 
B)  they are likely to report security violations 
C)  they are likely to act appropriately in unexpected circumstances 
D)  all of the above

Question 14

Normal incidents are handled by the ________.

Accepted Answer

A)  on-duty staff 
B)  CSIRT 
C)  outside consultant 
D)  FBI 
A)  on-duty staff 
B)  CSIRT 
C)  outside consultant 
D)  FBI

Question 15

The statement that people in quality control should have access to robots on the shop floor is an example of a firewall ________.

Accepted Answer

A)  policy 
B)  DMZ 
C)  ACL rule 
D)  procedure 
A)  policy 
B)  DMZ 
C)  ACL rule 
D)  procedure

Question 16

A central firewall management program that specifically pushes changes to firewalls is ________.

Accepted Answer

A)  a weakest link 
B)  defense in depth 
C)  a single point of takeover 
D)  risk analysis thinking 
A)  a weakest link 
B)  defense in depth 
C)  a single point of takeover 
D)  risk analysis thinking

Question 17

If the security principles in this chapter are implemented in organizational systems,an organizational system is likely to work securely without substantial active management.

Accepted Answer

A) True 
 B)False

Question 18

Compared to ________,________ are more structured.

Accepted Answer

A)  procedures; processes 
B)  processes; procedures 
C)  both A and B 
D)  neither A nor B 
A)  procedures; processes 
B)  processes; procedures 
C)  both A and B 
D)  neither A nor B

Question 19

________ log provable attack packets.

Accepted Answer

A)  Firewalls 
B)  IDSs 
C)  both A and B 
D)  neither A nor B 
A)  Firewalls 
B)  IDSs 
C)  both A and B 
D)  neither A nor B

Question 20

A key to fast and effective response is ________

Accepted Answer

A)  speed 
B)  quality 
C)  both A and B 
D)  neither A nor B 
A)  speed 
B)  quality 
C)  both A and B 
D)  neither A nor B

Which of the following specifies what should be done?

A policy specifies ________.

It is hardest to create good security ________.

Another term for authorization is ________.

________ focus on suspicious packets.

Attackers only need to find a single weakness to break in.Consequently,companies must ________.

Firewall operation takes place during the ________ phase.

Real-time fail-over with synchronized data centers ________.

Which of the following is true?

Communication with the media should be restricted which of the following?

On sensitive resources,authenticated parties should get ________.

In IDS log files,relevant events are ________.

If a person knows his or her role in an organizational system,________.

Normal incidents are handled by the ________.

The statement that people in quality control should have access to robots on the shop floor is an example of a firewall ________.

A central firewall management program that specifically pushes changes to firewalls is ________.

If the security principles in this chapter are implemented in organizational systems,an organizational system is likely to work securely without substantial active management.

Compared to , are more structured.

________ log provable attack packets.

A key to fast and effective response is ________

Core Network Concepts and Terminology

Network Standards

Network Management

Network Security

Ethernet 802.3switched Lans

Wireless Lans I

Wireless Lans II

TCP/IP Internetworking I

TCP/IP Internetworking II

Carrier Wide Area Networks Wans

Networked Applications

Filters

Exam 12: Appendix: Managing the Security Process

Which of the following specifies what should be done?

A policy specifies ________.

It is hardest to create good security ________.

Another term for authorization is ________.

________ focus on suspicious packets.

Attackers only need to find a single weakness to break in.Consequently,companies must ________.

Firewall operation takes place during the ________ phase.

Real-time fail-over with synchronized data centers ________.

Which of the following is true?

Communication with the media should be restricted which of the following?

On sensitive resources,authenticated parties should get ________.

In IDS log files,relevant events are ________.

If a person knows his or her role in an organizational system,________.

Normal incidents are handled by the ________.

The statement that people in quality control should have access to robots on the shop floor is an example of a firewall ________.

A central firewall management program that specifically pushes changes to firewalls is ________.

If the security principles in this chapter are implemented in organizational systems,an organizational system is likely to work securely without substantial active management.

Compared to ________,________ are more structured.

________ log provable attack packets.

A key to fast and effective response is ________

Core Network Concepts and Terminology

Network Standards

Network Management

Network Security

Ethernet 802.3switched Lans

Wireless Lans I

Wireless Lans II

TCP/IP Internetworking I

TCP/IP Internetworking II

Carrier Wide Area Networks Wans

Networked Applications

Filters

Compared to , are more structured.