Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 2: Planning and Policy

Full screen (f)
exit full mode
Question
Which of the following is FALSE about security management?

A) Management is abstract; technology is visible.
B) Security technology is far more important than security management.
C) There are fewer general principles in security management than technology.
D) It is generally a mistake to focus too heavily on security technology compared to security management.
Use Space or
up arrow
down arrow
to flip the card.
Question
Comprehensive security pertains to ________.

A) closing all routes of attack to their systems to attackers
B) closing all Internet-linked servers to attackers
C) lessening security issues in an entire company
D) decreasing the risk of all computer systems in a company
Question
If a failure of a single element of a system will ruin security, this is called a(n) ________.

A) weakest-link failure
B) hybrid solution
C) internal audit
D) risk analysis
Question
Process pertains to ________.

A) the plan-protect-respond cycle
B) the systems life cycle
C) a planned series of actions
D) recovery according to plan
Question
Which of the following is NOT part of the highest-level security management process that most firms use today to protect against threats?

A) Plan
B) Process
C) Protect
D) Respond
Question
The systems development life cycle is most connected to the ________ of the plan-protect-respond cycle of security management.

A) plan
B) process
C) protect
D) respond
Question
Response is ________.

A) the second phase of the systems life cycle
B) the plan-based creation and operation of countermeasures
C) a planned series of actions
D) recovery according to plan
Question
A firm's primary objective is to make a profit.
Question
A firewall administrator should check the log file in a company each week.
Question
One reason why security management is difficult is that companies need to protect a large number of resources.
Question
Security is too complicated to be managed informally.
Question
In the plan-protect-respond cycle, the three activities always take place in sequential order.
Question
One key to making security an enabler is to get security involved near the end of most projects.
Question
Which of the following produced the greatest change in financial reporting requirement since the Great Depression?

A) The Sarbanes-Oxley Act
B) The General Data Protection Regulation
C) The Gramm-Leach-Bliley Act
D) The Health Insurance Portability and Accountability Act
Question
The Sarbanes-Oxley Act was passed in ________.

A) 2000
B) 2002
C) 2010
D) 2012
Question
Which of the following is an EU privacy law?

A) The Sarbanes-Oxley Act
B) The General Data Protection Regulation
C) The Gramm-Leach-Bliley Act
D) The Health Insurance Portability and Accountability Act
Question
Which of the following is also known as the Financial Services Modernization Act?

A) GDPR
B) GLBA
C) HIPAA
D) SB 1386
Question
Which of the following was the first data breach notification law in the U.S.?

A) GDPR
B) GLBA
C) HIPAA
D) SB 1386
Question
________ was the last state to implement a data breach notification law in ________.

A) Georgia; 2000
B) Alabama; 2018
C) North Dakota; 2016
D) California; 2018
Question
One of the first data breach notification laws in the U.S. was created in ________.

A) California
B) New York
C) Illinois
D) Texas
Question
Who has the power to prosecute companies that fail to take reasonable precautions to protect private information?

A) HIPAA
B) FTC
C) GDPR
D) GLBA
Question
________ has set the standards for companies that accept credit cards as a form of payment.

A) FISMA
B) FTC
C) PCI-DSS
D) HIPAA
Question
Why was FISMA enacted?

A) To set standards for companies that accept credit card payments
B) To set accreditation standards for members of a particular industry
C) To prosecute firms that fail to take reasonable precautions to protect customers' private information
D) To bolster computer and network security within the federal government
Question
Compliance laws create requirements to which corporate security must respond.
Question
The Sarbanes-Oxley Act was passed in 2012.
Question
Given the importance of Sarbanes-Oxley compliance for companies, most firms were forced to increase their security efforts.
Question
The GLBA is considered the most important EU privacy rule ever created.
Question
There are strong federal laws requiring companies to provide notice of a data breach.
Question
HIPAA has the power to require firms to pay to be audited annually by an external firm.
Question
The first stage of FISMA is a certification of a system by an organization.
Question
Which of the following is considered the first step for a corporation in managing security?

A) To decide where the security function will sit on a firm's organization chart
B) To determine what devices need secured and which software to use to do that
C) To determine the size of the security staff and the budget that will support that staff
D) To decide the objectives of the security function
Question
Which of the following is considered a fundamental problem with making IT security a staff department outside IT?

A) Separation reduces accountability.
B) IT security would report to a firm's CIO.
C) Security changes that would need to be made would be easier.
D) Security and IT could share many of the same technological skill set.
Question
Which of the following is NOT one of the three auditing departments that are part of most corporations?

A) Financial auditing
B) Internal auditing
C) Outside auditing
D) IT auditing
Question
________ in regard to outside IT security means checking out closely the IT security implications of a potential partnership before beginning the relationship.

A) A hybrid solution
B) Internal auditing
C) Risk analysis
D) Due diligence
Question
The most common type of IT security outsourcing is done for ________.

A) laptops
B) e-mail
C) all hardware
D) all software
Question
An advantage to using an MSSP is ________.

A) cost
B) control of employees
C) constant internal control
D) independence
Question
The usual title for a company's security department head is chief security officer.
Question
Most analysts recommend placing security outside IT.
Question
Most firms have a CSO report direct to the company's CEO.
Question
The financial auditing department examines organizational units for efficiency, effectiveness, and adequate controls.
Question
IT security is almost always mistrusted by other departments because of security's potential to make life harder.
Question
Which of the following compares probable losses with the costs of security protections?

A) Weakest-link failure
B) Reasonable risk
C) Internal audits
D) Risk analysis
Question
The ________ of the classic risk analysis calculation is the percentage of an asset's value that would be lost in a breach.

A) single loss expectancy
B) annualized loss expectancy
C) exposure factor
D) countermeasure impact
Question
What does a central logging server of an MSSP on a network do?

A) It calculates the amount of processing ability needed for a system.
B) It uploads a firm's event log data.
C) It uploads the number of times that employees have logged into-or attempted to log into-questionable sites.
D) It automatically creates a firewall when questionable activity is detected.
Question
Which of the following is an outsourcing alternative?

A) PCI-DSS
B) FISMA
C) MSSP
D) ISO 27000
Question
In the classic risk analysis calculation, once you know how much damage an incident may cause from a single breach, the next issue is how frequently breaches will occur. This is normally done on a(n) ________ basis.

A) annualized
B) weekly
C) daily
D) bi-annual
Question
In the classic risk analysis calculation, the countermeasure impact assesses the ________.

A) drawbacks of a countermeasure
B) benefits of a countermeasure
C) costs of a countermeasure
D) number of incidents of all possible countermeasures
Question
The ________ of the classic risk analysis calculation is the value of the thing to be protected.

A) asset value
B) annualized loss expectancy
C) exposure factor
D) countermeasure impact
Question
Discounted cash flow analysis is also called ________.

A) IRR
B) TCI
C) NPV
D) ROI
Question
Which of the following is NOT a logical possible response to risk by a company?

A) Risk reduction
B) Risk acceptance
C) Risk transference
D) Risk analysis
Question
Installing firewalls in a company is an example of ________.

A) risk reduction
B) risk acceptance
C) risk transference
D) risk avoidance
Question
The most common example of risk transference is ________.

A) insurance
B) no countermeasures
C) installing firewalls
D) IT security measures
Question
Return on investment analysis requires the computation of either the net present value or the ________.

A) risk transference
B) risk avoidance
C) internal rate of return
D) total cost of incident
Question
IT security planning always focuses on risk.
Question
The annualized loss expectancy of the classic risk analysis calculation is the yearly average loss expected from a compromise for the asset.
Question
Although IT security can reduce the risk of attacks for companies, security also has some negative side effects.
Question
The classic risk analysis calculation is difficult or impossible to use in actual practice.
Question
The worst problem with classic risk analysis is that it is rarely possible to estimate the annualized rate of occurrence for threats.
Question
ROI is typically quite easy to measure for security investments.
Question
A positive of classic risk analysis is that it imposes general discipline for thinking about risks and countermeasures.
Question
________ includes all of a firm's technical countermeasures and how they are organized into a complete system of protection.

A) Technical security architecture
B) Risk avoidance
C) Corporate security policy
D) Implementation guidance
Question
Technologies that a company has implemented in the past but that now are somewhat ineffective are known as ________.

A) central security management consoles
B) legacy security technologies
C) technical security architecture
D) defense in depth
Question
When an attacker has to break through multiple countermeasures to succeed, it's known as ________.

A) defense in depth
B) single point of vulnerability
C) weakest link
D) technical security architecture
Question
Which of the following defines the opposite of defense in depth?

A) Weakest link
B) Defense in depth
C) Single point of vulnerability
D) Technical security architecture
Question
________ refers to the intention to minimize lost productivity and attempt to not slow innovation.

A) Minimizing security burdens
B) Defining the weakest link
C) A single point of vulnerability
D) Technical security architecture
Question
________ is being able to manage security technologies from a single security management console or at least from a relatively few consoles.

A) Technical security architecture
B) A single point of vulnerability
C) Centralized security management
D) Defense in depth
Question
It is preferable if a firm's security systems evolve naturally and organically without major coordination.
Question
If a legacy technology is a serious threat to security, it must be replaced.
Question
In defense in depth, there are multiple independent countermeasures placed in a series.
Question
All single points of failure can be eliminated.
Question
Firewalls are only for borders between external networks and internal networks and do not exist for solely an internal purpose.
Question
In interorganizational systems, two companies link some of their IT assets.
Question
The goal of ________ is to emphasize a firm's commitment to strong security.

A) corporate security policies
B) centralized security management
C) technical security architecture
D) acceptable use policies
Question
It is common for companies to require users to read and sign a(n) ________.

A) corporate security policy
B) personally identifiable information policy
C) e-mail policy
D) acceptable use policy
Question
________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

A) Standards
B) Policies
C) Guidelines
D) Procedures
Question
________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

A) Standards
B) Policies
C) Guidelines
D) Procedures
Question
Of the following, ________ are the most detailed.

A) policies
B) standards
C) guidelines
D) procedures
Question
In the ________, a specific, full act should require two or more people to complete.

A) implementation guidance
B) weakest link
C) segregation of duties
D) request/authorization control
Question
________ describe the details of what is to be done but without specifically describing how to do something.

A) Baselines
B) Standards
C) Best practices
D) Procedures
Question
________ can simply be described as a person's system of values.

A) Baselines
B) Ethics
C) Procedures
D) Best practices
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/105
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 2: Planning and Policy
1
Which of the following is FALSE about security management?

A) Management is abstract; technology is visible.
B) Security technology is far more important than security management.
C) There are fewer general principles in security management than technology.
D) It is generally a mistake to focus too heavily on security technology compared to security management.
Security technology is far more important than security management.
2
Comprehensive security pertains to ________.

A) closing all routes of attack to their systems to attackers
B) closing all Internet-linked servers to attackers
C) lessening security issues in an entire company
D) decreasing the risk of all computer systems in a company
closing all routes of attack to their systems to attackers
3
If a failure of a single element of a system will ruin security, this is called a(n) ________.

A) weakest-link failure
B) hybrid solution
C) internal audit
D) risk analysis
weakest-link failure
4
Process pertains to ________.

A) the plan-protect-respond cycle
B) the systems life cycle
C) a planned series of actions
D) recovery according to plan
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following is NOT part of the highest-level security management process that most firms use today to protect against threats?

A) Plan
B) Process
C) Protect
D) Respond
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
6
The systems development life cycle is most connected to the ________ of the plan-protect-respond cycle of security management.

A) plan
B) process
C) protect
D) respond
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
7
Response is ________.

A) the second phase of the systems life cycle
B) the plan-based creation and operation of countermeasures
C) a planned series of actions
D) recovery according to plan
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
8
A firm's primary objective is to make a profit.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
9
A firewall administrator should check the log file in a company each week.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
10
One reason why security management is difficult is that companies need to protect a large number of resources.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
11
Security is too complicated to be managed informally.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
12
In the plan-protect-respond cycle, the three activities always take place in sequential order.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
13
One key to making security an enabler is to get security involved near the end of most projects.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following produced the greatest change in financial reporting requirement since the Great Depression?

A) The Sarbanes-Oxley Act
B) The General Data Protection Regulation
C) The Gramm-Leach-Bliley Act
D) The Health Insurance Portability and Accountability Act
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
15
The Sarbanes-Oxley Act was passed in ________.

A) 2000
B) 2002
C) 2010
D) 2012
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following is an EU privacy law?

A) The Sarbanes-Oxley Act
B) The General Data Protection Regulation
C) The Gramm-Leach-Bliley Act
D) The Health Insurance Portability and Accountability Act
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is also known as the Financial Services Modernization Act?

A) GDPR
B) GLBA
C) HIPAA
D) SB 1386
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following was the first data breach notification law in the U.S.?

A) GDPR
B) GLBA
C) HIPAA
D) SB 1386
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
19
________ was the last state to implement a data breach notification law in ________.

A) Georgia; 2000
B) Alabama; 2018
C) North Dakota; 2016
D) California; 2018
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
20
One of the first data breach notification laws in the U.S. was created in ________.

A) California
B) New York
C) Illinois
D) Texas
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
21
Who has the power to prosecute companies that fail to take reasonable precautions to protect private information?

A) HIPAA
B) FTC
C) GDPR
D) GLBA
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
22
________ has set the standards for companies that accept credit cards as a form of payment.

A) FISMA
B) FTC
C) PCI-DSS
D) HIPAA
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
23
Why was FISMA enacted?

A) To set standards for companies that accept credit card payments
B) To set accreditation standards for members of a particular industry
C) To prosecute firms that fail to take reasonable precautions to protect customers' private information
D) To bolster computer and network security within the federal government
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
24
Compliance laws create requirements to which corporate security must respond.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
25
The Sarbanes-Oxley Act was passed in 2012.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
26
Given the importance of Sarbanes-Oxley compliance for companies, most firms were forced to increase their security efforts.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
27
The GLBA is considered the most important EU privacy rule ever created.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
28
There are strong federal laws requiring companies to provide notice of a data breach.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
29
HIPAA has the power to require firms to pay to be audited annually by an external firm.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
30
The first stage of FISMA is a certification of a system by an organization.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following is considered the first step for a corporation in managing security?

A) To decide where the security function will sit on a firm's organization chart
B) To determine what devices need secured and which software to use to do that
C) To determine the size of the security staff and the budget that will support that staff
D) To decide the objectives of the security function
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following is considered a fundamental problem with making IT security a staff department outside IT?

A) Separation reduces accountability.
B) IT security would report to a firm's CIO.
C) Security changes that would need to be made would be easier.
D) Security and IT could share many of the same technological skill set.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following is NOT one of the three auditing departments that are part of most corporations?

A) Financial auditing
B) Internal auditing
C) Outside auditing
D) IT auditing
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
34
________ in regard to outside IT security means checking out closely the IT security implications of a potential partnership before beginning the relationship.

A) A hybrid solution
B) Internal auditing
C) Risk analysis
D) Due diligence
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
35
The most common type of IT security outsourcing is done for ________.

A) laptops
B) e-mail
C) all hardware
D) all software
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
36
An advantage to using an MSSP is ________.

A) cost
B) control of employees
C) constant internal control
D) independence
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
37
The usual title for a company's security department head is chief security officer.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
38
Most analysts recommend placing security outside IT.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
39
Most firms have a CSO report direct to the company's CEO.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
40
The financial auditing department examines organizational units for efficiency, effectiveness, and adequate controls.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
41
IT security is almost always mistrusted by other departments because of security's potential to make life harder.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
42
Which of the following compares probable losses with the costs of security protections?

A) Weakest-link failure
B) Reasonable risk
C) Internal audits
D) Risk analysis
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
43
The ________ of the classic risk analysis calculation is the percentage of an asset's value that would be lost in a breach.

A) single loss expectancy
B) annualized loss expectancy
C) exposure factor
D) countermeasure impact
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
44
What does a central logging server of an MSSP on a network do?

A) It calculates the amount of processing ability needed for a system.
B) It uploads a firm's event log data.
C) It uploads the number of times that employees have logged into-or attempted to log into-questionable sites.
D) It automatically creates a firewall when questionable activity is detected.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
45
Which of the following is an outsourcing alternative?

A) PCI-DSS
B) FISMA
C) MSSP
D) ISO 27000
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
46
In the classic risk analysis calculation, once you know how much damage an incident may cause from a single breach, the next issue is how frequently breaches will occur. This is normally done on a(n) ________ basis.

A) annualized
B) weekly
C) daily
D) bi-annual
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
47
In the classic risk analysis calculation, the countermeasure impact assesses the ________.

A) drawbacks of a countermeasure
B) benefits of a countermeasure
C) costs of a countermeasure
D) number of incidents of all possible countermeasures
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
48
The ________ of the classic risk analysis calculation is the value of the thing to be protected.

A) asset value
B) annualized loss expectancy
C) exposure factor
D) countermeasure impact
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
49
Discounted cash flow analysis is also called ________.

A) IRR
B) TCI
C) NPV
D) ROI
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
50
Which of the following is NOT a logical possible response to risk by a company?

A) Risk reduction
B) Risk acceptance
C) Risk transference
D) Risk analysis
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
51
Installing firewalls in a company is an example of ________.

A) risk reduction
B) risk acceptance
C) risk transference
D) risk avoidance
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
52
The most common example of risk transference is ________.

A) insurance
B) no countermeasures
C) installing firewalls
D) IT security measures
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
53
Return on investment analysis requires the computation of either the net present value or the ________.

A) risk transference
B) risk avoidance
C) internal rate of return
D) total cost of incident
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
54
IT security planning always focuses on risk.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
55
The annualized loss expectancy of the classic risk analysis calculation is the yearly average loss expected from a compromise for the asset.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
56
Although IT security can reduce the risk of attacks for companies, security also has some negative side effects.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
57
The classic risk analysis calculation is difficult or impossible to use in actual practice.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
58
The worst problem with classic risk analysis is that it is rarely possible to estimate the annualized rate of occurrence for threats.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
59
ROI is typically quite easy to measure for security investments.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
60
A positive of classic risk analysis is that it imposes general discipline for thinking about risks and countermeasures.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
61
________ includes all of a firm's technical countermeasures and how they are organized into a complete system of protection.

A) Technical security architecture
B) Risk avoidance
C) Corporate security policy
D) Implementation guidance
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
62
Technologies that a company has implemented in the past but that now are somewhat ineffective are known as ________.

A) central security management consoles
B) legacy security technologies
C) technical security architecture
D) defense in depth
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
63
When an attacker has to break through multiple countermeasures to succeed, it's known as ________.

A) defense in depth
B) single point of vulnerability
C) weakest link
D) technical security architecture
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following defines the opposite of defense in depth?

A) Weakest link
B) Defense in depth
C) Single point of vulnerability
D) Technical security architecture
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
65
________ refers to the intention to minimize lost productivity and attempt to not slow innovation.

A) Minimizing security burdens
B) Defining the weakest link
C) A single point of vulnerability
D) Technical security architecture
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
66
________ is being able to manage security technologies from a single security management console or at least from a relatively few consoles.

A) Technical security architecture
B) A single point of vulnerability
C) Centralized security management
D) Defense in depth
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
67
It is preferable if a firm's security systems evolve naturally and organically without major coordination.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
68
If a legacy technology is a serious threat to security, it must be replaced.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
69
In defense in depth, there are multiple independent countermeasures placed in a series.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
70
All single points of failure can be eliminated.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
71
Firewalls are only for borders between external networks and internal networks and do not exist for solely an internal purpose.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
72
In interorganizational systems, two companies link some of their IT assets.
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
73
The goal of ________ is to emphasize a firm's commitment to strong security.

A) corporate security policies
B) centralized security management
C) technical security architecture
D) acceptable use policies
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
74
It is common for companies to require users to read and sign a(n) ________.

A) corporate security policy
B) personally identifiable information policy
C) e-mail policy
D) acceptable use policy
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
75
________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

A) Standards
B) Policies
C) Guidelines
D) Procedures
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
76
________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

A) Standards
B) Policies
C) Guidelines
D) Procedures
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
77
Of the following, ________ are the most detailed.

A) policies
B) standards
C) guidelines
D) procedures
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
78
In the ________, a specific, full act should require two or more people to complete.

A) implementation guidance
B) weakest link
C) segregation of duties
D) request/authorization control
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
79
________ describe the details of what is to be done but without specifically describing how to do something.

A) Baselines
B) Standards
C) Best practices
D) Procedures
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
80
________ can simply be described as a person's system of values.

A) Baselines
B) Ethics
C) Procedures
D) Best practices
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 105 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree