Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 2: Planning and Policy

Full screen (f)
exit full mode
Question
The key to security being an enabler is ________.

A) getting it involved early within the project
B) having strong corporate policies
C) extensive training
D) adequate spending on security
Use Space or
up arrow
down arrow
to flip the card.
Question
The stage of the plan-protect response cycle that consumes the most time is ________.

A) planning
B) protection
C) response
D) each of the above consumes about the same amount of time
Question
Many compliance regimes require firms to adopt specific formal governance framework to drive security planning and operational management.
Question
Strong security can be an enabler, allowing a company to do things it could not do otherwise.
Question
What is missing from the definition of response as "recovery?"

A) The phrase "according to plan" must be added to "recovery."
B) The definition must refer to specific resources.
C) The phrase "Reasonable degree of" must begin the definition.
D) The phrase "and prosecution" must be added after "recovery."
Question
Which of the following is a formal process?

A) Annual corporate planning
B) Planning and developing individual countermeasures
C) Both A and B
D) Neither A nor B
Question
A ________ occur(s) when a single security element failure defeats the overall security of a system.

A) spot failure
B) weakest link failure
C) defense in depth departure
D) critical failure
Question
After performing a preliminary security assessment, a company should develop a remediation plan for EVERY security gap identified.
Question
This book focuses on ________.

A) offense
B) defense
C) offense and defense about equally
D) None of the above
Question
Once a company's resources are enumerated, the next step is to ________.

A) create a protection plan for each
B) assess the degree to which each is already protected
C) enumerate threats to each
D) classify them according to sensitivity
Question
A planned series of actions in a corporation is a(n) ________.

A) strategy
B) sequence
C) process
D) anomaly
Question
It is a good idea to view the security function as a police force or military organization.
Question
The growing number of compliance laws and regulations is driving firms to use formal governance frameworks to guide their security processes.
Question
A company should consider list of possible remediation plans as an investment portfolio.
Question
The factors that require a firm to change its security planning, protection, and response are called driving forces.
Question
Closing all routes of attack into an organization's system(s) is called ________.

A) defense in depth
B) comprehensive security
C) total security
D) access control
Question
Planning, protection, and response follow a fairly strict sequence from one stage to another.
Question
The first step in developing an IT security plan is to ________.

A) determine needs
B) assess the current state of the company's security
C) create comprehensive security
D) prioritize security projects
Question
IT security people should maintain a negative view of users.
Question
________ is the plan-based creation and operation of countermeasures.

A) Planning
B) Protection
C) Response
D) All of the above
Question
The manager of the security department often is called ________.

A) the chief security officer (CSO)
B) the chief information security officer (CISO)
C) Either A and B
D) Neither A nor B
Question
Compliance laws and regulations ________.

A) create requirements to which security must respond
B) can be expensive for IT security
C) Both A and B
D) Neither A nor B
Question
________ examines organizational units for efficiency, effectiveness, and adequate controls.

A) Internal auditing
B) Financial auditing
C) IT auditing
D) None of the above
Question
Independence is best provided for IT security by placing it within the IT department.
Question
When companies studied where they stored private information, they found that much of this information was stored inside spreadsheets and word processing documents.
Question
The FTC can act against companies that fail to take reasonable precautions to protect privacy information.
Question
________ examines financial processes for efficiency, effectiveness, and adequate controls.

A) Internal auditing
B) Financial auditing
C) IT auditing
D) None of the above
Question
Placing security within IT ________.

A) creates independence
B) is likely to give security stronger backing from the IT department
C) Both A and B
D) Neither A nor B
Question
________ specifically addresses data protection requirements at financial institutions.

A) GLBA
B) HIPAA
C) The Revised SEC Act
D) Sarbanes-Oxley
Question
The FTC can ________.

A) impose fines
B) require annual audits by external auditing firms for many years
C) Both A and B
D) Neither A nor B
Question
Which companies do PCI-DSS affect?

A) E-commerce firms
B) Medical firms
C) Government organizations
D) Companies that accept credit card payments
Question
In order to demonstrate support for security, top management must ________.

A) ensure that security has an adequate budget
B) support security when there are conflicts between the needs of security and the needs of other business functions
C) follow security procedures themselves
D) All of the above
Question
________ examines IT processes for efficiency, effectiveness, and adequate controls.

A) Internal auditing
B) Financial auditing
C) IT auditing
D) None of the above
Question
A ________ is a material deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement in the annual or interim financial statements will not be prevented or detected.

A) material control failure
B) material control deficiency
C) critical control deficiency
D) critical control failure
Question
Most IT security analysts recommend placing IT security functions within the IT department.
Question
Data breach notification laws typically ________.

A) require companies to notify affected people if sensitive personally identifiable information is stolen or even lost
B) have caused companies to think more about security
C) Both A and B
D) Neither A nor B
Question
What type of organization is subject to FISMA?

A) E-commerce firms
B) Medical firms
C) Government organizations
D) Companies that accept credit card payments
Question
In FISMA, ________ is done internally by the organization.

A) certification
B) accreditation
C) Both A and B
D) Neither A nor B
Question
________ specifically addresses data protection requirements at health care institutions.

A) GLBA
B) HIPAA
C) Sarbanes-Oxley
D) The SEC Act
Question
Placing IT auditing in an existing auditing department would give independence from IT security.
Question
In benefits, costs and benefits are expressed on a per-year basis.
Question
Which of the following is a way of responding to risk with active countermeasures?

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) All of the above
Question
To outsource some security functions, a firm can use an MISP.
Question
What security functions typically are outsourced?

A) Policy
B) Vulnerability testing
C) Both A and B
D) Neither A nor B
Question
SLE times APO gives the ________.

A) expected per-event loss
B) expected annual loss
C) expected life cycle loss
D) expected per-event benefit
Question
The goal of IT security is risk elimination.
Question
________ means responding to risk by taking out insurance.

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) Risk transference
Question
Which of the following gives the best estimate of the complete cost of a compromise?

A) ALE
B) ARO
C) TCI
D) Life cycle cost
Question
The book recommends hard-headed thinking about security ROI analysis.
Question
What security function(s) usually is(are) not outsourced?

A) Planning
B) Intrusion detection
C) Vulnerability testing
D) All of the above
Question
________ entails investigating the IT security of external companies and the implications of close IT partnerships before implementing interconnectivity.

A) Auditing
B) Due diligence
C) Peer-to-peer security
D) Vulnerability testing
Question
________ means implementing no countermeasures and absorbing any damages that occur.

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) None of the above
Question
What security functions typically are outsourced?

A) Intrusion detection
B) Vulnerability testing
C) Both A and B
D) Neither A nor B
Question
The goal of IT security is reasonable risk reduction.
Question
Vulnerability testing typically is not outsourced.
Question
The worst problem with classic risk analysis is that ________.

A) protections often protect multiple resources
B) resources often are protected by multiple resources
C) we cannot estimate the annualized rate of occurrence
D) costs and benefits are not the same each year
Question
When risk analysis deals with costs and benefits that vary by year, the computations should use ________.

A) NPV
B) IRR
C) Either A or B
D) Neither A nor B
Question
According to the author, information assurance is a good name for IT security.
Question
Security tends to impede functionality.
Question
A benefit of using MSSPs is that they provide ________.

A) cost savings
B) independence
C) Both A and B
D) Neither A nor B
Question
Security professionals should minimize burdens on functional departments.
Question
Policies should specify implementation in detail.
Question
Using both a firewall and host hardening to protect a host is ________.

A) defense in depth
B) risk acceptance
C) an anti-weakest link strategy
D) adding berms
Question
Companies should replace their legacy security technologies immediately.
Question
________ means responding to risk by not taking a risky action.

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) Risk transference
Question
Having realistic goals for reducing vulnerabilities ________.

A) is giving in to the problem
B) helps to focus on the most critical threats
C) is a cost-saving method
D) is risk avoidance
Question
When you wish to create a specific firewall, you should create a security policy for that firewall specifically.
Question
Policies should be written by ________.

A) IT security
B) corporate teams involving people from multiple departments
C) a senior executive
D) an outside consultant, to maintain independence
Question
Central security consoles ________.

A) are dangerous
B) allow policies to be applied consistently
C) Both A and B
D) Neither A nor B
Question
Policies should specify the details of how protections are to be applied.
Question
________ are discretionary.

A) Standards
B) Guidelines
C) Both A and B
D) Neither A nor B
Question
A technical security architecture should be created ________.

A) annually
B) before a firm creates individual countermeasures
C) before a firm creates a specific countermeasure
D) after each major compromise
Question
Responding to risk through risk avoidance is likely to be acceptable to other units of the firm.
Question
________ are mandatory.

A) Standards
B) Guidelines
C) Both A and B
D) Neither A nor B
Question
________ is a single countermeasure composed of multiple interdependent components in series that require all components to succeed if the countermeasure is to succeed.

A) Defense in depth
B) Weakest link
C) Both A and B
D) Neither A nor B
Question
A technical security architecture includes ________.

A) all of a firm's countermeasures
B) how countermeasures are organized
C) Both A and B
D) Neither A nor B
Question
Border management ________.

A) is no longer important because there are so many ways to bypass borders
B) is close to a complete solution to access control
C) Both A and B
D) Neither A nor B
Question
________ requires multiple countermeasures to be defeated for an attack to succeed.

A) Defense in depth
B) Weakest link analysis
C) Both A and B
D) Neither A nor B
Question
It is mandatory for decision makers to consider guidelines.
Question
A(n) ________ is a statement of what should be done under specific circumstances.

A) implementation control
B) policy
C) policy guidance document
D) procedure
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/124
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 2: Planning and Policy
1
The key to security being an enabler is ________.

A) getting it involved early within the project
B) having strong corporate policies
C) extensive training
D) adequate spending on security
A
2
The stage of the plan-protect response cycle that consumes the most time is ________.

A) planning
B) protection
C) response
D) each of the above consumes about the same amount of time
B
3
Many compliance regimes require firms to adopt specific formal governance framework to drive security planning and operational management.
True
4
Strong security can be an enabler, allowing a company to do things it could not do otherwise.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
5
What is missing from the definition of response as "recovery?"

A) The phrase "according to plan" must be added to "recovery."
B) The definition must refer to specific resources.
C) The phrase "Reasonable degree of" must begin the definition.
D) The phrase "and prosecution" must be added after "recovery."
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following is a formal process?

A) Annual corporate planning
B) Planning and developing individual countermeasures
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
7
A ________ occur(s) when a single security element failure defeats the overall security of a system.

A) spot failure
B) weakest link failure
C) defense in depth departure
D) critical failure
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
8
After performing a preliminary security assessment, a company should develop a remediation plan for EVERY security gap identified.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
9
This book focuses on ________.

A) offense
B) defense
C) offense and defense about equally
D) None of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
10
Once a company's resources are enumerated, the next step is to ________.

A) create a protection plan for each
B) assess the degree to which each is already protected
C) enumerate threats to each
D) classify them according to sensitivity
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
11
A planned series of actions in a corporation is a(n) ________.

A) strategy
B) sequence
C) process
D) anomaly
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
12
It is a good idea to view the security function as a police force or military organization.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
13
The growing number of compliance laws and regulations is driving firms to use formal governance frameworks to guide their security processes.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
14
A company should consider list of possible remediation plans as an investment portfolio.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
15
The factors that require a firm to change its security planning, protection, and response are called driving forces.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
16
Closing all routes of attack into an organization's system(s) is called ________.

A) defense in depth
B) comprehensive security
C) total security
D) access control
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
17
Planning, protection, and response follow a fairly strict sequence from one stage to another.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
18
The first step in developing an IT security plan is to ________.

A) determine needs
B) assess the current state of the company's security
C) create comprehensive security
D) prioritize security projects
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
19
IT security people should maintain a negative view of users.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
20
________ is the plan-based creation and operation of countermeasures.

A) Planning
B) Protection
C) Response
D) All of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
21
The manager of the security department often is called ________.

A) the chief security officer (CSO)
B) the chief information security officer (CISO)
C) Either A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
22
Compliance laws and regulations ________.

A) create requirements to which security must respond
B) can be expensive for IT security
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
23
________ examines organizational units for efficiency, effectiveness, and adequate controls.

A) Internal auditing
B) Financial auditing
C) IT auditing
D) None of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
24
Independence is best provided for IT security by placing it within the IT department.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
25
When companies studied where they stored private information, they found that much of this information was stored inside spreadsheets and word processing documents.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
26
The FTC can act against companies that fail to take reasonable precautions to protect privacy information.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
27
________ examines financial processes for efficiency, effectiveness, and adequate controls.

A) Internal auditing
B) Financial auditing
C) IT auditing
D) None of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
28
Placing security within IT ________.

A) creates independence
B) is likely to give security stronger backing from the IT department
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
29
________ specifically addresses data protection requirements at financial institutions.

A) GLBA
B) HIPAA
C) The Revised SEC Act
D) Sarbanes-Oxley
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
30
The FTC can ________.

A) impose fines
B) require annual audits by external auditing firms for many years
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
31
Which companies do PCI-DSS affect?

A) E-commerce firms
B) Medical firms
C) Government organizations
D) Companies that accept credit card payments
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
32
In order to demonstrate support for security, top management must ________.

A) ensure that security has an adequate budget
B) support security when there are conflicts between the needs of security and the needs of other business functions
C) follow security procedures themselves
D) All of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
33
________ examines IT processes for efficiency, effectiveness, and adequate controls.

A) Internal auditing
B) Financial auditing
C) IT auditing
D) None of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
34
A ________ is a material deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement in the annual or interim financial statements will not be prevented or detected.

A) material control failure
B) material control deficiency
C) critical control deficiency
D) critical control failure
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
35
Most IT security analysts recommend placing IT security functions within the IT department.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
36
Data breach notification laws typically ________.

A) require companies to notify affected people if sensitive personally identifiable information is stolen or even lost
B) have caused companies to think more about security
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
37
What type of organization is subject to FISMA?

A) E-commerce firms
B) Medical firms
C) Government organizations
D) Companies that accept credit card payments
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
38
In FISMA, ________ is done internally by the organization.

A) certification
B) accreditation
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
39
________ specifically addresses data protection requirements at health care institutions.

A) GLBA
B) HIPAA
C) Sarbanes-Oxley
D) The SEC Act
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
40
Placing IT auditing in an existing auditing department would give independence from IT security.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
41
In benefits, costs and benefits are expressed on a per-year basis.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
42
Which of the following is a way of responding to risk with active countermeasures?

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) All of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
43
To outsource some security functions, a firm can use an MISP.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
44
What security functions typically are outsourced?

A) Policy
B) Vulnerability testing
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
45
SLE times APO gives the ________.

A) expected per-event loss
B) expected annual loss
C) expected life cycle loss
D) expected per-event benefit
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
46
The goal of IT security is risk elimination.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
47
________ means responding to risk by taking out insurance.

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) Risk transference
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
48
Which of the following gives the best estimate of the complete cost of a compromise?

A) ALE
B) ARO
C) TCI
D) Life cycle cost
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
49
The book recommends hard-headed thinking about security ROI analysis.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
50
What security function(s) usually is(are) not outsourced?

A) Planning
B) Intrusion detection
C) Vulnerability testing
D) All of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
51
________ entails investigating the IT security of external companies and the implications of close IT partnerships before implementing interconnectivity.

A) Auditing
B) Due diligence
C) Peer-to-peer security
D) Vulnerability testing
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
52
________ means implementing no countermeasures and absorbing any damages that occur.

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) None of the above
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
53
What security functions typically are outsourced?

A) Intrusion detection
B) Vulnerability testing
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
54
The goal of IT security is reasonable risk reduction.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
55
Vulnerability testing typically is not outsourced.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
56
The worst problem with classic risk analysis is that ________.

A) protections often protect multiple resources
B) resources often are protected by multiple resources
C) we cannot estimate the annualized rate of occurrence
D) costs and benefits are not the same each year
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
57
When risk analysis deals with costs and benefits that vary by year, the computations should use ________.

A) NPV
B) IRR
C) Either A or B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
58
According to the author, information assurance is a good name for IT security.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
59
Security tends to impede functionality.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
60
A benefit of using MSSPs is that they provide ________.

A) cost savings
B) independence
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
61
Security professionals should minimize burdens on functional departments.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
62
Policies should specify implementation in detail.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
63
Using both a firewall and host hardening to protect a host is ________.

A) defense in depth
B) risk acceptance
C) an anti-weakest link strategy
D) adding berms
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
64
Companies should replace their legacy security technologies immediately.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
65
________ means responding to risk by not taking a risky action.

A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) Risk transference
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
66
Having realistic goals for reducing vulnerabilities ________.

A) is giving in to the problem
B) helps to focus on the most critical threats
C) is a cost-saving method
D) is risk avoidance
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
67
When you wish to create a specific firewall, you should create a security policy for that firewall specifically.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
68
Policies should be written by ________.

A) IT security
B) corporate teams involving people from multiple departments
C) a senior executive
D) an outside consultant, to maintain independence
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
69
Central security consoles ________.

A) are dangerous
B) allow policies to be applied consistently
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
70
Policies should specify the details of how protections are to be applied.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
71
________ are discretionary.

A) Standards
B) Guidelines
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
72
A technical security architecture should be created ________.

A) annually
B) before a firm creates individual countermeasures
C) before a firm creates a specific countermeasure
D) after each major compromise
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
73
Responding to risk through risk avoidance is likely to be acceptable to other units of the firm.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
74
________ are mandatory.

A) Standards
B) Guidelines
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
75
________ is a single countermeasure composed of multiple interdependent components in series that require all components to succeed if the countermeasure is to succeed.

A) Defense in depth
B) Weakest link
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
76
A technical security architecture includes ________.

A) all of a firm's countermeasures
B) how countermeasures are organized
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
77
Border management ________.

A) is no longer important because there are so many ways to bypass borders
B) is close to a complete solution to access control
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
78
________ requires multiple countermeasures to be defeated for an attack to succeed.

A) Defense in depth
B) Weakest link analysis
C) Both A and B
D) Neither A nor B
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
79
It is mandatory for decision makers to consider guidelines.
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
80
A(n) ________ is a statement of what should be done under specific circumstances.

A) implementation control
B) policy
C) policy guidance document
D) procedure
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 124 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree