Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 2: Security Policies and Standards

Full screen (f)
exit full mode
Question
Policies are put in place to support the organization's mission, vision, and strategic planning.
Use Space or
up arrow
down arrow
to flip the card.
Question
The ____ is an executive-level document, usually drafted by or at least in cooperation with the organization's chief information officer.

A) EISP
B) ISSP
C) managerial guidance SysSP
D) technical specification SysSP
Question
The details of the allowable use of company-owned networks and the Internet would most likely be covered in the enterprise information security policy.
Question
The ____ is created by a systems administer to direct practices with many details.

A) EISP
B) ISSP
C) managerial guidance SysSP
D) technical specification SysSP
Question
The ____ plan typically focuses on restoring systems at the original site after disasters occur..

A) DR
B) IR
C) BC
D) BIA
Question
Practices, procedures, and guidelines effectively explain how to comply with ____.

A) standards
B) policies
C) vision
D) security blueprints
Question
A(n) ____ is detailed description of the activities that occur during an attack.

A) sphere of security
B) contingency plan
C) attack profile
D) business impact analysis
Question
Within the IETF, the Security Area Working Group acts as an advisory board for security topics that affect the various Internet-related protocols.
Question
RFC 2196: Site Security Handbook is produced by ____.

A) the ISO
B) NIST
C) the Security Area Working Group
D) the Federal Agency Security Practices
Question
____ are the specific instructions entered into a security system to regulate how it reacts to the data it receives.

A) Access control matrices
B) Capability rules
C) Configuration rules
D) Access control lists
Question
A security framework specifies the tasks for deploying security tools in the order in which they are to be accomplished.
Question
A security ____ is an outline of the overall information security strategy and a roadmap for planned changes to the organization's information security environment.

A) policy
B) blueprint
C) standard
D) framework
Question
The document ____ provides a systems developmental lifecycle approach to security assessment of information systems.

A) SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans
B) SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations
C) SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
D) SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
Question
The first phase in the development of the contingency planning process is the ____.

A) crisis plan
B) disaster recovery plan
C) incident response plan
D) business impact analysis
Question
The ____ of an organization is a written statement of its purpose.

A) mission
B) vision
C) strategy
D) policy
Question
The ____ illustrates the ways in which people access information.

A) sphere of use
B) sphere of protection
C) working control
D) benchmark
Question
A(n) ____ plan addresses the identification, classification, response, and recovery from an incident.

A) incident response
B) disaster recovery
C) attack profile
D) business impact analysis
Question
Attack profiles should include scenarios depicting a typical attack, with details on the method, the indicators, and the broad consequences of the attack.
Question
The document ____ makes recommendations for establishing firewall policies and for selecting, configuring, testing, deploying, and managing firewall solutions.

A) SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans
B) SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations
C) SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
D) SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
Question
Within a SETA program, ____ is only available to some of the organization's employees.

A) security-related trinkets
B) security education
C) security training
D) security awareness programs
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Published, scrutinized, and ratified by a group.
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Set of rules for the protection of an organization's information assets.
Question
Establishing a contact number of hot line is an aspect of ____ planning.

A) business continuity
B) incident response
C) attack
D) crisis management
Question
____________________ management differs dramatically from incident response, as it focuses first and foremost on the people involved.
Question
A(n) ____________________ is also known as a general security policy, an IT security policy, or an information security policy.
Question
A(n) ____ is an attack against an information asset that poses a clear threat to the confidentiality, integrity, or availability of information resources.

A) incident
B) disaster
C) crisis
D) recovery
Question
A(n) ____________________ is a set of specifications that identifies a piece of technology's authorized users and includes details on the rights and privileges those users have on that technology.
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Basis for the design, selection, and implementation of all security program elements, including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of the security program.
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Informal part of an organization's culture.
Question
____ planning prepares an organization to reestablish critical business operations during a disaster that affects operations at the primary site.

A) Business continuity
B) Incident response
C) Attack
D) Crisis management
Question
When disaster threatens the viability of the organization at the primary site, disaster recovery undergoes a transition into ____.

A) business continuity
B) incident response
C) attack planning
D) crisis management
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Investigation and assessment of the impact that various attacks can have on the organization.
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Ensures that critical business functions continue if a catastrophic incident or disaster occurs.
Question
The analysis and prioritization of the business functions within the organization's departments, sections, divisions, groups, or other units to determine which are most vital to continued operations is called ____.

A) an attack profile
B) business unit analysis
C) assessment of potential damage
D) business impact analysis
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.
Question
The identification of critical business functions and the resources needed to support them is the cornerstone of the ____________________ plan.
Question
A security ____________________ is an outline of the overall information security strategy and a roadmap for planned changes to the organization's information security environment.
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
The set of activities taken to plan for, detect, and correct the impact of an incident on information assets.
Question
An attack scenario end case is categorized ____.

A) as business-ending or salvageable
B) on a scale of 1-10
C) according to a grade of A-F.
D) either as disastrous or not disastrous
Question
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Created by management to guide the implementation and configuration of a specific technology so as to direct the way a technology is to be used to control the behavior of people in the organization.
Question
List the sections of the ISO/IEC 27002.
Question
Explain what might happen if managerial guidance SysSP documents have not been written or provided to technical staff.
Question
What topics might an ISSP cover?
Question
How does an EISP address an organization's need to comply with laws and regulations?
Question
Explain the difference between a policy and a standard.
Question
Describe the benefits of a security newsletter.
Question
Explain how access control lists might be implemented.
Question
What criteria must a policy meet to be considered effective and legally enforceable?
Question
What are spheres of security? Provide examples illustrating the different components.
Question
List and describe the four phases of incident response.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 2: Security Policies and Standards
1
Policies are put in place to support the organization's mission, vision, and strategic planning.
True
2
The ____ is an executive-level document, usually drafted by or at least in cooperation with the organization's chief information officer.

A) EISP
B) ISSP
C) managerial guidance SysSP
D) technical specification SysSP
A
3
The details of the allowable use of company-owned networks and the Internet would most likely be covered in the enterprise information security policy.
False
4
The ____ is created by a systems administer to direct practices with many details.

A) EISP
B) ISSP
C) managerial guidance SysSP
D) technical specification SysSP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
The ____ plan typically focuses on restoring systems at the original site after disasters occur..

A) DR
B) IR
C) BC
D) BIA
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Practices, procedures, and guidelines effectively explain how to comply with ____.

A) standards
B) policies
C) vision
D) security blueprints
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
A(n) ____ is detailed description of the activities that occur during an attack.

A) sphere of security
B) contingency plan
C) attack profile
D) business impact analysis
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Within the IETF, the Security Area Working Group acts as an advisory board for security topics that affect the various Internet-related protocols.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
RFC 2196: Site Security Handbook is produced by ____.

A) the ISO
B) NIST
C) the Security Area Working Group
D) the Federal Agency Security Practices
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
____ are the specific instructions entered into a security system to regulate how it reacts to the data it receives.

A) Access control matrices
B) Capability rules
C) Configuration rules
D) Access control lists
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
A security framework specifies the tasks for deploying security tools in the order in which they are to be accomplished.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
A security ____ is an outline of the overall information security strategy and a roadmap for planned changes to the organization's information security environment.

A) policy
B) blueprint
C) standard
D) framework
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
The document ____ provides a systems developmental lifecycle approach to security assessment of information systems.

A) SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans
B) SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations
C) SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
D) SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
The first phase in the development of the contingency planning process is the ____.

A) crisis plan
B) disaster recovery plan
C) incident response plan
D) business impact analysis
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
The ____ of an organization is a written statement of its purpose.

A) mission
B) vision
C) strategy
D) policy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
The ____ illustrates the ways in which people access information.

A) sphere of use
B) sphere of protection
C) working control
D) benchmark
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
A(n) ____ plan addresses the identification, classification, response, and recovery from an incident.

A) incident response
B) disaster recovery
C) attack profile
D) business impact analysis
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Attack profiles should include scenarios depicting a typical attack, with details on the method, the indicators, and the broad consequences of the attack.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
The document ____ makes recommendations for establishing firewall policies and for selecting, configuring, testing, deploying, and managing firewall solutions.

A) SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans
B) SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations
C) SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
D) SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Within a SETA program, ____ is only available to some of the organization's employees.

A) security-related trinkets
B) security education
C) security training
D) security awareness programs
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Published, scrutinized, and ratified by a group.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Set of rules for the protection of an organization's information assets.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Establishing a contact number of hot line is an aspect of ____ planning.

A) business continuity
B) incident response
C) attack
D) crisis management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
____________________ management differs dramatically from incident response, as it focuses first and foremost on the people involved.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
A(n) ____________________ is also known as a general security policy, an IT security policy, or an information security policy.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
A(n) ____ is an attack against an information asset that poses a clear threat to the confidentiality, integrity, or availability of information resources.

A) incident
B) disaster
C) crisis
D) recovery
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
A(n) ____________________ is a set of specifications that identifies a piece of technology's authorized users and includes details on the rights and privileges those users have on that technology.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Basis for the design, selection, and implementation of all security program elements, including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of the security program.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Informal part of an organization's culture.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
____ planning prepares an organization to reestablish critical business operations during a disaster that affects operations at the primary site.

A) Business continuity
B) Incident response
C) Attack
D) Crisis management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
When disaster threatens the viability of the organization at the primary site, disaster recovery undergoes a transition into ____.

A) business continuity
B) incident response
C) attack planning
D) crisis management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Investigation and assessment of the impact that various attacks can have on the organization.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Ensures that critical business functions continue if a catastrophic incident or disaster occurs.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
The analysis and prioritization of the business functions within the organization's departments, sections, divisions, groups, or other units to determine which are most vital to continued operations is called ____.

A) an attack profile
B) business unit analysis
C) assessment of potential damage
D) business impact analysis
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
The identification of critical business functions and the resources needed to support them is the cornerstone of the ____________________ plan.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
A security ____________________ is an outline of the overall information security strategy and a roadmap for planned changes to the organization's information security environment.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
The set of activities taken to plan for, detect, and correct the impact of an incident on information assets.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
An attack scenario end case is categorized ____.

A) as business-ending or salvageable
B) on a scale of 1-10
C) according to a grade of A-F.
D) either as disastrous or not disastrous
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Match each item with a statement below.
a.managerial guidance SysSP document
b.security training
c.incident response
d.business continuity plan
e.information security policy
f.de jure
g.de facto
h.security blueprint
i.business impact analysis
Created by management to guide the implementation and configuration of a specific technology so as to direct the way a technology is to be used to control the behavior of people in the organization.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
List the sections of the ISO/IEC 27002.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Explain what might happen if managerial guidance SysSP documents have not been written or provided to technical staff.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
What topics might an ISSP cover?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
How does an EISP address an organization's need to comply with laws and regulations?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Explain the difference between a policy and a standard.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Describe the benefits of a security newsletter.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Explain how access control lists might be implemented.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What criteria must a policy meet to be considered effective and legally enforceable?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What are spheres of security? Provide examples illustrating the different components.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
List and describe the four phases of incident response.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree