Standards may be published, scrutinized, and ratified by a group, as in formal or _____ standards.

CH 4

1. Strategic planning is the process of moving the organization towards its ____.
a. standard c. mission
b. policy d. vision

2. Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.
a. de formale c. de jure
b. de public d. de facto

3. The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.
a. ISP c. GSP
b. EISP d. ISSP

4. ____ often function as standards or procedures to be used when configuring or maintaining systems.
a. ESSPs c. ISSPs
b. EISPs d. SysSPs

5. A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
a. plan c. mission
b. framework d. blanket

6. The stated purpose of ____ is to "give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization."
a. NIST SP800-18 c. ISO/IEC 27002
b. RFC 2196

7. What country adopted ISO/IEC 17799?
a. United States c. Japan
b. Germany d. None of the above

8. SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____.
a. plan c. policy
b. standard d

9. Effective management includes planning and ____.
a. organizing c. controlling
b. leading d. All of the above

10. The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____.
a. IETF c. ISOC
b. ISO/IEC d. IRTF

11. The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
a. defense c. security
b. assessment d. information

12. ____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
a. Managerial c. Operational
b. Technical d. Informational

13. Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.
a. firewalls c. access controls
b. proxy servers d. All of the above

14. ____ controls address personnel security, physical security, and the protection of production inputs and outputs.
a. Informational c. Technical
b. Operational d. Managerial

15. Security ____ are the areas of trust within which users can freely communicate.
a. perimeters c. rectangles
b. domains d. layers

16. A buffer against outside attacks is frequently referred to as a(n) ____.
a. proxy server c. DMZ
b. no-man's land d. firewall

17. ____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.
a. Firewall c. Network
b. Host d. Domain

18. The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.
a. CIO c. CISO
b. CISCO d. end users

19. A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.
a. CM c. DR
b. BC d. IR

20. The first phase in the development of the contingency planning process is the ____.
a. BIA c. DP9
b. BRP d. IRP

21. An alert ____ is a document containing contact information for the people to be notified in the event of an incident.
a. message c. plan
b. roster d. list

22. Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
a. assessment c. recovery
b. evaluation d. plan

23. RAID ____ drives can be hot swapped.
a. 2 c. 4
b. 3 d. 5

24. A ____ site provides only rudimentary services and facilities.
a. cool c. hot
b. warm d. cold

25. The transfer of large batches of data to an off-site facility is called ____.
a. security perimeter c. electronic vaulting
b. remote journaling d. database shadowing

1. Strategic planning is the process of moving the organization towards its ____.
a. standard c. mission
b. policy d. vision

2. Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.
a. de formale c. de jure
b. de public d. de facto

3. The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.
a. ISP c. GSP
b. EISP d. ISSP

4. ____ often function as standards or procedures to be used when configuring or maintaining systems.
a. ESSPs c. ISSPs
b. EISPs d. SysSPs

5. A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
a. plan c. mission
b. framework d. blanket

6. The stated purpose of ____ is to "give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization."
a. NIST SP800-18 c. ISO/IEC 27002
b. RFC 2196

7. What country adopted ISO/IEC 17799?
a. United States c. Japan
b. Germany d. None of the above

8. SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____.
a. plan c. policy
b. standard d

9. Effective management includes planning and ____.
a. organizing c. controlling
b. leading d. All of the above

10. The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____.
a. IETF c. ISOC
b. ISO/IEC d. IRTF

11. The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
a. defense c. security
b. assessment d. information

12. ____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
a. Managerial c. Operational
b. Technical d. Informational

13. Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.
a. firewalls c. access controls
b. proxy servers d. All of the above

14. ____ controls address personnel security, physical security, and the protection of production inputs and outputs.
a. Informational c. Technical
b. Operational d. Managerial

15. Security ____ are the areas of trust within which users can freely communicate.
a. perimeters c. rectangles
b. domains d. layers

16. A buffer against outside attacks is frequently referred to as a(n) ____.
a. proxy server c. DMZ
b. no-man's land d. firewall

17. ____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.
a. Firewall c. Network
b. Host d. Domain

18. The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.
a. CIO c. CISO
b. CISCO d. end users

19. A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.
a. CM c. DR
b. BC d. IR

20. The first phase in the development of the contingency planning process is the ____.
a. BIA c. DP9
b. BRP d. IRP

21. An alert ____ is a document containing contact information for the people to be notified in the event of an incident.
a. message c. plan
b. roster d. list

22. Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
a. assessment c. recovery
b. evaluation d. plan

23. RAID ____ drives can be hot swapped.
a. 2 c. 4
b. 3 d. 5

24. A ____ site provides only rudimentary services and facilities.
a. cool c. hot
b. warm d. cold

25. The transfer of large batches of data to an off-site facility is called ____.
a. security perimeter c. electronic vaulting
b. remote journaling d. database shadowing

Which type of planning is used for the identification Classification response and recovery from an incident?

Which of the following sets the direction and scope of the security process and provide detailed instruction for its conduct group answer choices?

Is a network project that preceded the Internet?