Question 1 2 out of 2 points One of the processes designed to eradicate maximum possible security risks is to ________________, which limits access credentials to the minimum required to conduct any activity and ensures that access is authenticated to particular individuals. Selected Answer: hard en Correct Answer: hard en Question 2 0 out of 2 points One of seven domains of a typical IT infrastructure is the user domain. Within that domain is a range of user types, and each type has specific and distinct access needs. Which of the following types of users has the responsibility of creating and putting into place a security program within an organization? Selected Answer: systems administrators Correct Answer: security personnel Question 3 2 out of 2 points Which of the following user types is responsible for audit coordination and response, physical security and building operations, and disaster recovery and contingency planning? Selected Answer: security personnel Correct Answer: security personnel Question 4 0 out of 2 points Imagine a scenario in which an employee regularly shirks the organization’s established security policies in favor of convenience. What does this employee’s continued violation suggest about the culture of risk management in the organization?
Selected Answer: that the employee requires further training to gain a deeper knowledge of the policies Correct Answer: that the organization lacks a good risk culture wherein employees have “buy in” Question 5 0 out of 2 points Which of the following user groups has both the business needs of being able to access the systems, network, and application to complete contracted services, and access capability that is limited to particular sections of the systems, network, and application? Selected Answer: guests and general public Correct Answer: vendors Question 6 2 out of 2 points Security policies that clarify and explain how rights are assigned and approved among employees can ensure that people have only the access needed for their jobs. Which of the following is not accomplished when prior access is removed? Selected Answer: minimizes future instances of human error Correct Answer: minimizes future instances of human error Question 7 0 out of 2 points Aside from human user types, there are two other non-human user groups. Known as account types, ________________ are accounts implemented by the system for the purpose of supporting automated service, and ___________________ are accounts that remain non-human until individuals are assigned access and can use them to recover a system following a major outage. Selected Answer: control partners, system accounts Correct
Answer: system accounts, contingent IDs Question 8 2 out of 2 points Which of the following is the most important reason why data needs to be both retrievable and properly stored?
You've reached the end of your free preview.
Want to read all 15 pages?
- Fall '09
- security policy