96%(53)51 out of 53 people found this document helpful
This preview shows page 6 - 9 out of 24 pages.
Question 21 A baseline is a point of departure that guarantees that systems comply with security requirements when they are enacted. However, it is not an uncommon occurrence that systems are changed in a way that means they are no longer in compliance. Thus, it is necessary to use an accepted method to ensure that settings have not been changed. Whichof the following is notone of these methods? automated systems departmental compliance and random audits broad organizational report cards to ensure policy compliance patch management Question 22 A security _____________identifies a group of fundamental configurations designed to accomplish particular security objectives.
Question 23 The lab demonstrated how to assess and audit an IT security policy framework definition by performing a(n) __________ with remediation.Question 24 It is necessary to retain information for two significant reasons: legal obligation and businessneeds. Data that occupies the class of ________________ is comprised of records that are required to support operations; the data included might be customer and vendor records. Question 25 In order to form an IRT, an organization is required to create a charter; this document identifies the authority, mission, and goals of a committee or team, and there are a number of different types of IRT models for doing this. Which of the following models permits an IRT to have the complete authority to ensure a breach is contained? IRT that provides off-sight response IRT that acts in a support role IRT that provides on-site response IRT that acts in a coordination role Question 26 In addition to compiling the list of user access requirements, applications, and systems, the BIA also includes processes that are ____________. These processes safeguard against any risks that might occur due to key staff being unavailable or distracted.
Question 27 One of the different manual controls necessary for managing risk is ________________, which is a type of formal management verification. In the process, management confirms that a condition is present and that security controls and policies are in place.