QUESTION 44Although there are security tasks that can achieved with specific tools, any tasks concerning IT security policy compliance need to address one basic concern: change and configuration management. This management is important because changes made to the system and enhancing configurations each affect the life cycle of a system.
TrueFalse
3 points
QUESTION 45How security data is classified demonstrates the information in terms of criticality and sensitivity. Sensitivity denotes how vital the information is to accomplishing an organization’s mission. Criticality denotes the impact affiliated with unauthorized disclosure of information.
3 points
QUESTION 46

The information security organization performs a significant role in the implementation of solutions that mitigate risk and control solutions. Because the security organization institutes the procedures and policies to be executed, they occupy role of ________.
3 points
QUESTION 47When any tool makes any changes on a network, it is necessary that these changes are captured in a change management record for the purpose of creating an audit trail. Then, the tool making the change can capture any changes it makes on any systems. Audit trails are valuable tools for determining the existence of unauthorized changes.
3 points
QUESTION 48Companies seek to monitor employee e-mail usage to safeguard against malware, viruses, sensitive information, and data leakage protection (DLP). Additionally, e-mail use might be scanned for threatening language and obscenities.
True

False
3 points
QUESTION 49The Security Content Automation Protocol (SCAP) was developed under the Federal Information SecurityManagement ACT (FISMA) to institute minimum requirements, standards, and guidelines, and for tools used to scan systems. SCAP identifies two specifications for implementation: Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Score Systems (CVSS).
3 points
QUESTION 50The National Security Information document EO 12356 explains the U.S. military classification scheme of top secret, secret data, confidential, sensitive but unclassified, and unclassified. Which of the following data can be reasonably expected to create serious damage to national security in the event that it was subject to unauthorized disclosure?

3 points

