Question 1 Many organizations have a(n) __________, whi ch is...

Question 1

1. Many organizations have a(n) __________, which is composed of end user devices (including tablets, laptops, and smartphones) on a shared network and that use distributed system software

central server

distributed infrastructure

agentless central management tool

control environment

Question 2

1. A(n) __________ is a general term used in technology to describe a future state in which

specific goals and objectives have been achieved.

threat vector

agent

target state

communications plan

Question 3

1. A(n) __________ is a device that has the ability and permission to reach out and connect to distributed devices to push changes to the devices.

malware tool

asset management tool

agentless central management tool

change management tool

Question 4

1. Which of the following scenarios illustrates an ideal time to implement security policies to gain the maximum level of organizational commitment?

The policies should be implemented following a new product launch.

The policies should be implemented at the same time new customer service policies are introduced.

The policies should be implemented to coincide with audit findings in order to minimize security risks.

The policies should be implemented at the same time of a new product launch.

Question 5

1. Which of the following is not one of the consequences of an unmotivated employee?

Is prone to bad decision-making

Is a target for social engineering pretexts

Fails to report a control weakness

Lacks self-interest

Question 6

1. A policy is a means of implementing a control, such as a way to prevent or detect a specific type of security breach

True

False

Question 7

1. Organizations should build a governance policy committee to monitor policy adoption and effectiveness.

True

False

Question 8

1. __________ are more likely to monitor security policy activity after the fact and in the aggregate to assess whether goals are being achieved, whereas __________ are likely to monitor activities before, during, and after as part of running the operations.

Governance committees, management committees

Management committees, government committees

Governance committees, project committees

Project committees, management committees

Question 9

1. Which of the following is instituted by executive management, is responsible for enforcing policies by reviewing technology activity, and greenlights new projects and activities? This committee is the basis of the other committees.

Project committee

Vendor governance committee

Gateway committee

Operational risk committee

Question 10

1. One of the many roles of the security compliance committee is to focus on controls that are widely used across a significant population of applications, systems, and operations. These types of controls are known as __________ controls.

governance

pervasive

operations

automated

Question 11

1. What is the main difference between a law and a regulation?

Security policies try to comply with regulatory requirements.

Regulation requirements build procedures for determining legal thresholds.

Regulations have authority that derives from the original law.

Laws institute legal thresholds.

Question 12

1. Which of the following is a network security device that acts as a decoy for hackers?

Honeypot

Demilitarized zone (DMZ)

Threat vector

Automation device

Question 13

1. Whereas a governance committee deals with the details for maintaining daily business operations, a management committee establishes strategic direction

True

False

Question 14

1. Gateway committees are named as such because they are the gateways for

new technology projects entering an organization.

True

False

Question 15

1. Companies seek to monitor employee email usage to safeguard against malware, viruses, sensitive information, and data leakage protection (DLP).

True

False

Question 16

1. The __________ window is the gap between when a new vulnerability is discovered and when software developers write a patch

 threat

risk

vulnerability

impact

Question 17

1. Microsoft offers automated tools that can be used to verify compliance. Once such tool is __________, which queries systems for vulnerabilities, deploys updates, and deploys operating system images to clients.

System Center Configuration Manager (SCCM)

Systems Management Server (SMS)

Nmap

Nessus

Question 18

1. A security baseline is deployed in your organization. You discover that one system is regularly being reconfigured. The security tool fixes it, and then the next scan shows it has changed again. You want to know who or what is making this change. Which is the best first step to resolve the issue?

Redeploy the original security baseline.

Enable auditing and then view the audit trail.

Reinstall the system.

Perform a random audit for compliance.

Question 19

1. There are several different best practices for IT security policy monitoring. One such practice is to build a baseline based on a security policy, which entails:

using a security policy document as a road map.

using images whenever possible to deploy new operating systems.

routinely tracking rule and regulatory changes.

regularly auditing systems after the baseline has been deployed.

Question 20

1. A configuration management database (CMDB) holds the configuration information for systems throughout a system's life cycle.

True

False