CYBER SECURITY FUNDAMENTALS EXAM 2
QUESTIONS AND ANSWERS REVIEWED AND
STUDY GUIDE
Some policies may need a(n) ____________________ indicating their expiration date.
sunset clause
In recent years, NIST has shifted its approach from implementing security controls using
a certification and accreditation (C&A) model to one more aligned with industry
practices, titled the Risk Management Framework. _________________________
True
A(n) sequential roster is activated as the first person calls a few people on the roster,
who in turn call a few other people. _________________________
False (Hierarchical)
A(n) ____________________ is a scripted description of an incident, usually just
enough information so that each individual knows what portion of the IRP to implement,
and not enough to slow down the notification process.
alert message
Each policy should contain procedures and a timetable for periodic review.
,True
The ________is based on and directly supports the mission, vision, and direction of the
organization and sets the strategic direction, scope, and tone for all security efforts.
EISP
A(n) ____________________ site is a fully configured computer facility, with all
services, communications links, and physical plant operations including heating and air
conditioning.
hot
A(n) ____________________ is a plan or course of action that conveys instructions
from an organization's senior management to those who make decisions, take actions,
and perform other duties.
Policy
____________________ controls are information security safeguards that focus on the
application of modern technologies, systems, and processes to protect information
assets..
technical
The transfer of large batches of data to an off-site facility, usually through leased lines or
services, is called ____.
electronic vaulting
, __________ is a strategy for the protection of information assets that uses multiple
layers and different types of controls (managerial, operational, and technical) to provide
optimal protection.
Defense in depth
Incident _________ is the rapid determination of the scope of the breach of the
confidentiality, integrity, and availability of information and information assets during or
just following an incident.
damage assessment
ACLs are more specific to the operation of a system than rule-based policies and they
may or may not deal with users directly.
False (Rule based policy are more specific)
An attack, breach of policy, or other incident always constitutes a violation of law,
requiring notification of law enforcement.
False
Technical controls are the tactical and technical implementations of security in the
organization. _________________________
True
QUESTIONS AND ANSWERS REVIEWED AND
STUDY GUIDE
Some policies may need a(n) ____________________ indicating their expiration date.
sunset clause
In recent years, NIST has shifted its approach from implementing security controls using
a certification and accreditation (C&A) model to one more aligned with industry
practices, titled the Risk Management Framework. _________________________
True
A(n) sequential roster is activated as the first person calls a few people on the roster,
who in turn call a few other people. _________________________
False (Hierarchical)
A(n) ____________________ is a scripted description of an incident, usually just
enough information so that each individual knows what portion of the IRP to implement,
and not enough to slow down the notification process.
alert message
Each policy should contain procedures and a timetable for periodic review.
,True
The ________is based on and directly supports the mission, vision, and direction of the
organization and sets the strategic direction, scope, and tone for all security efforts.
EISP
A(n) ____________________ site is a fully configured computer facility, with all
services, communications links, and physical plant operations including heating and air
conditioning.
hot
A(n) ____________________ is a plan or course of action that conveys instructions
from an organization's senior management to those who make decisions, take actions,
and perform other duties.
Policy
____________________ controls are information security safeguards that focus on the
application of modern technologies, systems, and processes to protect information
assets..
technical
The transfer of large batches of data to an off-site facility, usually through leased lines or
services, is called ____.
electronic vaulting
, __________ is a strategy for the protection of information assets that uses multiple
layers and different types of controls (managerial, operational, and technical) to provide
optimal protection.
Defense in depth
Incident _________ is the rapid determination of the scope of the breach of the
confidentiality, integrity, and availability of information and information assets during or
just following an incident.
damage assessment
ACLs are more specific to the operation of a system than rule-based policies and they
may or may not deal with users directly.
False (Rule based policy are more specific)
An attack, breach of policy, or other incident always constitutes a violation of law,
requiring notification of law enforcement.
False
Technical controls are the tactical and technical implementations of security in the
organization. _________________________
True
