Cyber Security Fundamentals exam 2
UPDATED Study Guide QUESTIONS
AND CORRECT ANSWERS
Some policies may need a(n) ____________________ indicating their
expiration date. - CORRECT ANSWERS sunset clause
In recent years, NIST has shifted its approach from implementing security
controls using a certification and accreditation (C&A) model to one more
aligned with industry practices, titled the Risk Management Framework.
_________________________ - CORRECT ANSWERS True
A(n) sequential roster is activated as the first person calls a few people on the
roster, who in turn call a few other people. _________________________ -
CORRECT ANSWERS False (Hierarchical)
A(n) ____________________ is a scripted description of an incident, usually
just enough information so that each individual knows what portion of the IRP
to implement, and not enough to slow down the notification process. -
CORRECT ANSWERS alert message
Each policy should contain procedures and a timetable for periodic review. -
CORRECT ANSWERS True
The ________is based on and directly supports the mission, vision, and
direction of the organization and sets the strategic direction, scope, and tone for
all security efforts. - CORRECT ANSWERS EISP
A(n) ____________________ site is a fully configured computer facility, with
all services, communications links, and physical plant operations including
heating and air conditioning. - CORRECT ANSWERS hot
, A(n) ____________________ is a plan or course of action that conveys
instructions from an organization's senior management to those who make
decisions, take actions, and perform other duties. - CORRECT ANSWERS
Policy
____________________ controls are information security safeguards that focus
on the application of modern technologies, systems, and processes to protect
information assets.. - CORRECT ANSWERS technical
The transfer of large batches of data to an off-site facility, usually through
leased lines or services, is called ____. - CORRECT ANSWERS
electronic vaulting
__________ is a strategy for the protection of information assets that uses
multiple layers and different types of controls (managerial, operational, and
technical) to provide optimal protection. - CORRECT ANSWERS
Defense in depth
Incident _________ is the rapid determination of the scope of the breach of the
confidentiality, integrity, and availability of information and information assets
during or just following an incident. - CORRECT ANSWERS damage
assessment
ACLs are more specific to the operation of a system than rule-based policies
and they may or may not deal with users directly. - CORRECT ANSWERS
False (Rule based policy are more specific)
An attack, breach of policy, or other incident always constitutes a violation of
law, requiring notification of law enforcement. - CORRECT ANSWERS
False
UPDATED Study Guide QUESTIONS
AND CORRECT ANSWERS
Some policies may need a(n) ____________________ indicating their
expiration date. - CORRECT ANSWERS sunset clause
In recent years, NIST has shifted its approach from implementing security
controls using a certification and accreditation (C&A) model to one more
aligned with industry practices, titled the Risk Management Framework.
_________________________ - CORRECT ANSWERS True
A(n) sequential roster is activated as the first person calls a few people on the
roster, who in turn call a few other people. _________________________ -
CORRECT ANSWERS False (Hierarchical)
A(n) ____________________ is a scripted description of an incident, usually
just enough information so that each individual knows what portion of the IRP
to implement, and not enough to slow down the notification process. -
CORRECT ANSWERS alert message
Each policy should contain procedures and a timetable for periodic review. -
CORRECT ANSWERS True
The ________is based on and directly supports the mission, vision, and
direction of the organization and sets the strategic direction, scope, and tone for
all security efforts. - CORRECT ANSWERS EISP
A(n) ____________________ site is a fully configured computer facility, with
all services, communications links, and physical plant operations including
heating and air conditioning. - CORRECT ANSWERS hot
, A(n) ____________________ is a plan or course of action that conveys
instructions from an organization's senior management to those who make
decisions, take actions, and perform other duties. - CORRECT ANSWERS
Policy
____________________ controls are information security safeguards that focus
on the application of modern technologies, systems, and processes to protect
information assets.. - CORRECT ANSWERS technical
The transfer of large batches of data to an off-site facility, usually through
leased lines or services, is called ____. - CORRECT ANSWERS
electronic vaulting
__________ is a strategy for the protection of information assets that uses
multiple layers and different types of controls (managerial, operational, and
technical) to provide optimal protection. - CORRECT ANSWERS
Defense in depth
Incident _________ is the rapid determination of the scope of the breach of the
confidentiality, integrity, and availability of information and information assets
during or just following an incident. - CORRECT ANSWERS damage
assessment
ACLs are more specific to the operation of a system than rule-based policies
and they may or may not deal with users directly. - CORRECT ANSWERS
False (Rule based policy are more specific)
An attack, breach of policy, or other incident always constitutes a violation of
law, requiring notification of law enforcement. - CORRECT ANSWERS
False
