FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Planning for Security

Show Answer

Share

---

All types

Filters

Study Flashcards

Question 41

Multiple Choice

Review LaterAdd Note

Review Later

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

A) Firewalling
B) Hosting
C) Redundancy
D) Domaining

Correct Answer

verified

Show Answer

Question 42

Multiple Choice

Review LaterAdd Note

Review Later

________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

A) Managerial
B) Technical
C) Operational
D) Informational

Correct Answer

verified

Show Answer

Question 43

Short Answer

Review LaterAdd Note

____________________ controls are information security safeguards that focus on the application of modern technologies, systems, and processes to protect information assets.

____________________ management is an organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and policy issuance and planned revision dates.

Managerial controls set the direction and scope of the security process and provide detailed instructions for its conduct.

The security model is the basis for the design, selection, and implementation of all security program elements, including policy implementation and ongoing policy and program management. _________________________

Every member of the organization's InfoSec department must have a formal degree or certification in information security.

A(n) ____________________ is a scripted description of an incident-usually just enough information so that each individual knows what portion of the IRP to implement, and not enough to slow down the notification process.

A(n) ____________________ is a detailed examination of the events that occurred from first detection to final recovery.

Guidelines are detailed statements of what must be done to comply with policy. _________________________

A disaster recovery plan shows the organization's intended efforts to restore operations at the original site in the aftermath of a disaster.

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.

NIST responded to a mandate and created a voluntary Risk Management Framework that provides an effective approach to manage cybersecurity risks. _________________________

A ____ site provides only rudimentary services and facilities.

Implementing multiple types of technology and thereby precluding that the failure of one system will compromise the security of information is referred to as ____________________.

RAID Level 1 is commonly called disk ____________________.

The operational plan documents the organization's intended long-term direction and efforts for the next several years. _________________________

Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator. _________________________