The asset protection policy defines an organizations data classification standard

1. T/F: Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.
   

   Nội dung chính Show

   • What defines an organization's data classification standard?
   • What is the data classification policy?
   • What are the 4 types of data classification?
   • What are 3 main types of data classifications?

   True

2. Software manufacturers limit their liability when selling software using which of the following?
   
   
   
   
   

   B) End-User License Agreement

3. The _____ tenet of information systems security is concerned with the recovery time objective.
   
   
   
   
   

   E) Availability

4. T/F: If you are publicly traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach.
   

   True

5. Organizations that require customer service representatives to access private customer data can best protect customer privacy and make it easy to access other customer data by using which of the following security controls?
   
   
   
   
   

   D) Blocking out customer private data details and allowing access only to the last four digits of SSN numbers or account numbers.

6. The _____ is the weakest link in an IT infrastructure.
   
   
   
   
   

   C) User Domain

7. Which of the following security controls can help mitigate malicious email attachments?
   
   
   
   
   

   A) All of these

8. You can help ensure confidentiality by implementing _____.
   
   
   
   
   

   C) A virtual private network for remote access

9. T/F: Encrypting email communications is needed if you are sending confidential information within an email message through the public Internet.
   

   True

10. T/F: Using security policies, standards, procedures and guidelines helps organizations decrease risks and threats.
    

    True

11. A data classification standard is usually part of which policy definition?
    
    
    
    
    

    E) Asset protection policy

12. A data breach is typically performed after which of the following?
    
    
    
    
    

    B) Unauthorized access to systems and application is obtained

13. Maximizing availability primarily involves minimizing ______.
    
    
    
    
    

    B) All of these

14. Which of the following is not a U.S. compliance law or act?
    
    
    
    
    

    D) PCI DSS

15. Internet IP Packets are to cleartext what encrypted packets are to _____.
    
    
    
    
    

    A) Ciphertext

16. T/F: A IT security policy framework is like an outline that identifies where security controls should be used.
    

    True

17. T/F: A VPN router is a security application that is used to filter IP packets.
    

    False

18. T/F: Access control lists (ACLs) are used to permit and deny traffic in an IP router.
    

    True

19. T/F: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to specific users.
    

    True

20. T/F: Cryptography is the process of transforming data from cleartext into ciphertext.
    

    False

21. T/F: Encrypting the data within databases and storage devices gives an added layer of security.
    

    True

22. T/F: For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.
    

    True

23. T/F: Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.
    

    False

24. T/F: Hypertext Transfer Protocol (HTTP) Is the communications protocol between web browsers and websites with data in cleartext.
    

    True

25. T/F: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
    

    False

26. T/F: Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
    

    True

27. T/F: Organizations should start defining their IT security policy framework by defining an asset classification policy.
    

    True

28. T/F: Service-level agreement (SLAs) are optical backbone trunks for private optical backbone networks.
    

    False

29. T/F: Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance.
    

    True

30. T/F: THe Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.
    

    False

31. T/F: The System/Application Domain holds all the mission-critical systems, applications, and data.
    

    True

32. T/F: The asset protection policy defines an organization's data classification standard.
    

    False

33. T/F: The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.
    

    True

34. T/F: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
    

    True

35. T/F: The weakest link in the security of IT infrastructure is the server.
    

    False

What defines an organization's data classification standard?

What is the data classification policy?

What are the 4 types of data classification?

What are 3 main types of data classifications?