T/F: Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.
True
Software manufacturers limit their liability when selling software using which of the following?
B) End-User License Agreement
The _____ tenet of information systems security is concerned with the
recovery time objective.
E) Availability
T/F: If you are publicly traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach.
True
Organizations that require customer service representatives to access private customer data can best protect customer privacy and make it easy to access
other customer data by using which of the following security controls?
D) Blocking out customer private data details and allowing access only to the last four digits of SSN numbers or account numbers.
The _____ is the weakest link in an IT infrastructure.
C) User Domain
Which of the following security controls can help mitigate malicious email attachments?
A) All of these
You can help ensure confidentiality by implementing _____.
C) A virtual private network for remote access
T/F: Encrypting email communications is needed if you are sending confidential information within an email message through the public Internet.
True
T/F: Using security policies, standards, procedures and guidelines helps organizations
decrease risks and threats.
True
A data classification standard is usually part of which policy definition?
E) Asset protection policy
A data breach is typically performed after which of the following?
B) Unauthorized access to systems and application is obtained
Maximizing availability primarily involves minimizing ______.
B) All of these
Which of the following is not a U.S. compliance law or act?
D) PCI DSS
Internet IP Packets are to cleartext what encrypted packets are to _____.
A) Ciphertext
T/F: A IT security policy framework is like an outline that identifies where security controls should be used.
True
T/F: A
VPN router is a security application that is used to filter IP packets.
False
T/F: Access control lists (ACLs) are used to permit and deny traffic in an IP router.
True
T/F: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to specific users.
True
T/F: Cryptography is the process of transforming data from cleartext
into ciphertext.
False
T/F: Encrypting the data within databases and storage devices gives an added layer of security.
True
T/F: For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.
True
T/F: Hypertext Transfer Protocol (HTTP) encrypts data transfers
between secure browsers and secure web pages.
False
T/F: Hypertext Transfer Protocol (HTTP) Is the communications protocol between web browsers and websites with data in cleartext.
True
T/F: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
False
T/F: Networks, routers, and
equipment require continuous monitoring and management to keep wide area network (WAN) service available.
True
T/F: Organizations should start defining their IT security policy framework by defining an asset classification policy.
True
T/F: Service-level agreement (SLAs) are optical backbone trunks for private optical backbone networks.
False
T/F: Simple Network Management
Protocol (SNMP) is used for network device monitoring, alarm, and performance.
True
T/F: THe Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.
False
T/F: The System/Application Domain holds all the mission-critical systems, applications, and data.
True
T/F: The asset protection policy defines an
organization's data classification standard.
False
T/F: The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.
True
T/F: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
True
T/F: The weakest link in the security of
IT infrastructure is the server.
False
Here are the three most common ways vendors organize the initial data before deciding how it should be classified..
Content-based classification. ... .
Context-based classification. ... .
User-based classification..