FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Planning for Security

Show Answer

Share

---

All types

Filters

Study Flashcards

Question 21

True/False

Review LaterAdd Note

Review Later

The ISSP is a plan which sets out the requirements that must be met by the information security blueprint or framework.

Correct Answer

verified

Show Answer

Question 22

Multiple Choice

Review LaterAdd Note

Review Later

_________ controls address personnel security, physical security, and the protection of production inputs and outputs.

A) ​Informational
B) Operational
C) ​Technical
D) ​Managerial

Correct Answer

verified

Show Answer

Question 23

True/False

Review LaterAdd Note

To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.

Each policy should contain procedures and a timetable for periodic review.

Some policies may need a(n) ____________________ indicating their expiration date.

A(n) ____________________ backup is the storage of all files that have changed or been added since the last full backup.

The transfer of live transactions in real time to an off-site facility is called ____________________.

What three purposes does the ISSP serve?

Summarize the strategies that can be chosen by an organization when planning for business continuity.

A(n) ____________________ directs members of an organization as to how issues should be addressed and how technologies should be used.

A(n) ____________________ is a contract between two or more organizations that specifies how each will assist the other in the event of a disaster.

The complete details of ISO/IEC 27002 are widely available to everyone.

Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site.

The ____________________ of an organization are the intermediate states obtained to achieve progress toward a goal or goals.

Incident ____________________ is the process of examining a potential incident, or incident candidate, and determining whether the candidate constitutes an actual incident.

Redundancy can be implemented at a number of points throughout the security architecture, such as in ________.

A(n) capability table specifies which subjects and objects users or groups can access. _________________________

The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

Disaster recovery personnel must know their roles without supporting documentation, which is a function of preparation, training, and rehearsal.

A(n) disaster is any adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. _________________________