Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

ITN260 > Chapter 15 > Flashcards

Chapter 15 Flashcards

1
Q

Select the option that best describes an asset:

a) any item that is owned by an enterprise
b) any item that is used by management
c) any item that is used b y all employees
d) any item that has a positive economic value

A

d) any item that has a positive economic value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk avoidance involves identifying the risk and and making the decision to engage in the activity.

(T/F)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?

a) social media network
b) social engineering network
c) social management network
d) social control network

A

a) social media network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What describes an agreement between two or more parties and demonstrates a “convergence of will” between the parties so that they can work together?

a) BPA
b) ISA
c) NDA
d) MOU

A

d) MOU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List and describe three of the six risk categories.

A

three categories:

1) strategic
2) compliance
3) finanical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of learner learns best through hands-on approaches?

a) kinesthetic
b) auditory
c) spatial
d) visual

A

a) kinesthetic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees service?

a) SLA
b) ISA
c) MOU
d) BPA

A

a) SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Due to the potential impact of changes that can affect all users in an organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?

a) security control team
b) incident response team
c) change management team
d) compliance team

A

c) change management team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which term below describes the art of helping an adult learn?

a) deontological
b) pedagogical
c) metagogical
d) andragogical

A

d) andragogical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A written document that states how an organization plans to protect the company’s information technology assets is a:

a) security procedure
b) standard
c) security policy
d) guideline

A

c) security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following threats would be classified as the actions of a hactivist?

a. External threat
b. Internal threat
c. Environmental threat
d. Compliance threat

A

a. External threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of these is NOT a response to risk?

a. Mitigation
b. Transference
c. Resistance
d. Avoidance

A

c. Resistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Agnella was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the follow would she NOT list in her report?

a. Legal authorization
b. Indemnification
c. Limit retaliation
d. Access to resources

A

d. Access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites?

a. Operational
b. Managerial
c. Technical
d. Strategic

A

c. Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following approaches to risk calculation typically assigns a numeric value (1‒10) or label (High, Medium, or Low) represents a risk?

a. Quantitative risk calculation
b. Qualitative risk calculation
c. Rule-based risk calculation
d. Policy-based risk calculation

A

a. Quantitative risk calculation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?

a. MTTF
b. MTTR
c. FIT
d. MTBF

17
Q

Which of the following covers the procedures of managing object authorizations?

a. Asset management
b. Task management
c. Privilege management
d. Threat management

A

c. Privilege management

18
Q

Which statement does NOT describe a characteristic of a policy?

a. Policies define appropriate user behavior.
b. Policies identify what tools and procedures are needed.
c. Policies communicate a unanimous agreement of judgment.
d. Policies may be helpful if it is necessary to prosecute violators.

A

b. Policies identify what tools and procedures are needed.

19
Q

Tomassa is asked to determine the expected monetary loss every time a risk occurs. Which formula will she use?

a. AV
b. ARO
c. ALE
d. SLE

20
Q

What is a collection of suggestions that should be implemented?

a. Policy
b. Guideline
c. Standard
d. Code

A

b. Guideline

21
Q

Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research?

a. Deterrent control
b. Preventive control
c. Detective control
d. Corrective control

A

a. Deterrent control

22
Q

Which statement is NOT something that a security policy must do?

a. State reasons why the policy is necessary.
b. Balance protection with productivity.
c. Be capable of being implemented and enforced.
d. Be concise and easy to understand.

A

b. Balance protection with productivity.

23
Q

What describes is the ability of an enterprise data center to revert to its former size after expanding?

a. Scalability
b. Elasticity
c. Contraction
d. Reduction

A

b. Elasticity

24
Q

Which policy defines the actions users may perform while accessing systems and networking equipment?

a. End-user policy
b. Acceptable use policy
c. Internet use policy
d. User permission policy

A

b. Acceptable use policy

25
While traveling abroad, Giuseppe needs to use public Internet café computers to access the secure network. Which of the following non-persistence tools should he use? a. Snapshot b. Live boot media c. Revert to known state d. Secure Configuration
b. Live boot media
26
Bria is reviewing the company's updated personal email policy. Which of the following will she NOT find in it? a. Employees should not use company email to send personal email messages. b. Employees should not access personal email at work. c. Employees should not forward company emails to a personal email account. d. Employees should not give out their company email address unless requested.
d. Employees should not give out their company email address unless requested.
27
For adult learners, which approach is often preferred? a. Pedagogical b. Andragogical c. Institutional d. Proactive
b. Andragogical
28
Which of the following is NOT a security risk of social media sites for users? a. Personal data can be used maliciously. b. Users may be too trusting. c. Social media security is lax or confusing. d. Social media sites use popup ads.
d. Social media sites use popup ads.
29
Which of the following is NOT a time employee training should be conducted? a. After monthly patch updates. b. When a new computer is installed. c. During an annual department retreat. d. When an employee is promoted.
a. After monthly patch updates.
30
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? a. SLA b. BPA c. ISA d. MOU
d. MOU
31
The security administrator for Corp.com wants to provide wireless access for employees as well as guests. Multiple wireless access points and separate networks for internal users and guests are required. Which of the following should separate each network? (Choose all that apply.) a) Channels b) SSIDs c) Physical security d) Security protocols
a) channels b) SSIDs d) security protocols
32
Which of the following is true concerning vulnerability scanning? (Choose all that apply.) a) Some scanning attempts are intrusive while some are non-intrusive. b) False positive is possible! c) All scanning attempts must be credentialed. d) False negative is not possible! e) Some scanning attempts may be credentialed while some may be non-credentialed.
a) Some scanning attempts are intrusive while some are non-intrusive. b) False positive is possible! e) Some scanning attempts may be credentialed while some may be non-credentialed.
33
How is credentialed scanning better than non-credentialed scanning? (Choose all that apply.) a) Customized auditing b) Safer scanning c) More accurate results d) Active vs. passive scanning
a) Customized auditing b) Safer scanning c) More accurate results
34
Help from a Recovery Agent is necessary when: a) One needs to setup a registration authority. b) One needs to service a CSR. c) One needs to remove a CRL. d) The private key is lost by a user. e) One wants to implement OSCP. f) The public key is lost.
d) The private key is lost by a user.
35
What is the difference between a key escrow and a recovery agent? (Choose all that apply.) a) The former is primarily for helping internal users b) The former has replaced the latter in many occasions c) The former is primarily for third party access to data d) The latter is primarily for third party access to data e) The latter is primarily for helping internal users
c) The former is primarily for third party access to data e) The latter is primarily for helping internal users

ITN260 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions