lab 1 Flashcards
Is the PC10 system in compliance with the security template based on the gap analysis results?
Yes
No
No
Performing gap analysis forces systems into compliance.
True
False
False
Gap analysis is a process that identifies how an organization’s security systems deviate from those required or recommended by a framework.
True
False
True
When should gap analysis be performed? (Select all that apply)
when first adopting a framework
when meeting a new industry or legal
compliance requirement
after significant time has past
when decommissioning legacy hardware
when first adopting a framework
when meeting a new industry or legal compliance requirement
after significant time has past
What is the purpose of a gap analysis?
discovering the differences between the intended or expected configuration of a system and its actual operating configuration
exploring the source code of a open source application for flaws and vulnerabilities
determining the probability and likelihood of a threat causing harm to an asset
evaluating the level of compliance to a regulation or contractual obligation
discovering the differences between the intended or expected configuration of a system and its actual operating configuration
Which of the following statements is false in regard to gap analysis?
Some variations from a baseline may be more secure
Some variations from a baseline are less secure
A single security template is sufficient to analyze all systems
Security template selection should be specific to its product version and build number
A single security template is sufficient to analyze all systems
