study set 2

Question 1

What is it called when a data owner accepts the certification?

Answer 1

Accreditation

Question 2

IAAA

Answer 2

A frame work:
Identification
Authentication
Authorization
Accountability

Question 3

EF

Answer 3

Exposure Factor

the % of loss that is expected from an risk event

Question 4

Privacy Act of 1974 applies to who?

Answer 4

applies only to federal Agencies

Question 5

What are the 8 steps to EDRM

Answer 5

The Electronic Discovery Reference Model

1. Identification
2. Preservation
3. Collection
4. processing
5. review
6. Analysis
7. Production
8. Presentation

Question 6

OEP

Answer 6

Occupant Emergency Plan

Question 7

A privacy Policy needs to cover what 4 items?

Answer 7

1. Collection
2. Use
3. Disclosure
4. Protection

Question 8

Vertical Control?

Answer 8

example Top secret, secret, etc…

Question 9

Proactive Controls are?

Answer 9

Safeguards

Question 10

‘IT’ logs and Documents are what type of Evidence?

Answer 10

Secondary Evidence

Question 11

What is committee of sponsoring organizations of the treadway commission called?

Answer 11

COSO

Question 12

Typosquatting

Answer 12

URL Hijacking

Question 13

ISO 27799 standard is focused around?

Answer 13

Protecting PHI

Question 14

Keylogger is a threat to what CIA

Answer 14

Confidentiality

Question 15

GDPR

Answer 15

updated EU Law for 2018

Question 16

“NEED TO KNOW” is what type of control?

Answer 16

Horizontal Control

Question 17

Tangible and physical objects are what type of evidence

Answer 17

Real evidence

Hard drives, usb sticks but not the data on them.

Question 18

What are 3 Corrective Controls

Answer 18

1. anti-virus
2. Patches
3. IPS

Question 19

What act is for Identity theft

Answer 19

(ITADA) Identity Theft and Assumption Deterrence Act

Question 20

The First step of a BCP should perform?

Answer 20

(BOA) Business Organization Analysis

Question 21

What is the correct way to dispose of a SSD Drive?

Answer 21

Incinerate

Question 22

SOX

Answer 22

Sarbanes - Oxlet Act of 2002

Publicly traded companies have regulation on financial reports

Question 23

The 3 Rules of HIPAA

Answer 23

1. privacy Rule
2. security Rules
3. Breach notification Rules

Question 24

Developed Guidelines for International Data is properly protected in a Globalized Economy

Answer 24

(OECD) Organization for Economic Co-operation and development

Question 25

MOA /MOU

Answer 25

Memorandums of Agreement / understanding for Essential personnel

Question 26

The Military or DOD Data Classification

Answer 26

1. Top Secret 2. Secret 3. Confidential 4. Unclassified

Question 27

IPS / IDS ensure what of CIA

Answer 27

Availability

Question 28

STRIDE

Answer 28

Is a Threat categorization scheme from Microsoft ``` spoofing tampering repudiation info disclosure DOS attack Elevation of privilege ```

Question 29

Supporting facts and elements are what type of evidence?

Answer 29

Collaborative | Not a fact on it's own

Question 30

When you see something, what type of evidence?

Answer 30

Direct Evidence

Question 31

Who Defines the acceptable level of risk?

Answer 31

Security Steering Committee

Question 32

What policy would address on how to deal with Data no longer Needed?

Answer 32

Data Destruction Policy

Question 33

4 CIA Confidentiality threats

Answer 33

1. Attacks on Encryption 2. Social Engineering 3. Key Logger 4. IOT internet of Things

Question 34

"The Majority of the proof" relate to what law?

Answer 34

Civil Law

Question 35

Cybersquatting

Answer 35

domain squatting

Question 36

Counterfeiting is ?

Answer 36

an attack on trademarks

Question 37

"Beyond a Reasonable Doubt"

Answer 37

Criminal Law

Question 38

What are the Business Data Classifications

Answer 38

High Sensitive sensitive internal public

Question 39

Security Steering Committee Is Responsible for?

Answer 39

Is Responsible for making Decisions on Tactical and strategic security issues. Members are asked to join

Question 40

Software code is a threat to what CIA

Answer 40

Availability

Question 41

Exigent circumstance is?

Answer 41

Immediate threat to Human life or evidence destruction. Only applies to law enforcement or " under the color of law"

Question 42

ISO 27002 is focused on?

Answer 42

ITSM

Question 43

Password hashing with salting is what part of the CIA?

Answer 43

Integrity

Question 44

the 5 ISC2 code of Ethics

Answer 44

1. Protect the Society 2. The Common Good 3. Public Trust & confidence 4. Provide diligent and competent service 5. Advance and protect the profession

Question 45

Retention policy deals with?

Answer 45

How long to backup Where to Keep the backup What do we Keep

Question 46

What is the self Directed Rick Evaluation methodology

Answer 46

OCTAVE

Question 47

Which attack would you be seeing if you saw a SYN packet with the source and the destination as the same address?

Answer 47

LAND attack (Local Area Network Denial attack )

Question 48

three authentication responses a RADIUS server returns

Answer 48

access-accept, access-reject, access-challenge