TEST6

Security administration is the group of responsible for the planning, design, implementation and monitoring of an organization's security plan. True. False.

The security program requires documentation of. The security process . The policies, procedures, and guidelines adopted by the organization. The authority of the persons responsible for security. All of the above . None of the above.

An organization does not have to comply with both regulatory standards and organizational standards. . True. False.

A  ________ is a formal contract between your organization and an outside firm that details the specific services the firm will provide. Service-level agreement (SLA) . Security event log . Compliance report . Incident response.

Which software testing method provides random input to see how software handles unexpected data?. Injection . Boundary input . Fuzzing . Valid error input .

In 1989, the Internet Architecture Board (IAB) issued a statement of policy about Internet ethics. This document is known as . OECD (Organization for Economic Cooperation and Development). RFC 1087 . (ISC)2 Code of Ethics Canons . CompTIA Candidate Code of Ethics .

_____________ is the concept that users should be granted only the levels of permissions they need in order to perform their duties. . Mandatory vacations . Separation of duties . Job rotation . Principle of least privilege . None of the above .

Which of the following is an example of social engineering?. An emotional appeal for help . A phishing attack . Intimidation . Name-dropping . All of the above .

Policy sets the tone and culture of the organization. True. False.

________  involve the standardization of the hardware and software solutions used to address a security risk throughout the organization. . Procedures . Policies. Baselines . Standards .

Which of the following is true of procedures?. They increase mistakes in a crisis. . They provide for places within the process to conduct assurance checks. . Important steps are often overlooked. None of the above. All of the above .

Data classification is the responsibility of the person who owns the data. . True. False.

The objectives of classifying information include which of the following? . To identify information protection requirements . To identify data value in accordance with organization policy . To standardize classification labeling throughout the organization . To comply with privacy law, regulations, and so on . All of the above .

Configuration management is the management of modifications made to the hardware, software, firmware, documentation, test plans, and test documentation of an automated system throughout the system life cycle. . True. False.

The change management process includes ________ control and ________ control. Configuration, change . Hardware inventory, software development. Clearance, classification . Document, data .

More and more organizations use the term ________ to describe the entire change and maintenance process for applications. System development life cycle (SDLC) . System life cycle (SLC) . System maintenance life cycle (SMLC) . None of the above.

When developing software, you should ensure the application does which of the following?. Checks user authorization . Has procedures for recovering database integrity in the event of system failure . Has edit checks, range checks, validity checks, and other similar controls . Checks user authentication to the application .

There are several types of software development methods, but most traditional methods are based on the ________ model. . Integration . Waterfall . Modification . Developer.