FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 5: Planning for Security

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 51

True/False

Review LaterAdd Note

Review Later

Policies are living documents that must be managed._________________________

A) True
B) False

Correct Answer

verified

Show Answer

Question 52

True/False

Review LaterAdd Note

Review Later

Proxy servers can temporarily store a frequently visited Web page,and thus are sometimes called demilitarized servers._________________________

A) True
B) False

Correct Answer

verified

Show Answer

Question 53

True/False

Review LaterAdd Note

Quality security programs begin and end with policy.

A security ____________________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world.

Standards may be published,scrutinized,and ratified by a group,as in formal or ____ standards.

A(n)honeynet is usually a computing device or a specially configured computer that allows or prevents access to a defined area based on a set of rules._________________________

A(n)_________________________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.

The security framework is a more detailed version of the security blueprint.

The ____ is based on and directly supports the mission,vision,and direction of the organization and sets the strategic direction,scope,and tone for all security efforts.

Technical controls are the tactical and technical implementations of security in the organization._________________________

You can create a single comprehensive ISSP document covering all information security issues.

NIST 800-14,The Principles for Securing Information Technology Systems,provides detailed methods for assessing,designing,and implementing controls and plans for applications of varying size.

A(n) ____ plan deals with the identification,classification,response,and recovery from an incident.

RAID ____ drives can be hot swapped.

Systems-specific security policies are formalized as written documents readily identifiable as policy._________________________

The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.

The stated purpose of ____ is to "give recommendations for information security management for use by those who are responsible for initiating,implementing,or maintaining security in their organization."

To remain viable,security policies must have a responsible individual,a schedule of reviews,a method for making recommendations for reviews,and a policy issuance and planned revision date.

A disaster recovery plan addresses the preparation for and recovery from a disaster,whether natural or man-made.

The policy administrator is responsible for the creation,revision,distribution,and storage of the policy.