In which model in the SecSDLC does the work products of each phase fall into the next phase to serve as its starting point?
answer
waterfall
question
In which phase of the SecSDLC does the risk management task occur?
answer
analysis
question
Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct?
answer
managerial controls
question
According to the Corporate Governance Task Force (CGTF), during which phase in the IDEAL model and framework does the organization plan the specifics of how it will reach its destination?
answer
establishing
question
A clearly directed strategy flows from top to bottom rather than from bottom to top. (T/F)
answer
true
question
Which type of planning is the primary tool in determining the long-term direction taken by an organization?
answer
strategic
question
What is the first phase of the SecSDLC?
answer
investigation
question
Which of the following explicitly declares the business of the organization and its intended areas of operations?
answer
mission statement
question
Which of the following is an information security governance of the Chief Security Officer?
answer
set security policy, procedures, programs, and training
question
Which type of attack involves sending a large number of connection or information requests to a target?
answer
denial-of-service (DoS)
question
The impetus to begin an SDLC-based project may be ________, that is, a response to some activity in the business community, inside the organization, or within the ranks of employees, customers, or other stakeholders.
answer
event-driven
question
The basic outcomes of InfoSec governance should include all but which of the following?
answer
time management by aligning resources with personnel schedules and organizational objectives
question
Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?
answer
back door
question
Which type of planning is used to organize the ongoing, day-to-day performance of tasks?
answer
operational
question
Because it sets out general business intentions, a mission statement does not need to be concise. (T/F)
answer
false
question
A ________ overflow is an application error that occurs when the system can't handle the amount of data that is sent.
answer
buffer
question
Blackmail threat of informational disclosure is an example of which threat category?
answer
information extortion
question
A top-down approach to information security usually begins with a systems administrator's attempt to improve the security of their systems. (T/F)
answer
false
question
Which of the following is true about planning?
answer
strategic plans are used to create tactical plans
question
In _______ testing, security personnel simulate or perform specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities.
answer
penetration
question
Penetration testing is often conducted by contractors, who are commonly referred to as black-hats. (T/F)
answer
false
question
A(n) _______ attack enables an attacker to extract secrets maintained in a security system by observing the time it takes the system to respond to various queries.
answer
timing
question
Which of the following is a key advantage of the bottom-up approach to security implementation?
answer
utilizes the technical expertise of the individual administrators
question
The primary goal of external monitoring is to maintain an informed awareness of the state of all the organization's networks, information systems, and information security defenses. (T/F)
answer
false
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
