-
Which type of control only reports that a violation has occurred?
Preventive
Detective
Corrective
Restorative
-
The term ________ defines the components, including people, information, and conditions, that support business objectives.
-
Which of the following types of policies defines prohibited actions?
Access control policy
Password usage policy
Acceptable use policy
Violation action policy
-
Which of the following terms ensures at least two people must perform a series of actions to complete a task?
Separation of duties
Least privilege
Need to know
User clearance
-
When using DAC, a subject must possess sufficient clearance as well as ________ to access an object.
-
Which of the following terms defines a strategy in which you grant access that allows a user to complete assigned tasks and nothing else?
Separation of duties
Least privilege
Need to know
User clearance
-
Which type of agreement can protect the ability to file a patent application?
Relinquish ownership agreement
Security clearance waiver
Background check agreement
Confidentiality agreement
-
What condition must exist for a background check to be governed by FCRA?
The investigation includes credit history.
The investigation is performed by a third party.
The investigation is performed by the prospective employer.
The investigation includes criminal history.
-
Which of the following best describes the purpose of auditing?
It finds the root causes of violation issues.
It assists investigators in identifying blame for violations.
It verifies that systems are operating in compliance.
It searches for hidden unacceptable use of IT resources.
-
Using a RACI matrix, which attribute refers to the party that actually carries out the work?
Responsible
Accountable
Consulted
Informed
-
Which department should take the lead in User Domain compliance accountability?
Information technology
Information security
Human resources
Security
-
A confidentiality agreement sets the expectations of each employee and sets job performance standards.
True
False
-
Which of the following is a series of individual tasks that users accomplish to comply with one or more goals?
Policy
Standard
Procedure
Guideline
-
Which of the following is a collection of requirements the users must meet?
Policy
Standard
Procedure
Guideline
-
Discretionary access control is based on roles and granted permissions.
True
False
-
Removing prior access that is no longer needed as a security policy will achieve what?
Reduces the overall security risk to the organization
Maintains segregation of duties
Simplifies investigation of incidents
All of the above
-
What type of security risk relies on human weakness to trick an employee into an act of noncompliance without their knowledge?
Social engineering
Human mistake
Insider threat
-
The goal of a security awareness program is to hold an individual accountable if they have not been instructed as to what is and is not acceptable with information security.
True
False
-
What type of documentation in the User Domain provides guidance for personnel on the proper use of resources?
IT asset AUPs
Internet AUPs
Email AUPs
-
One significant threat to information security comes from the, ______ , which refers to an employee, consultant, contractor, or vendor who knows the organization, may know the countermeasures and the applications.