ï»¿Question: I am the framework used to stay in compliance with SOX 404.
Question: The difference between an Assessment and an Audit is that the assessment finds blame where an Audit does not. True or False
Question: This regulation ensures that organizations have sound information security practices and framework for effective information security resources that support federal operations, data, and infrastructure.
Answer: Federal Information Security Management Act (FISMA)
Question: Regulatory compliance benefits organizations, consumers, and this group of people.
Question: â€˜Confidentialityâ€™ is defined as in this in the ...view middle of the document...
Question: This pertains more specifically to the configuration items that are directly related to controls or settings representing significant risk, if not managed properly.
Answer: Security Control Management
Question: This is the plan for establishing the basic standard of system configurations and the management of configuration items.
Answer: Baseline Configuration Management
Question: This provides details about the infrastructure systems which may include a discussion of existing technical, management, and operational controls may be included.
Answer: System Characterization
Question: The criteria, circumstance, cause, and impact are all included in me!
Answer: Gap Analysis
Question: COBIT stands for __________________________.
Answer: Control Objectives for Information and Related Technology.
Question: Controls fall into these three functional types.
Answer: Preventive, Detective, and Corrective.
Question: Under the two components, People and Documentation, you find people fall into three types: employees, guests/third parties, and _____________.
Question: This is to define access controls where each user has the permission to carry out assigned tasks and nothing else.
Answer: Principle of Least Privilege
Question: This is a common document that communicates your organizationâ€™s security policy clearly when hiring new employees.
Answer: Confidential Agreement
Question: RACI stands for __________, __________, ___________, and ________________.
Answer: Responsible, Accountable, Consulted, and Informed
Question: Ensuring compliance in the Workstation Domain satisfies these two main purposes.
Answer: Increases information security and reduces liability
Question: The PCI DSS standard is used for this type of industry.
Answer: Payment Card
Question: The three authentication types include these
Answer: What you know, What you have, and What you are
Question: NOS provides the interface between the hardware and the application layer software. True or False.
Question: These are the two types of object access control.
Answer: discretionary access control and mandatory access control
Question: I connects two or more separate networks in the LAN-to-WAN domain.
Question: This type of firewall makes requests for remote services on the behalf of the local clients.