which is the most important in determining an effective security policy?
Karen and her security team have been tasked with developing a security policy to be presented to senior management for a new start-up organization. Of the factors listed below, which is the most important in determining an effective security policy?
what John has done?
John covertly learns the user ID and password of a higher-ranked technician and uses the credentials to access certain areas of a network. What term describes what John has done?
which would not be considered an integrity violation?
Your companys security director calls a meeting to stress the importance of data integrity within the company. There is a concern because of several violations that have been noticed lately. Of the examples below, which would not be considered an integrity violation?
Which of the following objectives could not be achieved by a security policy?
A new security policy has recently been put into place to achieve many company objectives. Which of the following objectives could not be achieved by a security policy?
which best achieves the goal of ensuring integrity?
A data storage companys number one security goal is to ensure that their data is protected and integrity is achieved. Of the following controls, which best achieves the goal of ensuring integrity?
Which of the following provides an incorrect characteristic of CobiT?
The Control Objectives for Information and related Technology (CobiT) is a framework and set of best practices. Which of the following provides an incorrect characteristic of CobiT?
What is an issue that Stephanie needs to be concerned with?
Stephanie is a recently hired manager at a large financial organization. She has found out that three employees are suspected of moving sensitive customer data from their computer systems to email messages. Her security officer indicates that keystroke monitoring should be deployed to these users’ systems. What is an issue that Stephanie needs to be concerned with?
which of the following should be carried out?
To properly enforce access control within environment, which of the following should be carried out?
i.Deny access to systems by undefined users or anonymous accounts.
ii. Allow unlimited usage of administrator and other powerful accounts.
iii. Suspend or delay access capability after a specific number of unsuccessful logon attempts.
iv. Remove obsolete user accounts as soon as the user leaves the company.
v. Activate inactive accounts after 30 to 60 days.
which one is something that intrusion detection (ID) and response is not?
Of the following choices, which one is something that intrusion detection (ID) and response is not?
How are access control lists (ACLs) and capability tables different?
How are access control lists (ACLs) and capability tables different?