Joshua Villy
Test por , creado hace más de 1 año

1 CSI270 Test sobre Quiz 11, creado por Joshua Villy el 09/05/2013.

353
0
0
Joshua Villy
Creado por Joshua Villy hace más de 11 años
Cerrar

Quiz 11

Pregunta 1 de 25

1

An employee in an organization is requesting access to more information than is required. This request should be denied on the basis of which principle:

Selecciona una de las siguientes respuestas posibles:

  • Separation of duties

  • Least privilege

  • Need to know

  • Job rotation

Explicación

Pregunta 2 de 25

1

Two separate employees are required to open a safe containing sensitive information. One employee has part of the safe combination, and a second employee has another part of the safe combination. This arrangement follows the principle of:

Selecciona una de las siguientes respuestas posibles:

  • Split custody

  • Segregation of duties

  • Need to know

  • Least privilege

Explicación

Pregunta 3 de 25

1

The information security officer in an organization has assigned various accounting department employees to various roles in the organization’s financial system, taking care to assign roles with the fewest possible functions. Roles have been assigned according to the principle of:

Selecciona una de las siguientes respuestas posibles:

  • Need to know

  • Segregation of duties

  • Split custody

  • Least privilege

Explicación

Pregunta 4 de 25

1

An organization has in its possession many types of business records that vary in sensitivity and handling requirements. No policy exists that defines how any of these records should be protected. This organization lacks:

Selecciona una de las siguientes respuestas posibles:

  • Storage and handling procedures

  • Separation of duties

  • Data classification policy

  • Information security policy

Explicación

Pregunta 5 de 25

1

The purpose of a periodic review of user access rights is:

Selecciona una de las siguientes respuestas posibles:

  • To check whether employees have logged in to the system

  • To check for active accounts that belong to terminated employees

  • To determine password quality and expiration

  • To determine whether access control systems still function properly

Explicación

Pregunta 6 de 25

1

The purpose of a password policy that requires a minimum number of days between password changes is:

Selecciona una de las siguientes respuestas posibles:

  • To prevent a brute force attack against a password

  • To prevent an intruder from carrying out a dictionary attack against a password

  • To prevent someone from quickly cycling back to their familiar password

  • To prevent a second user from changing the password

Explicación

Pregunta 7 de 25

1

The purpose of a password policy that locks an account after five unsuccessful login attempts is:

Selecciona una de las siguientes respuestas posibles:

  • To prevent an intruder from carrying out a dictionary attack against a password

  • To prevent a second user from changing the password

  • To prevent someone from quickly cycling back to their familiar password

  • To prevent other individuals from logging in to the account

Explicación

Pregunta 8 de 25

1

The purpose of backups includes all of the following EXCEPT:

Selecciona una de las siguientes respuestas posibles:

  • Software malfunctions

  • Human error

  • Hardware malfunctions

  • Cluster failovers

Explicación

Pregunta 9 de 25

1

The most effective way to confirm whether backups function properly is:

Selecciona una de las siguientes respuestas posibles:

  • Confirming the presence of error messages in backup logs

  • Confirming the absence of error messages in backup logs

  • Testing the ability to backup data onto backup media

  • Testing the ability to restore data from backup media

Explicación

Pregunta 10 de 25

1

An organization’s data classification policy includes handling procedures for data at each level of sensitivity. The IT department backs up all data onto magnetic tape, resulting in tapes that contain data at all levels of sensitivity. How should these backup tapes be handled?

Selecciona una de las siguientes respuestas posibles:

  • According to procedures for the lowest sensitivity level

  • According to procedures for the highest sensitivity level

  • According to procedures in between the lowest and highest sensitivity levels

  • Data handling procedures do not apply to backup media, only original media

Explicación

Pregunta 11 de 25

1

All of the following methods for destroying data on hard disk drives are sufficient EXCEPT:

Selecciona una de las siguientes respuestas posibles:

  • Reformatting

  • Degaussing

  • Shredding

  • Drilling

Explicación

Pregunta 12 de 25

1

All of the following are valid reasons for backing up data EXCEPT:

Selecciona una de las siguientes respuestas posibles:

  • Disaster

  • Software bugs that corrupt data

  • Replication

  • Sabotage

Explicación

Pregunta 13 de 25

1

An organization’s IT manager is establishing a business relationship with an off-site media storage company, for storage of backup media. The storage company has a location 5 miles away from the organization’s data center, and another location that is 70 miles away. Why should one location be preferred over the other?

Selecciona una de las siguientes respuestas posibles:

  • It makes no difference which facility is chosen

  • The closer location should be chosen, to facilitate periodic on-site inspections

  • The closer location should be chosen, to facilitate faster recovery

  • The farther location should be chosen, because it will not be affected by a regional disaster

Explicación

Pregunta 14 de 25

1

An organization’s IT manager wants to discontinue the business relationship with an off-site media storage company, and instead store the organization’s backup tapes at his residence, which is closer to the organization’s data center. Should this plan be considered, and why:

Selecciona una de las siguientes respuestas posibles:

  • This should not be considered because the media will have fewer physical safeguards

  • This should be considered because it will save money

  • This should be considered because it is closer to the organization’s data center

  • This should not be chosen because it is too closer to the organization’s data center

Explicación

Pregunta 15 de 25

1

Why do the actions of system administrators need to be monitored more closely than other personnel?

Selecciona una de las siguientes respuestas posibles:

  • Administrator actions can be more harmful and have a larger impact on the organization

  • Administrators are more likely to make mistakes

  • Administrators have access to all other users’ passwords

  • Administrative interfaces have fewer safeguards

Explicación

Pregunta 16 de 25

1

Which of the following is NOT a risk associated with remote access:

Selecciona una de las siguientes respuestas posibles:

  • Risk associated with sensitive information is stored on a non-company-owned computer, out of the organization’s control

  • A non-company-owned computer with inadequate anti-malware protection can introduce an infection through remote access

  • Anti-virus software on the remote computer will not be able to download virus definition updates

  • If a split tunnel is used, the remote computer may be more vulnerable to attack

Explicación

Pregunta 17 de 25

1

A workstation that can remotely access the organization’s network through a VPN and access the local LAN, all through the same physical network connection, is using:

Selecciona una de las siguientes respuestas posibles:

  • Split tunneling

  • Split gateways

  • IPsec VPN software

  • SSL VPN software

Explicación

Pregunta 18 de 25

1

What is the difference between split tunneling and inverse split tunneling:

Selecciona una de las siguientes respuestas posibles:

  • Only inverse split tunneling can utilize a firewall

  • Only split tunneling can utilize a firewall

  • Split tunneling uses IPsec and SSL, while inverse split tunneling uses L2TP

  • In split tunneling, the default network is the LAN; in inverse split tunneling, the default network is the VPN

Explicación

Pregunta 19 de 25

1

The primary advantage of the use of a central management console for anti-virus is:

Selecciona una de las siguientes respuestas posibles:

  • Centralized virus detection

  • Centralized reporting

  • Consolidation of reporting and centralized signature file distribution

  • Centralized signature file distribution

Explicación

Pregunta 20 de 25

1

The process of erasing magnetic media through the use of a strong magnetic field is known as:

Selecciona una de las siguientes respuestas posibles:

  • Delousing

  • Degaussing

  • Shredding

  • Wiping

Explicación

Pregunta 21 de 25

1

A security manager has instructed a system administrator to wipe files on a hard disk. This means that the administrator needs to:

Selecciona una de las siguientes respuestas posibles:

  • Perform a low-level format on the hard disk

  • Use a degausser to re-align the magnetic storage material on the hard disk

  • Use a tool to overwrite files multiple times

  • Perform a high-level format on the hard disk

Explicación

Pregunta 22 de 25

1

An organization has received notice of a lawsuit related to activities in its operations department. How should the organization respond:

Selecciona una de las siguientes respuestas posibles:

  • Cease all purging activities until further notice

  • Alter retention schedules and begin purging the oldest information

  • Purge all information older than timelines specified in its retention schedule

  • Hire an outside organization to perform all purging activities

Explicación

Pregunta 23 de 25

1

An organization has experienced several virus infections on its desktop workstations. Which of the following remedies would NOT be effective to reduce virus infections?

Selecciona una de las siguientes respuestas posibles:

  • Install an anti-virus gateway web proxy server

  • Install anti-virus on its e-mail servers

  • Install anti-virus central management console

  • Install anti-virus on its web servers

Explicación

Pregunta 24 de 25

1

An organization has been made a party in a civil lawsuit. The organization is required to search its electronic records for specific memoranda. This process is known as:

Selecciona una de las siguientes respuestas posibles:

  • Subpoena

  • Search and seizure

  • Discovery

  • Electronic discovery

Explicación

Pregunta 25 de 25

1

An organization’s critical application is required to be continuously available, with only a few minutes’ per month of downtime allowed. What measure should the organization implement to assure this level of availability?

Selecciona una de las siguientes respuestas posibles:

  • Server clustering

  • Server clustering and data replication

  • Hot standby site

  • Data replication

Explicación