Adequate Security and Administrative Controls

Questions and Answers

What is the primary objective of adequate security?

• To implement only technical controls
• To restrict access to all information
• To prevent all possible risks
• To ensure security commensurate with the risk and the magnitude of harm (correct)

What type of control typically involves policy and procedures?

• Administrative control (correct)
• Logical control
• Physical control
• Technical control

What is an example of an adverse event?

• Network packet optimization
• Execution of malicious code that destroys data (correct)
• Successful login to a system
• Regular system backup

What is the primary function of an application server?

Hosting applications to user workstations (A)

What is the ability of computers and robots to simulate human intelligence and behavior?

Artificial intelligence (A)

What is an example of an asset in an organization?

A company's building (D)

What is the primary purpose of authentication?

To protect against fraudulent transmissions by establishing validity (C)

What is a biometric?

A biological characteristic of an individual, such as a fingerprint (C)

What is a breach?

Unauthorized access to personally identifiable information (D)

What is the purpose of a Business Impact Analysis (BIA)?

To analyze system contingency requirements and priorities in the event of a disruption (B)

What is the primary purpose of authorization?

To grant permission to access a system resource (B)

What is a byte?

A unit of digital information that consists of eight bits (C)