Security Principles and Practices Quiz

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does the 'I' in CIA stand for in the context of security?

  • Interception
  • Integrity (correct)
  • Implementation
  • Isolation

Which of the following is NOT one of the cornerstones of security according to the text?

  • Confidentiality
  • Availability
  • Authentication (correct)
  • Integrity

Why is ensuring availability important in security?

  • To prevent data alteration
  • To ensure information can be accessed by authorized users (correct)
  • To make sure unauthorized users can access information
  • To maintain confidentiality

In the context of security, what does AbbVie's sale of Humira® demonstrate?

<p>The significance of financial integrity (B)</p> Signup and view all the answers

What is meant by 'Authentication' in the context of a good security program?

<p>Ensuring the authenticity of someone's identity (C)</p> Signup and view all the answers

How are Confidentiality, Integrity, and Availability related in a security program?

<p>Ideally, they should be equally addressed, but in reality, they are not equal (A)</p> Signup and view all the answers

What does the principle of least privilege refer to?

<p>Limiting access rights for users to only required resources (B)</p> Signup and view all the answers

What is a common mistake related to the principle of least privilege mentioned in the text?

<p>Not including the 'and nothing more' part in the principle (A)</p> Signup and view all the answers

How does the text describe the impact of overly restrictive security rules?

<p>Slowing down network performance (A)</p> Signup and view all the answers

Why are the last three words ('and nothing more') important in the principle of least privilege?

<p>To ensure users have access beyond their requirements (C)</p> Signup and view all the answers

What is the primary objective behind implementing the principle of least privilege?

<p>To limit employees' access to essential resources only (B)</p> Signup and view all the answers

What could be a consequence of not adhering to the principle of least privilege according to the text?

<p>Increased security risks (C)</p> Signup and view all the answers

Who is responsible for classifying an incident?

<p>Users or administration staff (A)</p> Signup and view all the answers

What phase does the Incident Response (IR) plan move to once an incident is confirmed and classified?

<p>Reaction phase (D)</p> Signup and view all the answers

What should incident response procedures describe?

<p>Incidents descriptions/categories and responses (C)</p> Signup and view all the answers

What should the documentation of an incident record?

<p>The who, what, when, where, why, and how of each action taken (C)</p> Signup and view all the answers

When should the recovery process begin according to NIST SP 800-184?

<p>Immediately after the incident is contained (A)</p> Signup and view all the answers

Which tool is NOT mentioned in the text as part of incident response?

<p>Incident management system (A)</p> Signup and view all the answers

What supports the fundamental security goal of the Principle of Least Privilege?

<p>Everyone can do everything they need to do and nothing more (B)</p> Signup and view all the answers

What should a security professional be responsible for in an organization?

<p>Protecting information, making decisions about technologies, and considering legal and regulatory requirements (C)</p> Signup and view all the answers

What is the key aspect of the Prevent/Detect/Respond (PDR) approach mentioned in the text?

<p>Prevent as much as you can (D)</p> Signup and view all the answers

Why is Detection without response considered useless according to the text?

<p>Because it does not align with the Principle of Least Privilege (A)</p> Signup and view all the answers

What role does a security professional play in terms of communication with IT system administrators?

<p>Communicate effectively to ensure understanding of security measures (B)</p> Signup and view all the answers

Why is it important for a security professional to attend board of directors' meetings according to the text?

<p>To talk about security in terms directors understand (A)</p> Signup and view all the answers

What is the main focus of Directing in Information Security Governance?

<p>Creating directives, policies, and procedures from strategic to operational level (B)</p> Signup and view all the answers

Which Information Security Governance focus area involves aligning information security with business strategy?

<p>Strategic alignment (A)</p> Signup and view all the answers

What is one of the objectives of Information Security Governance?

<p>To ensure strategic direction of information security (D)</p> Signup and view all the answers

Which aspect does Controlling in Information Security Governance focus on?

<p>Monitoring and reporting compliance and performance (B)</p> Signup and view all the answers

What is the objective of managing and mitigating risks in Information Security Governance?

<p>Reduce risks to an acceptable level (B)</p> Signup and view all the answers

Which focus area of Information Security Governance involves planning, allocating, and controlling resources?

<p>Resource management (A)</p> Signup and view all the answers

Flashcards are hidden until you start studying

More Like This

Cybersecurity Principles: Separation of Privilege
18 questions

Cybersecurity Principles: Separation of Privilege

HearteningSolarSystem avatar
HearteningSolarSystem
Security Engineering Principles Quiz
18 questions

Security Engineering Principles Quiz

CourtlyBoolean avatar
CourtlyBoolean
Security Practices Violations Quiz
18 questions

Security Practices Violations Quiz

TrustingOnomatopoeia avatar
TrustingOnomatopoeia
Security Design Principles Quiz
28 questions

Security Design Principles Quiz

EnthusiasticString avatar
EnthusiasticString
Use Quizgecko on...
Browser
Open
Browser
Browser