Security Principles and Practices Quiz
30 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does the 'I' in CIA stand for in the context of security?

  • Interception
  • Integrity (correct)
  • Implementation
  • Isolation

    • Which of the following is NOT one of the cornerstones of security according to the text?

  • Confidentiality
  • Availability
  • Authentication (correct)
  • Integrity

    • Why is ensuring availability important in security?

  • To prevent data alteration
  • To ensure information can be accessed by authorized users (correct)
  • To make sure unauthorized users can access information
  • To maintain confidentiality

    • In the context of security, what does AbbVie's sale of Humira® demonstrate?

    <p>The significance of financial integrity</p> Signup and view all the answers

    What is meant by 'Authentication' in the context of a good security program?

    <p>Ensuring the authenticity of someone's identity</p> Signup and view all the answers

    How are Confidentiality, Integrity, and Availability related in a security program?

    <p>Ideally, they should be equally addressed, but in reality, they are not equal</p> Signup and view all the answers

    What does the principle of least privilege refer to?

    <p>Limiting access rights for users to only required resources</p> Signup and view all the answers

    What is a common mistake related to the principle of least privilege mentioned in the text?

    <p>Not including the 'and nothing more' part in the principle</p> Signup and view all the answers

    How does the text describe the impact of overly restrictive security rules?

    <p>Slowing down network performance</p> Signup and view all the answers

    Why are the last three words ('and nothing more') important in the principle of least privilege?

    <p>To ensure users have access beyond their requirements</p> Signup and view all the answers

    What is the primary objective behind implementing the principle of least privilege?

    <p>To limit employees' access to essential resources only</p> Signup and view all the answers

    What could be a consequence of not adhering to the principle of least privilege according to the text?

    <p>Increased security risks</p> Signup and view all the answers

    Who is responsible for classifying an incident?

    <p>Users or administration staff</p> Signup and view all the answers

    What phase does the Incident Response (IR) plan move to once an incident is confirmed and classified?

    <p>Reaction phase</p> Signup and view all the answers

    What should incident response procedures describe?

    <p>Incidents descriptions/categories and responses</p> Signup and view all the answers

    What should the documentation of an incident record?

    <p>The who, what, when, where, why, and how of each action taken</p> Signup and view all the answers

    When should the recovery process begin according to NIST SP 800-184?

    <p>Immediately after the incident is contained</p> Signup and view all the answers

    Which tool is NOT mentioned in the text as part of incident response?

    <p>Incident management system</p> Signup and view all the answers

    What supports the fundamental security goal of the Principle of Least Privilege?

    <p>Everyone can do everything they need to do and nothing more</p> Signup and view all the answers

    What should a security professional be responsible for in an organization?

    <p>Protecting information, making decisions about technologies, and considering legal and regulatory requirements</p> Signup and view all the answers

    What is the key aspect of the Prevent/Detect/Respond (PDR) approach mentioned in the text?

    <p>Prevent as much as you can</p> Signup and view all the answers

    Why is Detection without response considered useless according to the text?

    <p>Because it does not align with the Principle of Least Privilege</p> Signup and view all the answers

    What role does a security professional play in terms of communication with IT system administrators?

    <p>Communicate effectively to ensure understanding of security measures</p> Signup and view all the answers

    Why is it important for a security professional to attend board of directors' meetings according to the text?

    <p>To talk about security in terms directors understand</p> Signup and view all the answers

    What is the main focus of Directing in Information Security Governance?

    <p>Creating directives, policies, and procedures from strategic to operational level</p> Signup and view all the answers

    Which Information Security Governance focus area involves aligning information security with business strategy?

    <p>Strategic alignment</p> Signup and view all the answers

    What is one of the objectives of Information Security Governance?

    <p>To ensure strategic direction of information security</p> Signup and view all the answers

    Which aspect does Controlling in Information Security Governance focus on?

    <p>Monitoring and reporting compliance and performance</p> Signup and view all the answers

    What is the objective of managing and mitigating risks in Information Security Governance?

    <p>Reduce risks to an acceptable level</p> Signup and view all the answers

    Which focus area of Information Security Governance involves planning, allocating, and controlling resources?

    <p>Resource management</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser