Q1. The procedures associated with unfriendly terminations are generally no different from those associated with friendly ones.

a. True

b. False

Q2. The ____ plan should lay out a comprehensive strategy that will guard against the malicious actions of human beings in the workforce.

a. data security

b. personnel security

c. system security

d. resource security

Q3. Because a lot of IT work is ____, the personnel security process has to state explicit rules to ensure the security of contracted work.

a. insourced

b. outsourced

c. delayed

d. part-time

Q4. In the procedure associated with friendly termination, the user's ____ are removed first.

a. access privileges

b. object rights

c. system rights

d. logon privileges

Q5. Logically, the entry point into the process of assigning privileges to company roles is the ____ process.

a. role definition

b. personnel definition

c. job definition

d. technical definition

Q6. The first step to developing a ____ is a comprehensive inventory of all of the physical assets that fall within the protected space.

a. Operational Security Plan

b. Software Security Plan

c. Risk Management Plan

d. Physical Security Plan

Q7. ____ is the primary factor in a physical security plan because it dictates the form of physical access control.

a. Environment

b. Control

c. Access

d. Location

Q8. ____ methods include people-based solutions such as foot patrols and closed-circuit TV surveillance.

a. Intrusion elimination

b. Intrusion diversion

c. Intrusion detection

d. Intrusion misdirection

Q9. Most physical security plans are developed separately from the planning that defines the activities of the information security process.

a. True

b. False

Q10. There are normally three classes of items in each of the physical security management baselines: equipment, people, and the ____.

a. environment

b. process

c. procedures

d. technology

Q11. Audit-based intrusion detection depends on data in ____.

a. system files

b. memory

c. system logs

d. applications

Q12. Rules that define the boundaries of ____ are an essential factor in the establishment of a network security function.

a. access

b. trust

c. an organization

d. the network

Q13. The ____ approach to network security entails a partitioned or subdivided topology.

a. segmented

b. hub

c. spoke

d. ring

Q14. Consistency is always a threat to the operation of networks.

a. True

b. False

Q15. Switches and ____ are the physical components that interconnect the computers within a network.

a. routers

b. hubs

c. firewalls

d. proxies

Q16. Given the number of possible participants in the operations and maintenance process, the logical way to establish a formal security of operations function is through an organization-wide ____ activity.

a. enterprise continuity

b. data security

c. digital forensics

d. strategic planning

Q17. The purpose of the operational security plan is to organize and coordinate the company's security resources, in order to ensure reliable, day-to-day operational assurance of the business.

a. True

b. False

Q18. The ____ provides an unambiguous statement of how the company will coordinate and control its information security practice.

a. functional security plan

b. enterprise security plan

c. operational security plan

d. strategic security plan

Q19. ____ is a continuous process when it comes to ensuring the integrity of the security system.

a. Evaluation

b. Oversight

c. Management

d. Review

Q20. Threats are often identified before their actual impact is fully understood.

a. True

b. False

Q21. The deliberate control level of the capability maturity process is based on a ____.

a. systematic risk assessment

b. systematic vulnerability assessment

c. systematic incident assessment

d. systematic review

Q22. The ____ function is responsible for making certain that the individuals who perform specific information security tasks have all of the requisite knowledge, skills, and abilities to carry out their designated duties.

a. training

b. awareness

c. accountability

d. data security

Q23. Behavior that falls within the common norms of a group is known as ____ behavior.

a. acceptable

b. unacceptable

c. tolerable

d. functional

Q24. ____ refers to general or company-wide recognition of the existence of a security requirement or concept.

a. Attention

b. Awareness

c. Accountability

d. Training

Q25. ____ is the internal condition that activates or drives behavior.

a. Incentive

b. Awareness

c. Motivation

d. Training