Exam (elaborations)
Information Security And Assurance – WGU C725 - Practice Tests: Questions And Answers
- Course
- Institution
Information Security And Assurance – WGU C725 - Practice Tests: Questions And Answers
[Show more]
Content preview
Information Security And Assurance – WGU C725 -Practice Tests: Questions And Answers
What should be the role of the management in developing an information
security program?
A
It is mandatory.
B
It is limited to the sanctioning of funds.
C
It is not required at all.
D
It should be minimal. Right Ans - The role of the management in developing
an information security program is mandatory. The primary purpose of
security management is to protect the information assets of the organization.
Which type of security plan is designed to be a forwarding looking document
pointing out goals to achieve in a five-year time frame?
A
Operational
B
Tactical
C
Strategic Right Ans - A strategic plan focuses on five-year goals, missions,
and objectives. It is a fairly stable, long-term plan that defines an
organization's security purpose.
Answer A is incorrect. An operational plan is a highly-detailed, short-term
plan based on the strategic and tactical plans. It is updated monthly or
quarterly to retain compliance with tactical plans.
Answer B is incorrect. The tactical plan is a midterm plan that provides details
on accomplishing the goals defined in the strategic plan. It is useful for about a
year.
What is the primary objective of data classification schemes?
,A
To formalize and stratify the process of securing data based on assigned labels
of importance and sensitivity
B
To establish a transaction trail for auditing accountability
C
To manipulate access controls to provide for the most efficient means to grant
or restrict functionality
D
To control access to objects for authorized subjects Right Ans - The
primary objective of data classification schemes is to formalize and stratify the
process of securing data based on assigned labels of importance and
sensitivity.
Mark reads the following lines in the document from his workstation:
Access the Aspen Bridge by telnet.
Enter into privileged mode.
Execute command 6 and press Enter.
Load the config file.
Hit Run.
What type of document is Mark reading?
A
Security policy
B
Regulatory policy
C
Guideline
D
Procedure Right Ans - A procedure is a detailed, step-by-step how-to
document that specifies the exact actions required to implement a specific
security mechanism, control, or solution. A procedure can discuss the
complete system deployment operation or focus on a single product or aspect,
such as deploying a firewall or updating virus definitions. Procedures are
system and software specific in most cases.
,Answer A is incorrect. A security policy is a document that defines the scope of
security required by an organization.
Answer B is incorrect. A regulatory policy is used when industry or legal
standards are applied to the organization. It contains the regulations that the
organization must follow and defines the procedures that support compliance
of the same.
Answer C is incorrect. A guideline points to a statement in a policy or
procedure that helps determine a course of action.
What is defined in an acceptable use policy?
A
how users are allowed to employ company hardware
B
the method administrators should use to back up network data
C
the sensitivity of company data
D
which users require access to certain company data Right Ans - Answer A
is correct.
An acceptable use policy defines how users are allowed to employ company
hardware. For example, an acceptable use policy, which is sometimes referred
to as a use policy, might answer the following questions: Are employees
allowed to store personal files on company computers? Are employees
allowed to play network games on breaks? Are employees allowed to "surf the
Web" after hours?
An information policy defines the sensitivity of a company's data. In part, a
security policy defines separation of duties, which determines who needs
access to certain company information. A backup policy defines the procedure
that administrators should use to back up company information.
Which business role must ensure that all operations fit within the business
goals?
A
, data owner
B
business/mission owner
C
system owner
D
data custodian Right Ans - Answer B is correct.
The person in the business/mission owner role must ensure that all
operations fit within the business or mission goals.System and data owners
are responsible for ensuring that proper controls are in place to maintain the
integrity, confidentiality, and availability of the information.
The system owner is responsible for maintaining and protecting one or more
data processing systems. The role of a system owner includes the integration
of required security features into the applications and the purchase decision
of the applications. The system owner also ensures that the remote access
control, password management, and operating system configuration provide
the necessary security.
The data owner is typically part of management. The data owner controls the
process of defining IT service levels, provides information during the review
of controls, and is responsible for authorizing the enforcement of security
controls to protect the information assets of the organization. For example, a
business unit manager has the primary responsibility of protecting the
information assets by exercising due diligence and due care practices.
The data custodian is directly responsible for maintaining and protecting the
data. This role is typically delegated to the IT department staff and includes
implementing the organization security through the implementation and
maintenance of security controls. The data custodian role also includes the
following tasks:
Maintaining records of activity
Verifying the accuracy and reliability of the data
Backing up and restoring data on a regular basis
What process does a system use to officially permit access to a file or a
program?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Zendaya. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $29.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
81989 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now