422 ◾ Appendix: Answers to Review Questions
© 2011 by Taylor & Francis Group, LLC
e correct answer is a. Governance identies and enumerates all relevant
security compliance requirements. ese may include legislation, regulation,
directives, instructions, contractual obligations, and good business practice.
e planning function determines the appropriate steps to take to estab-
lish and maintain compliance. e results of planning will include a list of
necessary policies, standards, procedures, and guidelines that convey expected
behavior within the organization to establish and maintain compliance.
Implementation takes the policies, standards, procedures, and guidelines
and inserts them into enterprise daily activities. Deployment makes compli-
ance part of daily operations throughout the enterprise.
e role of adjudication is to resolve these conicts in the best interest of
the stakeholders and the enterprise.
14. Which of the following is false about system hardening?
a. System hardening is the elimination of known vulnerabilities, exploits,
and generally turning o or uninstalling unnecessary functions.
b. Each operating system, each version of the same operating system, and
each patch release of the same operating system may have a dierent pro-
cedure for hardening the system.
c. Disabling unused services will require OS parameter changes at the kernel
or registry level, or modications to services that initiate or run at startup.
d. None of the above.
e correct answer is d. System hardening is the elimination of known vul-
nerabilities, exploits, and generally turning o or uninstalling unnecessary
functions. Each operating system, each version of the same operating system,
and each patch release of the same operating system may have a dierent pro-
cedure for hardening the system. Disabling unused services will require OS
parameter changes at the kernel or registry level, or modications to services
that initiate or run at startup.
15. What is the dierence between legislative management and litigation
management?
a. Litigation management is the use of lobby groups by senior management
to establish working relationships with the local judiciary, and legislation
management is the use of lobby groups with Congress to inuence the
content of security laws.
b. Legislative management attempts to avoid litigation, and litigation man-
agement intends to minimize the negative eects on an organization in
the event of an incident.
c. Litigation management involves establishing working relationships
between senior management, security personnel, and the enterprise legal
Appendix: Answers to Review Questions ◾ 423
© 2011 by Taylor & Francis Group, LLC
department, and legislative management is the result of this working
relationship.
d. Litigation management comes before legislative management.
e correct answer is b. Legislative management addresses compliance with
legislation and attempts to avoid litigation through safeguarding against the
occurrence of incidents. e complement to legislative management is liti-
gation management, where the intent of litigation management is to mini-
mize the negative eects on the organization in the event of an incident that
leads to litigation.
16. Which of the following is a true statement about digital policy management
(DPM)?
a. A digital policy infrastructure is the collection of policy managers, policy
clients, PDPs, and PEPs.
b. DPM is the process of creating and disseminating information tech-
nology (IT) policies.
c. DPM is the automated enforcement of policy on the network.
d. None of the above.
e correct answer is c. Digital policy management (DPM) is the automated
enforcement of policy on the network. A digital policy infrastructure is the
collection of policy managers, policy clients, PDPs, and PEPs. Note: While
the latter sentence is true, this speaks to digital policy infrastructure, not
DPM.
17. e most dangerous type of malware is
a. A spear phishing attack because it targets a specic weakness in people.
b. A zero-day exploit because it tries to exploit unknown or undisclosed
vulnerabilities.
c. A physical breach because it is the hardest to see coming.
d. An insider threat using a USB thumb-sucker attack because of unique
knowledge of the enterprise.
e correct answer is b. e detection safeguards assist in detecting known
threats (e.g., malware with known signatures); however, the most danger-
ous malware is a zero day exploit. A zero day threat or attack tries to exploit
unknown or undisclosed vulnerabilities.
18. Which of the following statements about bots is false?
a. A bot is a type of malware that performs a specic function as directed
by the bot herder.
b. A bot is a term for software robot.
424 ◾ Appendix: Answers to Review Questions
© 2011 by Taylor & Francis Group, LLC
c. Successful penetration of a PC by a bot makes that PC part of a botnet.
d. A bot has a limited lifetime, typically less than 60 days, and must perform
its nefarious activities before it removes itself from the infected system.
e correct answer is d. A bot is a term for a software robot; exposure to bots
is one type of vulnerability. Successful penetration of a PC by a bot makes
that PC part of a botnet, or a network of software robots. at bot may then
transmit to other computers on the Internet according to the direction of the
master program (bot controller, also known as a bot herder) directing the bots.
e bot may lay dormant until invoked by the controller.
19. What is the purpose of security policies?
a. To provide a description of acceptable behavior within the enterprise
b. To clearly convey the uses for security services and mechanisms within the
enterprise
c. To exert control over the organization by the security department
d. To provide a description of acceptable behavior with the intent of mini-
mizing risk to the organization
e correct answer is d. Security policies provide a description of acceptable
behavior with the intent of minimizing risk to the organization: risk that may
occur in the form of legislative and regulatory compliance, technical risk,
environmental risk (e.g., clean and safe work environment), and the execution
of processes and tasks.
20. Which of the following is not a type of anomaly?
a. Breach
b. Event
c. Incident
d. Attack
e correct answer is a. A breach is a type of incident that may or may not be
an attack.
Chapter 4: Understanding Business Continuity
Planning (BCP), Disaster Recovery Planning (DRP),
and Continuity of Operations Planning (COOP)
1. Which one of the following is not a benet of developing a disaster recov-
ery plan?
a. Reducing disruptions to operations
b. Training personnel to perform alternate roles
Appendix: Answers to Review Questions ◾ 425
© 2011 by Taylor & Francis Group, LLC
c. Minimizing decision making during a disastrous event
d. Minimizing legal liability and insurance premiums
e correct answer is b. Answers a, c, and d are benets of developing a DRP.
2. A business continuity policy should be reviewed and re-evaluated
a. Annually in light of management’s strategic vision
b. Biannually in preparation for an audit review
c. Whenever critical systems are outsourced
d. During implementation of system upgrades
e correct answer is a. Each year, a policy should be reviewed and re-evalu-
ated in light of the strategic vision management sets for the organization and
the business continuity program.
3. Which of the following is a key phase of BC and DR plans?
a. Damage assessment
b. Personnel evacuation
c. Emergency transportation
d. Emergency response
e correct answer is d. e four key phases of BC and DR plans are pre-
disaster, emergency response, recovery, and post-recovery.
4. e vitally important issue for emergency response is
a. Calling emergency services
b. Protecting the corporate image
c. Accounting for employees
d. Employee evacuation
e correct answer is c. Accounting for employees is vitally important.
5. e third stage in the development of business continuity plans is
a. Dene Business Continuity Management strategy.
b. Exercise, review, and maintain the policy.
c. Understand the organization.
d. Develop and implement the BCM policy.
e correct answer is d. e third of four distinct stages in the development
of BC plans is develop and implement the BCM policy.
426 ◾ Appendix: Answers to Review Questions
© 2011 by Taylor & Francis Group, LLC
6. Which one of the following is not required for understanding the organiza-
tion? Understanding the organization’s
a. Organization chart
b. Risk appetite
c. Information technology infrastructure
d. Core business functions
e correct answer is a. Answers b, c, and d are required to understand the
organization.
7. Key milestones in developing the project plan and governance include all of
the below except
a. Risk analysis
b. Data gathering
c. Audit approval
d. Training, education, and awareness
e correct answer is c. Audit approval is not a key milestone.
8. e output of a business impact analysis is
a. A prioritized list of critical data
b. A prioritized list of sensitive systems
c. e recommendation for alternate processing
d. e scope of the business continuity plan
e correct answer is a. e output of the BIA step is a prioritized list of critical
data, roles, and IT resources that support your organization’s business processes.
9. When a critical system cannot function at an acceptable level without input
from a system on which it is dependent, which of the following statements is
incorrect?
a. e system on which it is dependent is at a higher priority.
b. e system on which it is dependent is at a lower priority.
c. e system on which it is dependent is at the same priority.
d. e critical system feeds a lower priority system.
e correct answer is b. It will not work for one system to have a higher prior-
ity than another system on which it critically depends, unless it can continue
to function without the dependency at an acceptable level.
10. People-based threats include
a. eft, whitelisting, industrial action
b. Industrial action, blacklisting, pandemics
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.