Professional Documents
Culture Documents
1. In what section of the remote access policy document you created in the lab did
you describe the organization-wide implementation of the remote access policy?
The Purpose/Objectives section
The Standards section
The Procedures section
The Guidelines section
4 points
QUESTION 2
1. Apathy toward policies, clicking on an embedded URL or unknown e-mail
attachment within an e-mail message, and the loss of productivity by surfing the Web
during work hours are all considered risks and threats of the:
WAN Domain
User Domain.
Workstation Domain.
LAN Domain.
4 points
QUESTION 3
1. In the lab, you defined the information systems security responsibility for each of
the seven domains of a typical IT infrastructure. In which domain are you most likely to
find an acceptable use policy (AUP), a confidentiality agreement, background checks on
employees, and disciplinary actions?
User Domain
Workstation Domain
WAN Domain
Remote Access Domain
4 points
QUESTION 4
1. Which of the following should be updated to ensure the organization understands
the effects of a business outage.
The business continuity plan (BCP)
The business impact analysis (BIA)
The recovery point objective (RPO)
The recovery time objective (RTO)
4 points
QUESTION 5
1. Based on your work in the lab, to which policy definition does the following policy
statement apply?
The company’s most critical business functions should not be allowed to remain
interrupted for more than two days. Given adequate planning, testing, and failure-ready
infrastructure, the company should resume operations as soon as possible after a
catastrophic outage.
Business continuity: Business impact analysis (BIA)
Business continuity and disaster recovery
Asset protection
Production data backup
4 points
QUESTION 6
1. Overlapping policies:
should be avoided.
is redundant and wastes valuable
resources.
costs an organization too much money.
provides defense in depth.
4 points
QUESTION 7
1. To be sure your security awareness training policy is effective, it should:
be applicable to all audiences.
speak directly to the target audience.
include technical terms to impress the target audience.
identify the security mistakes made by each member of the target audience.
4 points
QUESTION 8
1. The purpose of an acceptable use policy (AUP) is to establish the rules for:
an individual user who poses a threat.
making an executive decision.
a specific group of employees.
a specific system, network, or Web site.
4 points
QUESTION 9
1. How many domains are in the typical IT infrastructure?
Three
Five
Seven
Ten
4 points
QUESTION 10
1. Based on your work in the lab, to which policy definition does the following policy
statement apply?
Users are not allowed to connect personal devices which are not issued by the
company. Users are not allowed to run applications without business justification and
expressed written authorization. Users are permitted to access Internet content during
non-working hours.
Internet ingress/egress traffic and Web content filter
Access control
Asset protection
Remote access Virtual Private Network (VPN)
4 points
QUESTION 11
1. Which of the following statements is true regarding Internet use and e-mail use?
Internet use and e-mail use are relatively unimportant and so infrequently abused
by employees that they are not worth covering in an acceptable use policy.
Federal law prohibits Internet use and e-mail use from being covered in an
acceptable use policy.
Internet use and e-mail use can be added to the scope of an acceptable use policy,
or they can be stand-alone policies within the User Domain.
Compliance laws stipulate how and when Internet use and e-mail use should be
covered in an acceptable use policy.
4 points
QUESTION 12
1. Based on your work in the lab, to which policy definition does the following policy
statement apply?
The company’s most critical business processes and functions must be identified and
assessed to facilitate disaster recovery and business continuity planning.
Business continuity: Business impact analysis (BIA)
Business continuity and disaster recovery
Asset protection
Production data backup
4 points
QUESTION 13
1. In your Lab Report file, you wrote an IT security definition for one of the gaps you
had not previously identified a policy for by:
outlining the chain of command for the security process.
determining the most likely avenue for attack.
suggesting how to mitigate the risk involved.
recommending who would be responsible for any loss.
4 points
QUESTION 14
1. To be sure your security awareness training policy is effective, it should:
be applicable to all audiences.
speak directly to the target audience.
include technical terms to impress the target audience.
identify the security mistakes made by each member of the target audience.
4 points
QUESTION 15
1. In which step of the incident response methodology is the goal to restore the
system to normal operations?
Containment
Remediation
Recovery
Aftermath
4 points
QUESTION 16
1. If you are reacting to a malicious software attack, such as a virus and its spread,
during which step in the incident response process are you attempting to minimize its
spreading?
Detection
Containment
Recovery
Aftermath
4 points
QUESTION 17
1. Which of the following are considered high-level documents that answer the
“what” questions?
Policies
Standards
Guidelines and procedures
Regulations
4 points
QUESTION 18
1. Which of the following areas of the organization is responsible for establishing
the policy commitment and implementation for the entire organization?
Executive Management
Supervisory-Level Management
Human Resources
IT Security Policy Enforcement Monitoring
4 points
QUESTION 19
1. Which of the following documents answer the “how” questions?
Policies
Standards
Guidelines and procedures
Regulations
4 points
QUESTION 20
1. The Health Insurance Portability and Accountability Act (HIPAA) requires a(n)
__________ approach to policy development.
cost-based
risk-based
vulnerability-based
employee-based
4 points
QUESTION 21
1. The purpose of a business impact analysis (BIA) is to assess and align affected
IT systems, applications, and resources to their required:
business continuity plans (BCPs).
disaster recovery plans (DRPs).
recovery point objectives (RPOs).
recovery time objectives (RTOs).
4 points
QUESTION 22
1. Which of the following statements is true regarding appropriate organization
action for employees who may be in violation of an organization’s acceptable use policy
(AUP)?
Reprimanding or reminding an employee of the AUP has proven to be an
insufficient response.
An employee who continues to violate an AUP may require disciplinary action.
An employee cannot be terminated for the violation of an organization’s AUP no
matter how many times the infractions occur.
AUPs are unenforceable at the organization level and can only be dealt with by law
enforcement.
4 points
QUESTION 23
1. Which of the following refers to the movement and location of physical evidence
from the time it is obtained until the time it is presented in court?
Sequence of evidence
Domain of evidence
Chain of custody
Evidence succession
4 points
QUESTION 24
1. Which of the following statements is true regarding implementing your business
continuity plan (BCP)?
Implementing your BCP is not ultimately affected by the level of executive
management’s support.
You should only attempt to obtain executive management approval for your BCP
after it has been completed.
You should clarify the costs associated with any lasting disruptions to business with
executive management.
Executive management will most likely not understand the pressing need for every
business to have a BCP to protect itself.
4 points
QUESTION 25
1. Compliance laws, such as the Health Insurance Portability and Accountability Act
(HIPAA) and the Gramm-Leach-Bliley Act (GLBA) dictate the need to have proper
__________ throughout an organization.
security controls
antivirus software
employee drug testing
employee screening
Which of the following should be updated to ensure the organization
understandsthe effects of a business outage.
Correct Answer:
Correct Seven
Question 2
0 out of 4 points
In the lab, you defined the information systems security responsibility for each of
the seven domains of a typical IT infrastructure. In which domain would you be
most likely to secure access through the Internet and from employees’ homes?
Correct Answer:
Question 3
0 out of 4 points
Which of the following refers to the movement and location of physical evidence
from the time it is obtained until the time it is presented in court?
Correct Answer:
Question 4
4 out of 4 points
In the lab, you assigned a factor of Critical, Major, Minor, or None to each
function or process in the ____ column.
Correct Answer:
Question 5
4 out of 4 points
Correct Answer:
Correct the same person can perform and hide a specific action or task from an
organization.
Question 6
4 out of 4 points
In the lab, you identified an appropriate policy definition that might ____ the
risks, threats, and vulnerabilities of health care IT infrastructure.
Correct Answer:
Correct mitigate
Question 7
0 out of 4 points
Correct Answer:
Correct Chief Technology Officer (CTO)
Question 8
4 out of 4 points
Correct Answer:
Question 9
0 out of 4 points
Which of the following statements is true regarding Internet use and e-mail use?
Correct Answer:
Correct Internet use and e-mail use can be added to the scope of an acceptable
use policy, or they can be stand-alone policies within the User Domain.
Question 10
4 out of 4 points
In the lab, you identified an appropriate policy definition that might ____ the
risks, threats, and vulnerabilities of health care IT infrastructure.
Correct Answer:
Correct mitigate
Question 11
0 out of 4 points
Which of the following can affect an employee’s sense of job security, purpose,
and potential to contribute to the company’s success, all of which can make an
employee feel dissatisfied or apathetic?
Correct Answer:
Question 12
4 out of 4 points
Correct Answer:
Question 13
4 out of 4 points
In which step of the incident response methodology do you find out all
communication channels used by the attacker and block them on all your
network boundaries?
Correct Answer:
Correct Remediation
Question 14
4 out of 4 points
Which of the following can affect an employee’s sense of job security, purpose,
and potential to contribute to the company’s success, all of which can make an
employee feel dissatisfied or apathetic?
Correct Answer:
Question 15
4 out of 4 points
Correct Answer:
Question 16
4 out of 4 points
Based on your work in the lab, to which policy definition does the following
policy statement apply?
Correct Answer:
Question 17
4 out of 4 points
Based on your work in the lab, to which policy definition does the following
policy statement apply?
Correct Answer:
Question 18
4 out of 4 points
Correct Answer:
Question 19
4 out of 4 points
Correct Answer:
Correct confidentiality
Question 20
4 out of 4 points
Which of the following outlines recovery steps so that operations may continue
when mission-critical functions are at risk or jeopardized?
Correct Answer:
Question 21
4 out of 4 points
Correct Answer:
Correct Every incident response should be treated with the assumption that
evidence documentation is required.
Question 22
0 out of 4 points
Based on your work in the lab, to which policy definition does the following
policy statement apply?
The company’s most critical business processes and functions must be identified
and assessed to facilitate disaster recovery and business continuity planning.
Correct Answer:
Question 23
4 out of 4 points
Separation of duties is a security control whereby the same person:
Correct Answer:
Question 24
0 out of 4 points
Correct Answer:
Correct You should clarify the costs associated with any lasting disruptions to
business with executive management.
Question 25
0 out of 4 points
In the lab, you defined the information systems security responsibility for each of
the seven domains of a typical IT infrastructure. In which domain are you most
likely to find service provider service level agreements (SLAs), managed security
services, monitoring, and reporting?
Correct Answer:
Scope
Standards
Procedures
10 points
QUESTION 2
1. In which step of the incident response methodology is the goal to document the
incident’s details, retail collected data, and identify the improvements?
Containm
ent
Remediati
on
Recovery
Aftermath
10 points
QUESTION 3
1. In which step of the incident response methodology do you establish contacts, define
procedures, gather information, and get familiar with intrusion detection tools to save time
during an attack?
Preparatio
n
Identificati
on
Containm
ent
Remediati
on
10 points
QUESTION 4
1. In your Lab Report file, you described the need for a security or computer incident
response team policy definition that addresses the __________ the CIRT response team
members during an incident response emergency.
most frequent evidence handling
mistakes of
delegation of authority to
10 points
QUESTION 5
1. According to the University of Winnipeg Incident Response Procedures, which of the
following is the sole communications link with relevant parties/departments in order to
minimize confusion and possible reporting of misinformation?
Chief Technology Officer
(CTO)
Information Security
Officer
Security services
Legal counsel
10 points
QUESTION 6
1. Which of the following refers to the movement and location of physical evidence from
the time it is obtained until the time it is presented in court?
Sequence of
evidence
Domain of
evidence
Chain of custody
Evidence
succession
10 points
QUESTION 7
1. In which section of the computer incident response policy you created in the lab did
you define and incorporate the six-step incident response approach along with how the
chain of custody must be maintained throughout any evidence collection process?
Purpose/Object
ives
Scope
Standards
Procedures
10 points
QUESTION 8
1. In which step of the incident response methodology do you mitigate the attack
effects on the neighboring IT resources?
Identificati
on
Containm
ent
Remediati
on
Recovery
10 points
QUESTION 9
1. In which step of the incident response methodology is the goal to restore the system
to normal operations?
Containm
ent
Remediati
on
Recovery
Aftermath
10 points
QUESTION 10
1. Which step of the incident response methodology includes setting up a reasonable
set of defenses/controls, creating a set of procedures to deal with incidents, obtaining the
resources and personnel necessary to deal with the problem, and establishing an
infrastructure to support incident response?
Preparati
on
Detection
Containm
ent
Remediati
on
10 points
QUESTION 11
1. According to the University of Winnipeg Incident Response Procedures, which of the
following is responsible for confirming incidents and coordinating resources to handle them?
Chief Technology Officer
(CTO)
Information Security
Officer
Security services
Legal counsel
10 points
QUESTION 12
1. In which step of the incident response methodology do you detect the incident,
determine its scope, and involve the appropriate parties?
Preparatio
n
Identificati
on
Containm
ent
Remediati
on
10 points
QUESTION 13
1. According to the University of Winnipeg classification of incident levels, which of the
following categories refers to incidents that are completely unexpected and result in
extreme disruption/loss to core services and the ability to meet mission objectives?
Low
Mediu
m
High
Critica
l
10 points
QUESTION 14
1. Which step of the incident response methodology might include actions such as
disconnecting the compromised area from the network, isolating the source of the attack,
disconnecting the affected computer(s) in order to perform further investigation, or
terminating unwanted connections or processes on affected machines?
Identificati
on
Containm
ent
Remediati
on
Recovery
10 points
QUESTION 15
1. According to the University of Winnipeg classification of incident levels, which of the
following categories refers to incidents that result in little to no loss of sensitive information,
little or very limited impact operations, and minimal risk of negative financial impact?
Low
Mediu
m
High
Critica
l
10 points
QUESTION 16
1. If you are reacting to a malicious software attack, such as a virus and its spread,
during which step in the incident response process are you attempting to minimize its
spreading?
Detection
Containm
ent
Recovery
Aftermath
10 points
QUESTION 17
1. Which of the following statements is true regarding the information used in
responding to and handling an incident?
The provider of the incident response information and the consumer of the incident
response information are the same party.
Senior management possesses the subject matter expertise to handle the incident but
does not approve the response policy and budget.
It is up to the incident response team to either give or deny approval and make the
decisions that might impact business.
Management remains the consumer and chief decider, based on information provided
to it by the experts.
10 points
QUESTION 18
1. In which section of the computer incident response policy you created in the lab did
you define the security incident response team members and the authorization and
authority granted to them during a crisis or securing incident situation?
Purpose/Object
ives
Scope
Standards
Procedures
10 points
QUESTION 19
1. In which step of the incident response methodology do you find out all
communication channels used by the attacker and block them on all your network
boundaries?
Containm
ent
Remediati
on
Recovery
Aftermath
10 points
QUESTION 20
1. Which of the following statements is true regarding the handling of physical evidence
during an incident response?
It will be known from the very beginning of any incident whether the case will or will not become a c
Every incident response should be treated with the assumption that evidence documentation is req
It is simply not feasible to preserve and document physical evidence throughout an entire incident r
Quiz Instructions
This quiz contains 20 multiple-choice questions. For each question, select the correct answer and click the
answers, click the "Submit all and finish" button.
Results Feedback
Displaye
d
Question 1
0 out of 10 points
In which section of the computer incident response policy you created in the lab did you
describe what access and authority are granted to the incident response team members
that may be outside of standard protocol?
Question 2
10 out of 10 points
In which step of the incident response methodology is the goal to document the
incident’s details, retail collected data, and identify the improvements?
Question 3
10 out of 10 points
In which step of the incident response methodology do you establish contacts, define
procedures, gather information, and get familiar with intrusion detection tools to save
time during an attack?
Question 4
10 out of 10 points
In your Lab Report file, you described the need for a security or computer incident
response team policy definition that addresses the __________ the CIRT response team
members during an incident response emergency.
Question 5
0 out of 10 points
According to the University of Winnipeg Incident Response Procedures, which of the
following is the sole communications link with relevant parties/departments in order to
minimize confusion and possible reporting of misinformation?
Question 6
10 out of 10 points
Which of the following refers to the movement and location of physical evidence from the
time it is obtained until the time it is presented in court?
Question 7
0 out of 10 points
In which section of the computer incident response policy you created in the lab did you
define and incorporate the six-step incident response approach along with how the chain
of custody must be maintained throughout any evidence collection process?
Question 8
0 out of 10 points
In which step of the incident response methodology do you mitigate the attack effects on
the neighboring IT resources?
Question 9
10 out of 10 points
In which step of the incident response methodology is the goal to restore the system to
normal operations?
Question 10
10 out of 10 points
Which step of the incident response methodology includes setting up a reasonable set of
defenses/controls, creating a set of procedures to deal with incidents, obtaining the
resources and personnel necessary to deal with the problem, and establishing an
infrastructure to support incident response?
Question 11
0 out of 10 points
According to the University of Winnipeg Incident Response Procedures, which of the
following is responsible for confirming incidents and coordinating resources to handle
them?
Question 12
10 out of 10 points
In which step of the incident response methodology do you detect the incident,
determine its scope, and involve the appropriate parties?
Question 13
10 out of 10 points
According to the University of Winnipeg classification of incident levels, which of the
following categories refers to incidents that are completely unexpected and result in
extreme disruption/loss to core services and the ability to meet mission objectives?
Question 14
10 out of 10 points
Which step of the incident response methodology might include actions such as
disconnecting the compromised area from the network, isolating the source of the attack,
disconnecting the affected computer(s) in order to perform further investigation, or
terminating unwanted connections or processes on affected machines?
Question 15
0 out of 10 points
According to the University of Winnipeg classification of incident levels, which of the
following categories refers to incidents that result in little to no loss of sensitive
information, little or very limited impact operations, and minimal risk of negative financial
impact?
Question 16
10 out of 10 points
If you are reacting to a malicious software attack, such as a virus and its spread, during
which step in the incident response process are you attempting to minimize its
spreading?
Question 17
0 out of 10 points
Which of the following statements is true regarding the information used in responding to
and handling an incident?
Question 18
0 out of 10 points
In which section of the computer incident response policy you created in the lab did you
define the security incident response team members and the authorization and authority
granted to them during a crisis or securing incident situation?
Question 19
10 out of 10 points
In which step of the incident response methodology do you find out all communication
channels used by the attacker and block them on all your network boundaries?
Question 20
10 out of 10 points
Which of the following statements is true regarding the handling of physical evidence
during an incident response?
QUESTION 1
1. Which of the following statements is true regarding policy?
Policy should not need modification unless a major shift in corporate values or
business process occurs.
10 points
QUESTION 2
1. Which of the following are considered high-level documents that answer the “what” questions?
Policies
Standards
Guidelines and
procedures
Regulations
10 points
QUESTION 3
1. In the lab, you identified an appropriate policy definition that might __________ the risks,
threats, and vulnerabilities of health care IT infrastructure.
classif
y
organi
ze
clarify
mitiga
te
10 points
QUESTION 4
1. In your Lab Report file, you aligned each of the risks, threats, and vulnerabilities that had been
identified in a health care IT infrastructure to the:
domain impacted.
policy impacted.
level of impact.
likelihood of
occurrence.
10 points
QUESTION 5
1. According to the SANS Institute, a __________ is typically a collection of system specific or
procedural specific “suggestions” for best practice.
regulati
on
guidelin
e
standar
d
policy
10 points
QUESTION 6
1. An organization should conduct security awareness training that includes an overview of the
organization’s policies:
only during an employee’s
orientation.
annually.
every three years.
every five years.
10 points
QUESTION 7
1. A company’s IT infrastructure can be divided in a logical manner to more easily sort the risks
by using the:
seven IT domains.
IT infrastructure
framework.
business continuity
guidelines.
10 points
QUESTION 8
1. According to the SANS Institute, a __________ is typically a collection of system-specific or
procedural-specific requirements that must be met by everyone.
regulati
on
guidelin
e
standar
d
policy
10 points
QUESTION 9
1. In the lab, which of the following Web sites did you review to determine the components of an
information systems security policy?
www.microsoft.com
www.infosyspolicy.org
www.continuitycomplian
ce.org
www.bestpolicypractice.
org
10 points
QUESTION 10
1. In any company, a(n) __________ helps to mitigate the risks and threats the business
encounters.
IT infrastructure
impact analysis
vulnerability
inventory
security policy
10 points
QUESTION 11
1. What policy definition defines the standards, procedures, and guidelines for how employees
are to be granted and authorized access to internal IT resources through the public Internet?
10 points
QUESTION 12
1. According to the SANS Institute, a __________ is typically a document that outlines specific
requirements or rules that must be met and are usually point-specific, covering a single area?
regulati
on
guidelin
e
standar
d
policy
10 points
QUESTION 13
1. What policy definition can help remind employees in the User Domain about what constitutes
suitable use and improper use of corporate IT resources?
10 points
QUESTION 14
1. The purpose of domains in a typical IT infrastructure is to:
control the activities and behaviors of employees and limit their
accessibility to certain domains.
help organize the roles, responsibilities, and accountabilities for risk
management and risk mitigation.
identify the domains most likely to be attacked and the relative cost and
impact of potential attacks.
define the policies that will eliminate all possibilities and avenues of
attack.
10 points
QUESTION 15
1. In the lab, you organized your security policies and the definitions you selected so that they
could be used as part of a framework for a:
guidelines document.
vulnerability assessment.
10 points
QUESTION 16
1. Which of the following documents answer the “how” questions?
Policies
Standards
Guidelines and
procedures
Regulations
10 points
QUESTION 17
1. In your Lab Report file, you used the SANS Institute document referred to as __________ to
describe the basic requirements of policies, their benefits, the control factors, and policies every
organization needs.
10 points
QUESTION 18
1. What policy definition is required to restrict and prevent unauthorized access to organization-
owned IT systems and applications?
10 points
QUESTION 19
1. Which of the following statements is true regarding guidelines?
Guidelines should not need modification unless a major shift in corporate values or
business process occurs.
10 points
QUESTION 20
1. Which of the following are considered high-level documents that answer the “why” questions?
Policies
Standards
Guidelines and
procedures
Regulations
Question 1
0 out of 10 points
Which of the following statements is true regarding policy?
Question 2
0 out of 10 points
Which of the following are considered high-level documents that answer the “what” questions?
Question 3
10 out of 10 points
In the lab, you identified an appropriate policy definition that might __________ the risks, threats,
and vulnerabilities of health care IT infrastructure.
Question 4
10 out of 10 points
In your Lab Report file, you aligned each of the risks, threats, and vulnerabilities that had been
identified in a health care IT infrastructure to the:
Question 5
10 out of 10 points
According to the SANS Institute, a __________ is typically a collection of system specific or
procedural specific “suggestions” for best practice.
Question 6
10 out of 10 points
An organization should conduct security awareness training that includes an overview of the
organization’s policies:
Question 7
10 out of 10 points
A company’s IT infrastructure can be divided in a logical manner to more easily sort the risks by
using the:
Question 8
10 out of 10 points
According to the SANS Institute, a __________ is typically a collection of system-specific or
procedural-specific requirements that must be met by everyone.
Question 9
0 out of 10 points
In the lab, which of the following Web sites did you review to determine the components of an
information systems security policy?
Question 10
10 out of 10 points
In any company, a(n) __________ helps to mitigate the risks and threats the business encounters.
Question 11
0 out of 10 points
What policy definition defines the standards, procedures, and guidelines for how employees are to
be granted and authorized access to internal IT resources through the public Internet?
Question 12
10 out of 10 points
According to the SANS Institute, a __________ is typically a document that outlines specific
requirements or rules that must be met and are usually point-specific, covering a single area?
Question 13
0 out of 10 points
What policy definition can help remind employees in the User Domain about what constitutes
suitable use and improper use of corporate IT resources?
Question 14
10 out of 10 points
The purpose of domains in a typical IT infrastructure is to:
Question 15
10 out of 10 points
In the lab, you organized your security policies and the definitions you selected so that they could
be used as part of a framework for a:
Question 16
10 out of 10 points
Which of the following documents answer the “how” questions?
Question 17
10 out of 10 points
In your Lab Report file, you used the SANS Institute document referred to as __________ to describe
the basic requirements of policies, their benefits, the control factors, and policies every
organization needs.
Question 18
0 out of 10 points
What policy definition is required to restrict and prevent unauthorized access to organization-
owned IT systems and applications?
Question 19
0 out of 10 points
Which of the following statements is true regarding guidelines?
Question 20
10 out of 10 points
Which of the following are considered high-level documents that answer the “why” questions?