Author: Anonymous

LAN Domain security policies center on issues concerning connectivity. Among the types of LAN control standards are __________, which describes the security requirements for identifying LAN-attached devices, and __________, which defines when and how a network is to be partitioned.

An important principle in information security is the concept of layered security, which is also called defense in depth. Which of the following is not an example of a layer of security?

True or False? A best practice for creating a data classification scheme is to classify data in the most effective manner that classifies the lowest-risk data first.

True or False? When implementing a patch, it is recommended that there be a back-out strategy in place in case the patch creates complications.

Of the following user types, which is responsible for evaluating an organization’s controls for design and effectiveness?

True or False? An over classification of data might indicate an unnecessarily costly means of securing data that is not as vital, whereas under classification suggests that the most vital data may not be sufficiently secured.

True or False? A best practice for creating a data classification scheme is to keep the classification simple; create no more than three to five data classes.

True or False? A data custodian has daily operational control over the use of resources and data.

An incident response team (IRT) utilizes particular tools and techniques to gather forensic evidence. A__________ articulates the manner used to document and protect evidence.

In the System/Application Domain, __________ describe how to write and test the security of applications.