Blog

The NIST SP 800-53, “Recommended Security Controls for Federal Information Systems,” was written using a popular risk management approach. Which of the following control areas best fits this description: “This is the area in which information and information system flaws are identified, reported, and corrected in a timely manner”?

Which of the following is a popular industry standard for establishing and managing an IT security program, and which outlines 15 main areas that compose the framework?

Which of the following is not a type of control partner?

In April 2018, an attacker gained access to the NASA Jet Propulsion Laboratory by targeting an unauthorized Raspberry Pi. The Raspberry Pi attack went undetected for 10 months. The perpetrator stole approximately 500 megabytes of data. To which of the following causes was this successful attack attributed?

True or False? Regarding policy violations, a consequence model is intended to be punitive for individuals.

Bill is promoted to a position that has an elevated level of trust. He started with the organization in an entry-level position, and then moved to a supervisory position and finally to a managerial role. This role entails that the employee trains other employees and has a deep understanding of how the department functions. Which of the following actions should be taken that provide adequate access for Bill without making him a target of suspicious activity?

Regarding the Target breach in 2013, significant weaknesses in the information security framework and its related controls were present. Which of the following likely did not play a role in the Target breach?

True or False? The dollars spent for security measures to control or contain losses should never be less than the estimated dollar loss if something goes wrong.

Which of the following provides temporary elevated access to unprivileged users?

An acceptable use policy (AUP) defines the intended uses of computers and networks. This policy delimits unacceptable uses and the consequences for policy violation. Which of the following is not likely to be found in an AUP?