Blog

A major software company finds that code has been executed on an infected machine in its operating system. As a result, the company begins working to manage the risk and eliminates the vulnerability 12 days later. Which of the following statements best describes the company’s approach?

The National Security Information document EO 12356 explains the U.S. military classification scheme of Top Secret, Secret, Confidential, Sensitive but Unclassified, and Unclassified. Which of the following would be reasonably expected to cause grave damage to national security in the event of unauthorized disclosure?

LAN Domain security policies center on issues concerning connectivity. Among the types of LAN control standards are __________, which describes the security requirements for identifying LAN-attached devices, and __________, which defines when and how a network is to be partitioned.

An important principle in information security is the concept of layered security, which is also called defense in depth. Which of the following is not an example of a layer of security?

True or False? A best practice for creating a data classification scheme is to classify data in the most effective manner that classifies the lowest-risk data first.

True or False? When implementing a patch, it is recommended that there be a back-out strategy in place in case the patch creates complications.

Of the following user types, which is responsible for evaluating an organization’s controls for design and effectiveness?

True or False? An over classification of data might indicate an unnecessarily costly means of securing data that is not as vital, whereas under classification suggests that the most vital data may not be sufficiently secured.

True or False? A best practice for creating a data classification scheme is to keep the classification simple; create no more than three to five data classes.

True or False? A data custodian has daily operational control over the use of resources and data.