CIS4361 Chapter 5 Q&A
A firewall can be a single device or a firewall extranet, which consists of multiple firewalls
creating a buffer between the outside and inside networks. - =False
A(n) full backup only archives the files that have been modified that day, and thus requires less
space and time than the differential. - =False
A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from
events that threaten the security of information and information assets in the organization, and,
subsequently, to restore the organization to normal modes of business operations. - =True
NIST documents can assist in the design of a security framework. - =True
The security framework is a more detailed version of the security blueprint. - =False
Technical controls are the tactical and technical implementations of security in the organization.
- =True
A managerial guidance SysSP document is created by the IT experts in a company to guide
management in the implementation and configuration of technology. - =False
ISO/IEC 17799 is more useful than any other information security management approach. -
=False
The Federal Bureau of Investigation deals with many computer crimes that are categorized as
felonies. - =True
Quality security programs begin and end with policy. - =True
, A policy should state that if employees violate a company policy or any law using company
technologies, the company will protect them, and the company is liable for the employee's
actions. - =False
A disaster recovery plan addresses the preparation for and recovery from a disaster, whether
natural or man-made. - =True
Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks. -
=True
Proxy servers can temporarily store a frequently visited Web page, and thus are sometimes called
demilitarized servers. - =False
NIST 800-14, The Principles for Securing Information Technology Systems, provides detailed
methods for assessing, designing, and implementing controls and plans for applications of
varying size. - =False
A cold site provides many of the same services and options of a hot site. - =False
ACLs are more specific to the operation of a system than rule-based policies and they may or
may not deal with users directly. - =False
Evidence is the physical object or documented information that proves an action occurred or
identifies the intent of a perpetrator. - =True
NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal
Information Systems, includes templates for major application security plans. - =True
A service bureau is an agency that provides a service for a fee. - =True
The Federal Agency Security Practices (FASP) site is a popular place to look up best practices. -
=True
A firewall can be a single device or a firewall extranet, which consists of multiple firewalls
creating a buffer between the outside and inside networks. - =False
A(n) full backup only archives the files that have been modified that day, and thus requires less
space and time than the differential. - =False
A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from
events that threaten the security of information and information assets in the organization, and,
subsequently, to restore the organization to normal modes of business operations. - =True
NIST documents can assist in the design of a security framework. - =True
The security framework is a more detailed version of the security blueprint. - =False
Technical controls are the tactical and technical implementations of security in the organization.
- =True
A managerial guidance SysSP document is created by the IT experts in a company to guide
management in the implementation and configuration of technology. - =False
ISO/IEC 17799 is more useful than any other information security management approach. -
=False
The Federal Bureau of Investigation deals with many computer crimes that are categorized as
felonies. - =True
Quality security programs begin and end with policy. - =True
, A policy should state that if employees violate a company policy or any law using company
technologies, the company will protect them, and the company is liable for the employee's
actions. - =False
A disaster recovery plan addresses the preparation for and recovery from a disaster, whether
natural or man-made. - =True
Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks. -
=True
Proxy servers can temporarily store a frequently visited Web page, and thus are sometimes called
demilitarized servers. - =False
NIST 800-14, The Principles for Securing Information Technology Systems, provides detailed
methods for assessing, designing, and implementing controls and plans for applications of
varying size. - =False
A cold site provides many of the same services and options of a hot site. - =False
ACLs are more specific to the operation of a system than rule-based policies and they may or
may not deal with users directly. - =False
Evidence is the physical object or documented information that proves an action occurred or
identifies the intent of a perpetrator. - =True
NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal
Information Systems, includes templates for major application security plans. - =True
A service bureau is an agency that provides a service for a fee. - =True
The Federal Agency Security Practices (FASP) site is a popular place to look up best practices. -
=True
