Information Security EXAM 1
CHAPTER 4 QUESTIONS WITH
CORRECT ANSWERS
ACLs are more specific to the operation of a system than rule-based policies and they
may or may not deal with users directly. - CORRECT ANSWER>>>false
Evidence is the physical object or documented information that proves an action
occurred or identifies the intent of a perpetrator. - CORRECT ANSWER>>>true
A security policy should begin with a clear statement of purpose. - CORRECT
ANSWER>>>true
The security framework is a more detailed version of the security blueprint. - CORRECT
ANSWER>>>false
Systems-specific security policies are organizational policies that provide detailed,
targeted guidance to instruct all members of the organization in the use of a resource,
such as one of its processes or technologies. - CORRECT ANSWER>>>false
One of the basic tenets of security architectures is the layered implementation of
security, which is called defense in redundancy. - CORRECT ANSWER>>>false
To remain viable, security policies must have a responsible individual, a schedule of
reviews, a method for making recommendations for reviews, and policy issuance and
planned revision dates. - CORRECT ANSWER>>>true
Managerial controls set the direction and scope of the security process and provide
detailed instructions for its conduct. - CORRECT ANSWER>>>true
In 2016, NIST published a new Federal Master Cybersecurity Framework to create a
mandatory framework for managing cybersecurity risk for the delivery of critical
infrastructure services at every organization in the United States, based on vendor-
specific technologies. - CORRECT ANSWER>>>false
Some policies may also need a(n) sunset clause indicating their expiration date. -
CORRECT ANSWER>>>true
Guidelines are detailed statements of what must be done to comply with policy. -
CORRECT ANSWER>>>false
A(n) sequential roster is activated as the first person calls a few people on the roster,
who in turn call a few other people. - CORRECT ANSWER>>>false
CHAPTER 4 QUESTIONS WITH
CORRECT ANSWERS
ACLs are more specific to the operation of a system than rule-based policies and they
may or may not deal with users directly. - CORRECT ANSWER>>>false
Evidence is the physical object or documented information that proves an action
occurred or identifies the intent of a perpetrator. - CORRECT ANSWER>>>true
A security policy should begin with a clear statement of purpose. - CORRECT
ANSWER>>>true
The security framework is a more detailed version of the security blueprint. - CORRECT
ANSWER>>>false
Systems-specific security policies are organizational policies that provide detailed,
targeted guidance to instruct all members of the organization in the use of a resource,
such as one of its processes or technologies. - CORRECT ANSWER>>>false
One of the basic tenets of security architectures is the layered implementation of
security, which is called defense in redundancy. - CORRECT ANSWER>>>false
To remain viable, security policies must have a responsible individual, a schedule of
reviews, a method for making recommendations for reviews, and policy issuance and
planned revision dates. - CORRECT ANSWER>>>true
Managerial controls set the direction and scope of the security process and provide
detailed instructions for its conduct. - CORRECT ANSWER>>>true
In 2016, NIST published a new Federal Master Cybersecurity Framework to create a
mandatory framework for managing cybersecurity risk for the delivery of critical
infrastructure services at every organization in the United States, based on vendor-
specific technologies. - CORRECT ANSWER>>>false
Some policies may also need a(n) sunset clause indicating their expiration date. -
CORRECT ANSWER>>>true
Guidelines are detailed statements of what must be done to comply with policy. -
CORRECT ANSWER>>>false
A(n) sequential roster is activated as the first person calls a few people on the roster,
who in turn call a few other people. - CORRECT ANSWER>>>false