WGU Information Security and Assurance - C725 - Practice Tests Already Passed

Document Content and Description Below

WGU Information Security and Assurance - C725 - Practice Tests Already Passed What should be the role of the management in developing an information security program? A It is mandatory. B It is... limited to the sanctioning of funds. C It is not required at all. D It should be minimal. ✔✔The role of the management in developing an information security program is mandatory. The primary purpose of security management is to protect the information assets of the organization. Which type of security plan is designed to be a forwarding looking document pointing out goals to achieve in a five-year time frame? A Operational B Tactical C Strategic ✔✔A strategic plan focuses on five-year goals, missions, and objectives. It is a fairly stable, long-term plan that defines an organization's security purpose. Answer A is incorrect. An operational plan is a highly-detailed, short-term plan based on the strategic and tactical plans. It is updated monthly or quarterly to retain compliance with tactical plans. Answer B is incorrect. The tactical plan is a midterm plan that provides details on accomplishing the goals defined in the strategic plan. It is useful for about a year. What is the primary objective of data classification schemes? A To formalize and stratify the process of securing data based on assigned labels of importance and sensitivity B To establish a transaction trail for auditing accountability C To manipulate access controls to provide for the most efficient means to grant or restrict functionality D To control access to objects for authorized subjects ✔✔The primary objective of data classification schemes is to formalize and stratify the process of securing data based on assigned labels of importance and sensitivity. Mark reads the following lines in the document from his workstation: Access the Aspen Bridge by telnet. Enter into privileged mode. Execute command 6 and press Enter. Load the config file. Hit Run. What type of document is Mark reading? A Security policy B Regulatory policy C Guideline D Procedure ✔✔A procedure is a detailed, step-by-step how-to document that specifies the exact actions required to implement a specific security mechanism, control, or solution. A procedure can discuss the complete system deployment operation or focus on a single product or aspect, such as deploying a firewall or updating virus definitions. Procedures are system and software specific in most cases. Answer A is incorrect. A security policy is a document that defines the scope of security required by an organization. Answer B is incorrect. A regulatory policy is used when industry or legal standards are applied to the organization. It contains the regulations that the organization must follow and defines the procedures that support compliance of the same. Answer C is incorrect. A guideline points to a statement in a policy or procedure that helps determine a course of action. What is defined in an acceptable use policy? A how users are allowed to employ company hardware B the method administrators should use to back up network data C the sensitivity of company data D which users require access to certain company data ✔✔Answer A is correct. An acceptable use policy defines how users are allowed to employ company hardware. For example, an acceptable use policy, which is sometimes referred to as a use policy, might answer the following questions: Are employees allowed to store personal files on company computers? Are employees allowed to play network games on breaks? Are employees allowed to "surf the Web" after hours? An information policy defines the sensitivity of a company's data. In part, a security policy defines separation of duties, which determines who needs access to certain company information. A backup policy defines the procedure that administrators should use to back up company information. Which business role must ensure that all operations fit within the business goals? A data owner B business/mission owner C system owner D data custodian ✔✔Answer B is correct. The person in the business/mission owner role must ensure that all operations fit within the business or mission goals.System and data owners are responsible for ensuring that proper controls are in place to maintain the integrity, confidentiality, and availability of the information. The system owner is responsible for maintaining and protecting one or more data processing systems. The role of a system owner includes the integration of required security features into the applications and the purchase decision of the applications. The system owner also ensures that the remote access control, password management, and operating system configuration provide the necessary security. The data owner is typically part of management. The data owner controls the process of defining IT service levels, provides information during the review of controls, and is responsible for authorizing the enforcement of security controls to protect the information assets of the organization. For example, a business unit manager has the primary responsibility of protecting the information assets by exercising due diligence and due care practices. The data custodian is directly responsible for maintaining and protecting the data. This role is typically delegated to the IT department staff and includes implementing the organization security through the implementation and maintenance of security controls. The data custodian role also includes the following tasks: Maintaining records of activity Verifying the accuracy and reliability of the data Backing up and restoring data on a regular basis What process does a system use to officially permit access to a file or a program? A Authorization B Validation C Authentication D Identification ✔✔Answer A is correct. A system can use an authorization process to officially permit access to a file or a program. This process is used for granting permission and specifying access rights to resources. Answer B is incorrect. Validation confirms the data values being entered by a user are valid or not. Answer C is incorrect. Authentication is [Show More]

Last updated: 1 year ago

Preview 1 out of 405 pages