21. Janet is identifying the set of privileges that should be assigned to a new

Question

21. Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? A. Identification B. Authentication C. Accountability D. Authorization

22. Which of the following would NOT be considered in the scope of organizational compliance efforts? A. Laws B. Company policy C. Internal audit D. Corporate culture

23. Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve? A. Reduced operating costs B. Access to a high level of expertise C. Developing in-house talent D. Building internal knowledge

24. What is NOT a good practice for developing strong professional ethics? A. Set the example by demonstrating ethics in daily activities B. Encourage adopting ethical guidelines and standards C. Assume that information should be free D. Inform users through security awareness training

25. Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing? A. Job rotation B. Least privilege C. Need-to-know D. Separation of duties

26. What is NOT a goal of information security awareness programs? A. Teach users about security objectives B. Inform users about trends and threats in security C. Motivate users to comply with security policy D. Punish users who violate policy

27. Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? A. Baseline B. Policy C. Guideline D. Procedure

28. Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions? A. Value B. Sensitivity C. Criticality D. Threat

29. Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking? A. Project initiation and planning B. Functional requirements and definition C. System design specification D. Operations and maintenance

30. In an accreditation process, who has the authority to approve a system for implementation? A. Certifier B. Authorizing official (AO) C. System owner D. System administrator

Explanation / Answer

21. Identification

Because she is just identifying the privileges that can give to user.

22. Organisational culture

Because this is no where connected to organisational compliance.

23. Access to high level of expertise

Because any organisation will give outsource only when they dont have high level expertise in that particular domain

24.Inform users through security awareness training

Professional ethics is no where related to security awareness training.

25. Separation of duties

With this separation of duties we can reduce the risk by seperating one important and main duty into multiple duties and assign this to multiple people

26. Punish users who violate policy

Punishment is not the awareness training.it is something which comes after the violation of some policy.

27.Procedure

Since she is creating the template for configuration that we can call as procedure only.

28. Value

Values is not used in classification of information.

29. Project initiation and planning

In planning phace only budget calculation and all this thing's happen.

30. Authorizing official

When we need to implement a system we must have take the approval from Authorizing official

Related Questions

Navigate

• Browse (All)
• Browse 2
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.