Reference no: EM132677087
1) Which of the following statements is true regarding a security policy framework?
- A framework should be considered static and should not be revised.
- If written well from the outset, a framework and policies will not need to be revised.
- A framework should be updated when you discover new or evolving risks.
- Performing a gap analysis will not aid in the revision of a framework.
2) Overlapping policies
- should be avoided.
- is redundant and wastes valuable resources.
- costs an organization too much money.
- provides defense in depth.
3)In the lab, you aligned IT security policies throughout the seven domains of a typical IT infrastructure as part of a:
- performance review.
- layered security strategy.
- security vulnerability analysis.
- threat evaluation.
4) In the lab, you only provided a policy relevant to a risk, threat, or vulnerability of the seven domains of a typical IT infrastructure. However, normally a __________ would be the necessary next steps.
- threat monitor or vulnerability monitor
- risk assessment or suggested control
- service agreement or user license
- delegation table or authority chart
5) Using a risk-based approach to policy development:
- ignores important compliance issues and regulations.
- will not be considered a satisfactory method by compliance regulators.
- satisfies compliance regulations more easily than using another method.
- is not as effective as a cost-based approach for satisfying compliance regulations.
6) In the lab, you aligned each risk, threat, and vulnerability in the __________ with a policy that should explain how to respond to it.
- IT infrastructure definition chart
- IT security policy framework definition chart
- standards and guidelines table
- layered security approach list
7) In the lab, for any risk that did not match to a policy, you needed to:
- identify the employee(s) who could be most vulnerable to the risk.
- identify the machine(s) or network(s) that could be most vulnerable to the risk.
- recommend an IT security policy that could eliminate the gap.
- determine the potential cost if an attack was targeted at that risk.
8) The lab demonstrated how to assess and audit an IT security policy framework definition by performing a(n) __________ with remediation.
- IT security review
- domain assessment
- gap analysis
- risk analysis