All are true or false questions – assignmentcollections.com

Top of Form

• A lack of standardization within an infrastructure is a significant technical challenge that is always caused by inconsistent configurations.

True

False

2.00000 points

QUESTION 2

• It is necessary that writing policies to advocate a mutually agreed-upon target state requires clarity and flexibility. It is recommended that language like “expected” and “should” is favorable to encourage employees to offer their own interpretation of how policies might be applied.

True

False

QUESTION 5

• A town hall meeting is a community-building effort comprised of different teams for the purpose of sharing new developments and discussing topics of concern in an open setting. Such an effort requires an investment of time and money on the side of both IT and business.

True

False

2.00000 points

QUESTION 6

• Risk and control self-assessment is the term used to define how an organization’s security policy allows the business to thrive, or the degree to which it diminishes the obstacles to the business.

True

False

2.00000 points

QUESTION 7

• During the process of developing a communications plan, it is necessary to ask the question, __________________.

2.00000 points

QUESTION 8

• A governance policy committee is vital for monitoring and evaluating policy efficacy. The level of effectiveness will be determined by the number of breaches that have occurred and that have been mitigated.

True

False

2.00000 points

QUESTION 9

2.00000 points

QUESTION 10

• The type and frequency of security awareness training is contingent on the type of user. For instance, all users might be required to attend refresher training courses on an annual basis, whereas a vendor should be required to attend outside training only as outlined in the vendor-company contract.

True

False

2.00000 points

QUESTION 11

• A threat vector is an item of code on a distributed device. The threat vector has a number of functions, but the main one is to make a report of the condition of the device that is to be delivered to the central server.

True

False

2.00000 points

QUESTION 12

• One the challenges that can arise in the context of explaining a target state is the issue of coping with outdated technology. Because this type of technology is by definition not likely to conform to the established best practices, there is only one option: it must be replaced.

True

False

QUESTION 16

• Because some security work is heavily reliant on human judgment, not all controls are subjected to automation. However, manual controls are not appropriate to use with respect to background checks, log reviews, attestations, and access rights reviews.

True

False

QUESTION 22

• Executive management is ultimately accountable when an organization has failed to control risks. In general, organizations can be trusted to assign consequences of that failure to a few in top leadership roles who will take on the burden of consequences. Thus, it is rarely necessary that regulators and courts be invoked to ensure accountability.

True

False

2.00000 points

QUESTION 23

2.00000 points

QUESTION 24

• Although there are many automated administrator tools that can be used in the service of managing policy, the first step should be to determine which manual controls can assist with enforcement.

True

False

2.00000 points

QUESTION 25

• Because employees always respond and react in relation to their environment, it is vital that front-line employees work to counteract the forces of peer pressure. Peer pressure is a negative influence on the security culture of an organization.

True

False

2.00000 points

QUESTION 26

• Despite the different levels of accountability that exist in the layers of an organization, it is the information security officer (CISO) that has the main responsibility of establishing and escalating noncompliance to the senior leadership. Then, the senior leadership is responsible for enforcing the security policies while taking under advisement the guidance of the CISO.

True

False

2.00000 points

QUESTION 27

• Companies seek to monitor employee e-mail usage to safeguard against malware, viruses, sensitive information, and data leakage protection (DLP). Additionally, e-mail use might be scanned for threatening language and obscenities.

True

False

2.00000 points

QUESTION 28

• In general, administrators measure server performance by assessing three core resources: the memory, the disk, and the network. When these are initially measured and recorded, it establishes a performance baseline; later, the administrator needs to measure the resources again and ensure the measurements are closely aligned so that the server continues to meet expectations.

True

False

2.00000 points

QUESTION 29

2.00000 points

QUESTION 30

• WBEM is based on different standards derived from the Internet and from the Distributed Management Task Force (DMTF), Inc. Such standards include: CIM-XML; WS-Management, and CIM Query Language (CQL).

True

False

2.00000 points

QUESTION 31

2.00000 points

QUESTION 32

• Although there are security tasks that can achieved with specific tools, any tasks concerning IT security policy compliance need to address one basic concern: change and configuration management. This management is important because changes made to the system and enhancing configurations each affect the life cycle of a system.

True

False

2.00000 points

QUESTION 33

• Vulnerability scanners are important tools. However, there are two built-in limitations: 1) scanners are only as good as their testing approach and scripts, and 2) there are some scanners that need increased access to the system’s configuration file in order to yield the best results.

True

False

2.00000 points

QUESTION 34

• It is vital to keep in mind that breaches are entirely concerned with data. No matter what physical damage a device incurs, data on any stolen machine may be at risk; thus, encrypting the hard drive on a device that is portable is a considered a best practice by the industry.

True

False

2.00000 points

QUESTION 35

• A certificate authority refers to the original image that is duplicated for deployment. Using this image saves times by eradicating the need for repeated changes to configuration and tweaks to performance.

True

False

2.00000 points

QUESTION 36

2.00000 points

QUESTION 37

2.00000 points

QUESTION 38

• It is vital that automated solutions offering configuration management are well-secured. Otherwise, a hacker who makes it into a configuration management system might be able to obtain administrator access to the production environment.

True

False

2.00000 points

QUESTION 39

• The Information Technology Infrastructure Library (ITIL) contains three books that represent the ITIL life cycle: service transition, service operation, and service design. It is standard practice for an organization to adopt all sections of the ITIL life cycle.

True

False

2.00000 points

QUESTION 40

2.00000 points