Outcomes addressed in this activity:
Unit Outcomes:
• Investigate assessment and test strategies.
• Prepare security process data.
• Break down security control testing.
Course Outcome:
IT410-1: Discriminate assessment and test strategies.
Purpose
In this assignment, you will examine how changes in business operations, the technical environment, and user behavior may alter the effectiveness of security controls.
Assignment Instructions
Answer the following 12 questions by selecting the single best answer for each. Using your course materials and/or other credible resources, provide a 50- to 100-word explanation of why you chose your answer for each question. Please cite your sources for your answers from your course materials or other credible resources.
- You have established user error threshold baselines for your organization’s network that will alert you if suspicious activity occurs. What are the baselines called?
A. least privilege
B. clipping levels
C. configuration management - During which step of the NIST SP 800-137 are the decisions on risk responses made?
A. Respond to findings.
B. Define the ISCM strategy.
C. Establish the ISCM program. - You are in the process of defining and implementing an information security continuous monitoring (ISCM) program for your organization according to NIST SP 800-137. What is an expected input to defining this program?
A. reporting requirements
B. organizational risk assessment
C. automation specification - You have been hired as a security engineer for a new federal government agency. You have been asked to implement an information security continuous monitoring (ISCM) program for the agency. Which standard should you consult?
A. NIST SP 800-92
B. NIST SP 800-121
C. NIST SP 800-137 - What is the correct definition of penetration testing?
A. test procedure performed by security professionals with management approval
B. intrusion by hackers
C. security response procedures undertaken to detect brute force attacks - Which of the following is network protocol analyzer?
A. Cain and Abel
B. Wireshark
C. Snort - Your company’s domain security policy states that user account reviews should be performed twice a year. You have been asked to perform user account reviews. What should you do?
A. Ensure that users are accessing the system on appropriate dates.
B. Ensure that user accounts correspond to valid employees.
C. Ensure that users are accessing the system at appropriate times. - You are designing the user management policies for your organization. What is typically part of these policies?
A. authentication
B. acceptable use
C. employee termination - Where should an information security manager place an intrusion detection system (IDS) when implementing security?
A. on a screened subnet
B. outside the firewall
C. on the external router - Where should security monitoring mechanisms primarily be focused?
A. on detecting network intrusions
B. on business-critical information
C. on recording all security violations - Which of the following is most effective in preventing security weaknesses in operating systems?
A. change management
B. patch management
C. configuration management - Which of the following is the most effective solution for preventing internal users from modifying sensitive and classified information?
A. background investigations
B. system access violation logs
C. baseline security standards
Assignment Requirements
Only the title page, in-text citations, and reference page are required to be formatted according to APA standards for this assignment.
Do you need urgent help with this or a similar assignment? We got you. Simply place your order and leave the rest to our experts.