Security + Certification In Organizational Security

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Joelcg
J
Joelcg
Community Contributor
Quizzes Created: 5 | Total Attempts: 4,972
Questions: 23 | Attempts: 234

SettingsSettingsSettings
Security Plus Quizzes & Trivia

Organizational Security


Questions and Answers
  • 1. 

    Which type of policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections?

    • A.

      Administrative

    • B.

      Usage

    • C.

      User management

    • D.

      Security

    Correct Answer
    D. Security
    Explanation
    A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A user management policy identifies the various actions that must occur in the normal course of employee activities.

    Rate this question:

  • 2. 

    Which type of policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits?

    • A.

      Administrative

    • B.

      Usage

    • C.

      User management

    • D.

      Security

    Correct Answer
    A. Administrative
    Explanation
    An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A user management policy identifies the various actions that must occur in the normal course of employee activities. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.

    Rate this question:

  • 3. 

    Which of the following access attacks amounts to listening in on or overhearing parts of a conversation?

    • A.

      Snooping

    • B.

      Passive interception

    • C.

      Eavesdropping

    • D.

      Active interception

    Correct Answer
    C. Eavesdropping
    Explanation
    All of the choices listed are various types of access attacks. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation. In a snooping attack, someone looks through your files in hopes of finding something interesting. In a passive interception attack, someone routinely monitors network traffic. In an active interception attack, a computer is placed between the sender and receiver to capture information while it's sent.

    Rate this question:

  • 4. 

    Which type of policy covers how information and resources are used?

    • A.

      Administrative

    • B.

      Usage

    • C.

      User management

    • D.

      Security

    Correct Answer
    B. Usage
    Explanation
    A usage policy covers how information and resources are used. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A user management policy identifies the various actions that must occur in the normal course of employee activities. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.

    Rate this question:

  • 5. 

    Which type of policy identifies the various actions that must occur in the normal course of employee activities?

    • A.

      Administrative

    • B.

      Usage

    • C.

      User management

    • D.

      Security

    Correct Answer
    C. User management
    Explanation
    A user management policy identifies the various actions that must occur in the normal course of employee activities. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.

    Rate this question:

  • 6. 

    Which of the following is not a common level within an information policy?

    • A.

      Confidential

    • B.

      External

    • C.

      Private

    • D.

      Public

    Correct Answer
    B. External
    Explanation
    The common levels within an information policy are public (for all advertisements and information posted on the Web), internal (for all intranet-type information), private (for personnel records, client data, and so on), and confidential (PKI information and other restricted data).

    Rate this question:

  • 7. 

    Which of the following is the term used to represent availability of 99.999 percent?

    • A.

      Five nines

    • B.

      Real time

    • C.

      Fail over

    • D.

      Surge time

    Correct Answer
    A. Five nines
    Explanation
    Availability of 99.999 percent is known as five nines availability.

    Rate this question:

  • 8. 

    What is the minimum number of disks necessary to implement RAID 0?

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    Correct Answer
    B. 2
    Explanation
    RAID 0, disk striping, requires a minimum of two disks. RAID 1, mirroring, requires a minimum of two disks. RAID 3, disk striping with a dedicated parity disk, requires a minimum of three disks. RAID 5, disk striping with parity, requires a minimum of three disks.

    Rate this question:

  • 9. 

    You have the server configured to automatically perform backups. A full backup is done every Sunday morning at 2 a.m. Differential backups are run every day at 7 a.m. You arrive at work Thursday morning to find the system crashed at 6 p.m. Wednesday night. How many backup sets must you restore to recover as much of the data as possible?

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      5

    Correct Answer
    B. 2
    Explanation
    After replacing the failed drive, you would restore the full backup from Sunday. Following that, you would restore the most recent differential backup, which was done at 7 a.m. Wednesday.

    Rate this question:

  • 10. 

    If a file system contains a log file of all changes and transactions that have occurred within a set period of time, what type of file system is it said to be?

    • A.

      Journaling

    • B.

      Highly available

    • C.

      Shadowed

    • D.

      Secure

    Correct Answer
    A. Journaling
    Explanation
    A journaling file system contains a log file of all changes and transactions that have occurred within a set period of time.

    Rate this question:

  • 11. 

    Which type of backup storage is stored in the same location as the computer center?

    • A.

      Working

    • B.

      Warm

    • C.

      Onsite

    • D.

      Obtainable

    Correct Answer
    C. Onsite
    Explanation
    Onsite storage refers to backup information stored locally; this is often the most recent set of backups.

    Rate this question:

  • 12. 

    During which of the following types of backups is the archive bit on individual files turned off? (Choose all that apply.)

    • A.

      Full

    • B.

      Incremental

    • C.

      Differential

    • D.

      Daily

    Correct Answer(s)
    A. Full
    B. Incremental
    Explanation
    The archive bit is turned off after a full or incremental backup. The archive bit is left on after a differential or daily backup.

    Rate this question:

  • 13. 

    In the "grandfather, father, son" backup plan, which refers to the most recent backup?

    • A.

      Grandfather

    • B.

      Father

    • C.

      Son

    • D.

      None of the above

    Correct Answer
    C. Son
    Explanation
    The most recent backup is the son. After another backup is done, the son becomes the father and then the grandfather.

    Rate this question:

  • 14. 

    Your manager has asked that you investigate the costs of renting a location that can provide operations within hours of a failure. What type of location is this known as?

    • A.

      Hot

    • B.

      Warm

    • C.

      Cold

    • D.

      Round

    Correct Answer
    A. Hot
    Explanation
    A hot site is a location that can provide operations within hours of a failure. A warm site provides some of the capabilities of a hot site but requires more work to become operational. A cold site is a facility that isn't immediately ready to use; you must bring along your own network and equipment. There is no such entity as a round site.

    Rate this question:

  • 15. 

    Which of the following is an agreement between your company and a service provider stipulating the performance you can expect or demand from the vendor?

    • A.

      SND

    • B.

      RSA

    • C.

      SLA

    • D.

      ATP

    Correct Answer
    C. SLA
    Explanation
    A service-level agreement (SLA) is an agreement between your company and a service provider stipulating the performance you can expect or demand from the vendor.

    Rate this question:

  • 16. 

    You have been told to collect the key metrics outlines in every SLA and document them. Which of the following is a measure of the anticipated incidence of failure for a system or component?

    • A.

      MRA

    • B.

      MTTR

    • C.

      MBAC

    • D.

      MTBF

    Correct Answer
    D. MTBF
    Explanation
    Mean Time Before Failure (MTBF) is a measure of the anticipated incidence of failure for a system or component. Mean Time To Repair (MTTR) is a measurement of how long it takes to repair a system or component after a failure has occurred. The other two choices do not represent metrics.

    Rate this question:

  • 17. 

    What type of policy identifies the level of care used to maintain the confidentiality of private information?

    • A.

      Separation of duties

    • B.

      Due care

    • C.

      Document disposal and destruction

    • D.

      Incident response

    Correct Answer
    B. Due care
    Explanation
    A due care policy identifies the level of care used to maintain the confidentiality of private information. A separation of duties policy is intended to reduce the risk of fraud and prevent losses in an organization. A document disposal and destruction policy is used to define how information that is no longer needed is handled. An incident response policy defines how an organization will respond to an incident.

    Rate this question:

  • 18. 

    What is the minimum number of disks necessary to implement RAID 1?

    • A.

      1

    • B.

      2

    • C.

      3

    • D.

      4

    Correct Answer
    B. 2
    Explanation
    RAID 1, mirroring, requires a minimum of two disks. RAID 0, disk striping, requires a minimum of two disks. RAID 3, disk striping with a dedicated parity disk, requires a minimum of three disks. RAID 5, disk striping with parity, requires a minimum of three disks.

    Rate this question:

  • 19. 

    During which process must a forensics investigator be able to prove that the data being presented as evidence is the same data that was collected on the scene?

    • A.

      Evidentiary

    • B.

      Analytic

    • C.

      Custody

    • D.

      Confirmation

    Correct Answer
    A. Evidentiary
    Explanation
    During the evidentiary process, a forensics investigator must be able to prove that the data being presented as evidence is the same data that was collected on the scene.

    Rate this question:

  • 20. 

    Which type of policy should exist that defines the requirements, responsible parties, and procedures to follow after the collection of evidence?

    • A.

      Preservation of evidence

    • B.

      Information retention

    • C.

      Chain-of-custody

    • D.

      Storage

    Correct Answer
    C. Chain-of-custody
    Explanation
    A chain-of-custody policy should exist that defines the requirements, responsible parties, and procedures to follow after the collection of evidence. Preservation of evidence needs to happen, but it is not a policy in and of itself. An information retention policy details how long data is retained. A storage policy defines how information is stored.

    Rate this question:

  • 21. 

    Which of the following is a collection of data that is removed from the system because it's no longer needed on a regular basis?

    • A.

      Backup

    • B.

      Inventory

    • C.

      Array

    • D.

      Archive

    Correct Answer
    D. Archive
    Explanation
    An archive is a collection of data that is removed from the system because it's no longer needed on a regular basis. A backup is a restorable copy of any set of data that is needed on the system. The other two choices are not relevant.

    Rate this question:

  • 22. 

    Which of the following is a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information?

    • A.

      FERPA

    • B.

      HIPAA

    • C.

      CESA

    • D.

      Gramm-Leach-Bliley Act

    Correct Answer
    B. HIPAA
    Explanation
    The Health Insurance Portability and Accountability Act (HIPAA) is a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information. The Family Educational Rights and Privacy Act (FERPA) dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or their parents. The Cyberspace Electronic Security Act (CESA) gives law enforcement the right to gain access to encryption keys and cryptography methods. The Gramm-Leach-Bliley Act requires financial institutions to develop privacy notices and notify customers that they are entitled to privacy.

    Rate this question:

  • 23. 

    Which of the following is not one of the three key steps of the forensics process?

    • A.

      Analyzing the evidence

    • B.

      Acquiring the evidence

    • C.

      Copying the evidence

    • D.

      Authenticating the evidence

    Correct Answer
    C. Copying the evidence
    Explanation
    The three key steps of the forensics process are acquiring the evidence, authenticating the evidence, and analyzing the evidence.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 27, 2010
    Quiz Created by
    Joelcg
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.