Because encryption keys can get lost or destroyed, a copy of the key should be stored wit
Because encryption keys can get lost or destroyed, a copy of the key should be stored with a trusted third party. This safety procedure is sometimes called ________.
A) key escrow
B) white hat
C) key encryption
D) biometric authentication
32) Which of the following is an example of a data safeguard?
A) application design
B) dissemination of information
C) physical security
D) malware protection
33) Which of the following statements is true regarding position sensitivity?
A) It is a type of data safeguard.
B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss.
C) It is documented only for high-sensitivity positions.
D) It applies to new employees only.
34) Enforcement of security procedures and policies consists of three interdependent factors: ________.
A) centralized reporting, preparation, and practice
B) account administration, systems procedures, and security monitoring
C) separation of duties, least privilege, and position sensitivity
D) responsibility, accountability, and compliance
35) In terms of password management, when an account is created, users should ________.
A) create two passwords and switch back and forth between those two
B) immediately change the password they are given to a password of their own
C) maintain the same password they are given for all future authentication purposes
D) ensure that they do not change their passwords frequently, thereby reducing the risk of password loss
36) Typically, a help-desk information system has answers to questions that only a true user would know, such as the user's birthplace, mother's maiden name, or last four digits of an important account number. This information ________.
A) allows help-desk representatives to create new passwords for users
B) reduces the strength of the security system
C) protects the anonymity of a user
D) helps authenticate a user
37) Activity log analysis is an important ________ function.
A) account administration
B) security monitoring
D) data administration
38) ________ are remote processing centers run by commercial disaster-recovery services.
A) Cold sites
B) Web browsers
C) Hot sites
D) Backup centres
39) Every organization should have a(n) ________ as part of the security program, which should include how employees are to react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
A) key escrow
B) smart card
C) human safeguard plan
D) incident-response plan
40) Which of the following is true regarding an incident-response plan?
A) The plan should provide decentralized reporting of all security incidents.
B) The plan should require minimal training on the part of employees.
C) The plan should identify critical personnel and their off-hours contact information.
D) The plan should be simple enough to ensure a fast response with limited practice.