CIS 462 Midterm Exam 100% Correct
Answers
To Get this Tutorial
Copy & Paste above URL Into
Your Browser
Hit Us Email for
Any Inquiry at: Homeworkfy@gmail.com
Visit our Site for
More Tutorials: (http://homeworkfy.com/ )
(1) The use of encryption and
digital signatures helps ensure that what was transmitted is the same as what
was received. Which of the following is assured?
(2) Which of the following is not
one of the four domains of the COBIT framework for ISS management?
(3) What is the primary goal of
business process reengineering?
(4) Passwords and biometrics are
most closely associated with which of the following?
(5) What does COBIT stand for?
(6) Which of the following is
optional, and sets the parameters within which the others can be used?
(7) Which of the following is not
true of segmented networks?
(8) You are on the West Coast but
want to connect to your company’s intranet on the East Coast. You use a program
to “tunnel” through the Internet to reach the intranet. Which technology are
you using?
(9) A policy that addresses the use
of personal mobile devices, such as a smartphone, to access an internal
business network is an issue of which IT domain?
(10) After entering your user name
and password, you enter a number displayed on a security token to gain access
to your company’s network. Which type of authentication method does the
security token represent?
(11) In the Workstation Domain,
____________ is the best method of reducing the risk of information leakage.
(12) Authentication and encryption
of intranet traffic is a _______ Domain issue.
(13) __________ is the ability to
reasonably ensure conformity and adherence to both internal and external
policies, standards, procedures, laws, and regulations.
(14) What is included in an IT
policy framework?
(15) Incident reporting, incident
management, and user ID addition/removal are examples of which of the
following?
(16) Which of the following are
written instructions on how to comply with standards?
(17) What is something you can
measure against to demonstrate value, such as gauging if you’ve reasonably
covered risks in your organization?
(18) Which personality type tends to
be best suited for delivering security awareness training?
(19) In Kotter’s change model, which
step is generally part of informal discussions rather than part of the formal
implementation process?
(20) A primary reason why security
policies often fail is ___________.
(21) Which of the following is not
true of security policy enforcement?
(22) In Kotter’s change model, in
which step does the ISO work with line management to collect metrics for
assessing the policies’ effectiveness and ensure metrics are meaningful?
(23) Which personality type tends to
be associated with good leaders?
(24) The basic elements of
motivation include pride, success, and __________.
(25) Disaster recovery and tape
backups are examples of which type of security control?
(26) What is the primary role of a
security policy evangelist?
(27) Before you begin security
policy awareness training, what is the first step you should take to help
ensure success?
(28) Which of the following is not a
security awareness training best practice?
(29) When publishing an internal
security policy or standard, which role or department usually gives final
approval?
(30) One of the key factors of a
successful implementation of an organization-wide security policy
is _______________.
is _______________.
(31) A business _______ emerges when
an organization cannot meet its obligation or duty.
(32) Which of the following is a physical
control?
(33) What does “tone at the top”
refer to?
(34) Which of the following is not a
typical method of protecting intellectual property (IP)?
(35) A procedure for cleaning a
virus from a system is an example of which type of security control?
(36) An organization’s security
awareness program is an example of which type of security control?
(37) Which of the following is a key
measurement of an organization’s risk appetite?
(38) The core requirement of an
automated IT security control library is that the information is ________.
(39) Who is responsible for
executing policies and procedures, such as backup and versioning?
(40) Which IT framework extends the
COBIT framework and is a comprehensive risk management approach?
(41) In the financial services
sector, the use of the “three lines of defense” includes the business unit
(BU), a risk management program, and ______________.
(42) Which security policy framework
focuses on concepts, practices, and processes for managing and delivering IT
services?
(43) ___________ refers to the
degree of risk an organization is willing to accept.
(44) To which sector does the
Gramm-Leach-Bliley Act apply primarily?
(45) To protect information systems
and assess risk, NIST standards describe inventorying hardware and software,
categorizing risk levels, and which controls to apply, among others. One
standard involves certification and accreditation. What is the purpose of this
process?
(46) Which compliance law concept
states that individuals should know what information about them is being
collected and should be told how that information is being used?
(47) Which law applies to
educational institutions and protects students’ records?
(48) Which of the following is not a
key component that must be covered in an organization’s security policy for
CIPA compliance?
(49) A popular social networking
site recently changed its privacy policy regarding personal profiles. To
prevent your profile information from being shared with anyone on the Internet,
you must check a box requesting privacy. What is this an example of?
(50) Which of the following focuses
on the payment card industry?
No comments:
Post a Comment