CIS 462 Midterm Exam (2 Set)

CIS 462 Midterm Exam (2 Set)

This Tutorial was purchased 2 times & rated A+ by students like you.

  |  Write a review  |   Reviews (1)   |  
Price: $12.00
     
 

Attachments: CIS 462 Midterm Exam Set 1.docx [ Preview Here ] CIS 462 Midterm Exam Set 2.docx [ Preview Here ]

This Tutorial contains 2 Set of Midterm Exam

 

(1) The use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?

(2) Which of the following is not one of the four domains of the COBIT framework for ISS management?

(3) What is the primary goal of business process reengineering?

(4) Passwords and biometrics are most closely associated with which of the following?

(5) What does COBIT stand for?

(6) Which of the following is optional, and sets the parameters within which the others can be used?

(7) Which of the following is not true of segmented networks?

(8) You are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?

(9) A policy that addresses the use of personal mobile devices, such as a smartphone, to access an internal business network is an issue of which IT domain?

(10) After entering your user name and password, you enter a number displayed on a security token to gain access to your company’s network. Which type of authentication method does the security token represent?

(11) In the Workstation Domain, ____________ is the best method of reducing the risk of information leakage.

(12) Authentication and encryption of intranet traffic is a _______ Domain issue.

(13) __________ is the ability to reasonably ensure conformity and adherence to both internal and external policies, standards, procedures, laws, and regulations.

(14) What is included in an IT policy framework?

(15) Incident reporting, incident management, and user ID addition/removal are examples of which of the following?

(16) Which of the following are written instructions on how to comply with standards?

(17) What is something you can measure against to demonstrate value, such as gauging if you’ve reasonably covered risks in your organization?

(18) Which personality type tends to be best suited for delivering security awareness training?

(19) In Kotter’s change model, which step is generally part of informal discussions rather than part of the formal implementation process?

(20) A primary reason why security policies often fail is ___________.

(21) Which of the following is not true of security policy enforcement?

(22) In Kotter’s change model, in which step does the ISO work with line management to collect metrics for assessing the policies’ effectiveness and ensure metrics are meaningful?

(23) Which personality type tends to be associated with good leaders?

(24) The basic elements of motivation include pride, success, and __________.

(25) Disaster recovery and tape backups are examples of which type of security control?

(26) What is the primary role of a security policy evangelist?

(27) Before you begin security policy awareness training, what is the first step you should take to help ensure success?

(28) Which of the following is not a security awareness training best practice?

(29) When publishing an internal security policy or standard, which role or department usually gives final approval?

(30) One of the key factors of a successful implementation of an organization-wide security policy
is _______________.

(31) A business _______ emerges when an organization cannot meet its obligation or duty.

(32) Which of the following is a physical control?

(33) What does “tone at the top” refer to?

(34) Which of the following is not a typical method of protecting intellectual property (IP)?

(35) A procedure for cleaning a virus from a system is an example of which type of security control?

(36) An organization’s security awareness program is an example of which type of security control?

(37) Which of the following is a key measurement of an organization’s risk appetite?

(38) The core requirement of an automated IT security control library is that the information is ________.

(39) Who is responsible for executing policies and procedures, such as backup and versioning?

(40) Which IT framework extends the COBIT framework and is a comprehensive risk management approach?

(41) In the financial services sector, the use of the “three lines of defense” includes the business unit (BU), a risk management program, and ______________.

(42) Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?

(43) ___________ refers to the degree of risk an organization is willing to accept.

(44) To which sector does the Gramm-Leach-Bliley Act apply primarily?

(45) To protect information systems and assess risk, NIST standards describe inventorying hardware and software, categorizing risk levels, and which controls to apply, among others. One standard involves certification and accreditation. What is the purpose of this process?

(46) Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used?

(47) Which law applies to educational institutions and protects students’ records?

(48) Which of the following is not a key component that must be covered in an organization’s security policy for CIPA compliance?

(49) A popular social networking site recently changed its privacy policy regarding personal profiles. To prevent your profile information from being shared with anyone on the Internet, you must check a box requesting privacy. What is this an example of?

(50) Which of the following focuses on the payment card industry?

 

CIS 462 Midterm Exam Set 2

 

 

• Question 1    Who is responsible for data quality within an enterprise?

• Question 2    ___________ refers to the degree of risk an organization is willing to accept. 

• Question 3    Which security policy framework, developed by CERT, focuses on information security assessment and planning?

• Question 4    Which IT framework extends the COBIT framework and is a comprehensive risk management approach?

• Question 5    Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?

• Question 6    The core requirement of an automated IT security control library is that the information is ________.

• Question 7    A fundamental component of internal control for high-risk transactions is __________.

• Question 8    An unauthorized user accessed protected network storage and viewed personnel records. What has been lost?

• Question 9    During which phase of the COBIT ISS management life cycle do you review how you are going to manage your IT investment such as contracts, service level agreements (SLAs), and new policy ideas?

• Question 10  Which of the following starts as an industry norm, and over time, becomes the measuring stick by which regulators judge organizations?

• Question 11 Passwords and biometrics are most closely associated with which of the following?

• Question 12 Policies and procedures differ in that policies are ________ and procedures are __________.

• Question 13  Which of the following is optional, and sets the parameters within which the others can be used?

• Question 14  A backup generator is an example of which type of security control?

• Question 15  What does "tone at the top" refer to?

• Question 16 Log monitoring and review is an example of which type of security control?

• Question 17  A(n) _______ is a confirmed event that compromises the confidentiality, integrity, or availability of information.

• Question 18 Which of the following is a physical control?

• Question 19  Which of the following is not a generally accepted principle for implementing a security awareness program?

• Question 20  In which domain is virtual private networking a security control?

• Question 21  You are on the West Coast but want to connect to your company's intranet on the East Coast. You use a program to "tunnel" through the Internet to reach the intranet. Which technology are you using?

• Question 22  You swipe your finger over your laptop's fingerprint reader to unlock the computer. Which type of authentication method are you using? 

• Question 23  Authentication and encryption of intranet traffic is a _______ Domain issue. 

• Question 24  In which IT domain do service level agreements help ensure the reliability and speed of a network connection?

• Question 25  In the Workstation Domain, ____________ is the best method of reducing the risk of information leakage.

• Question 26  In Kotter's change model, in which step does the ISO tune the message so the value of implementing the policy makes sense?

• Question 27  In Kotter's change model, which of the following is true as part of Step 1: Create urgency?

• Question 28 In an organization, which of the following roles is responsible for the day-to-day maintenance of data?

• Question 29 The basic elements of motivation include pride, success, and __________.

• Question 30 In Kotter's change model, in which step does the ISO work with line management to collect metrics for assessing the policies' effectiveness and ensure metrics are meaningful?

• Question 31 Which personality type tends to be associated with good leaders?

• Question 32 Which of the following is not true of auditors?

• Question 33  To which sector does HIPAA apply primarily?

• Question 34  Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used?

• Question 35 Which of the following is not true of the Sarbanes-Oxley Act?

• Question 36  Which of the following is not a key component that must be covered in an organization's security policy for CIPA compliance?

• Question 37  Which law was challenged by the American Library Association and the American Civil Liberties Union claiming it violated free speech rights of adults?

• Question 38  Which law applies to educational institutions and protects students' records?

• Question 39 Which of the following focuses on the payment card industry?

• Question 40  Which of the following generally merits a change to a security policy that should be reviewed by a policy change board?

• Question 41  What is a potential disadvantage of using consecutive numbers in a policy library?

• Question 42  Antivirus systems, cryptographic systems, and firewalls are examples of which type of security control? 

• Question 43  Which of the following is not a valid reason for using a taxonomy to organize an IT policy library? 

• Question 44  Which of the following is generally not an objective of a security policy change board?

• Question 45  Which principle for developing policies, standards, baselines, procedures, and guidelines discusses a series of overlapping layers of controls and countermeasures?

• Question 46  Your organization was awarded a U.S. government contract. You need to ensure your organization adheres to an acceptable IT security framework. Which of the following is the best choice?

• Question 47 Which of the following might specify the proper use of a cutting-edge technology even if the security vulnerabilities are still unknown?

• Question 48  The program framework policy or information security program charter is the ____________ document.

• Question 49 Which of the following is one of the prime objectives of an information security program?

• Question 50 What is included in an IT policy framework?

Write a review

Order Id

Order Id will be kept Confidential
Your Name:


Your Review:
Rating:   A   B   C   D   F  

Enter the code in the box below:



webzindagi
Tutorial Rank © 2021