CIS 462 Final Exam (2 Set)

CIS 462 Final Exam (2 Set)

This Tutorial was purchased 9 times & rated A+ by students like you.

  |  Write a review  |   Reviews (3)   |  
Price: $15.00
     
 

Attachments: CIS 462 Final Exam Guide Set 1.docx [ Preview Here ] CIS 462 Final Exam Guide Set 2.docx [ Preview Here ]

This Tutorial contains 2 Set of Final Exam

 

 

CIS 462 Final Exam Guide Set 1

           

           

•           Question 1                   A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?

 

•           Question 2                   What entity issues and manages digital certificates?

 

•           Question 3                   A PKI uses public and private ______ for the secure exchange of information.      

 

•           Question 4                   A Wi-Fi Access Point Security standard defines secure wireless connectivity to a network. With which IT domain is this standard primarily associated?

                       

•           Question 5                   Baseline standards for the LAN Domain would include ____________.

                       

•           Question 6A    standard for Web Services from an external provider would be part of which set of policies?

                       

•           Question 7                   A control standard that separates the development environment from the production environment would be found in which set of policies?                                 

•           Question 8                   What is a benefit of instructor-led classroom training for security awareness?

•           Question 9                   Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.

 

•           Question 10                 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?

                       

•           Question 11                 Which of the following is least likely to be required to attend an organization's formal security awareness training program?

 

•           Question 12                 Implementing IT security policies is as much about __________ as it is about implementing controls.

                       

•           Question 13                 What is the best way to measure a specific user's comprehension of security awareness training?

                       

•           Question 14                 Conducting __________ can be an effective security awareness program solution.

           

•           Question 15                 The primary objective of a security awareness program is to _________.

                       

•           Question          16Which tool can you use in a Microsoft domain to manage security settings for users and organizational units (OUs)?

 

•           Question 17                 What does a configuration management database (CMDB) hold?

                       

•           Question 18                 A(n) __________ can include a computer's full operating system, applications, and system settings, including security and configuration settings.

           

•           Question 19                 You want to manage patches and updates for Windows client computers centrally. Which is the best tool to use?

                       

•           Question 20                 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?

                                   

•           Question 21                 Which of the following methods is used to track compliance?

                       

•           Question 22                 What is due care?

                       

•           Question 23                 Common IRT members may be IT subject matter experts, IT security reps, HR reps, and ____________ reps.

                       

•           Question 24                 When responding to an incident, when does the IRT timeline start?

                       

•           Question 25                 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?

                       

•           Question 26                 Before an incident can be declared, the IRT must develop an incident ________ for incident response.

                                   

•           Question 27                 FISMA requires federal agencies to report major incidents to which organization?

                       

•           Question 28                 During which phase of incident response do IRT members stop the attack and gather evidence?

                                   

•           Question 29                 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?

                                   

•           Question 30                 In a business classification scheme, which classification refers to routine communications within the organization?

                       

•           Question 31                 Regarding data classification, what does "declassification" mean?

                                               

•           Question 32                 What is the general retention period of regulated documents?

                                   

•           Question 33                 What is considered to be a natural extension of the BIA when conducting a BCP?

                       

•           Question 34                 Which of the following is not a primary reason a business classifies data?

                       

•           Question 35     In a business classification scheme, which classification refers to mission-critical data?

                       

•           Question 36                 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?

                       

•           Question 37                 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?

                                   

•           Question 38                 ___________ is/are key to security policy enforcement.

                       

•           Question 39                 Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee's right to privacy?

 

                                   

•           Question 40                 Which of the following is least likely to indicate the effectiveness of an organization's security policies?

                       

•           Question 41                 What is the name of a common control that is used across a significant population of systems, applications, and operations?

                       

•           Question 42                 Which employee role is directly accountable to ensure that employees are implementing security policies consistently?

 

•       Question 43                    Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?

 

•           Question 44                 An employee used her company-owned computer to e-mail invitations to friends for her upcoming party, which violated the company's acceptable use policy. Who is responsible for correcting the employee's behavior?

           

•           Question 45                 What is a disadvantage of hard-coding a user name and password into an application to simplify guest access?

                       

•           Question 46                 What is an example of "hardening"?

 

•           Question 47                 Which type of agreement would you have a contract system administrator (temporary worker) sign?

 

           

•           Question 48                 Which of the following is a policy that prohibits access or storage of offensive content?

 

•           Question 49                 What is pretexting associated with?

•           Question 50                 Who evaluates an organization's technology controls and risks for compliance with internal security policies or regulations?

                                   

 

CIS 462 Final Exam Guide Set 2

 

 

• Question 1    What is the most reasonable way to deal with outdated technology that cannot conform to an organization's security policies?

• Question 2    To be effective, which of the following must follow security policies?

• Question 3    Conducting __________ can be an effective security awareness program solution.

• Question 4    Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.

• Question 5    The primary objective of a security awareness program is to _________.

• Question 6    What is a common consequence of failing to adhere to an acceptable use policy (AUP)?

• Question 7    What is a benefit of instructor-led classroom training for security awareness?

• Question 8    Which of the following is generally not a part of a security awareness communications plan?

• Question 9    Which of the following methods is used to track compliance?

• Question 10  Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?

• Question 11  Best practices for IT security policy compliance monitoring includes ___________.

• Question 12 Three major components of the ITIL life cycle are service transition, service operation, and service _________.

• Question 13  You want to identify active hosts on a network, detect open ports, and determine the operating system in use on servers. Which is the best tool to use?

• Question 14 Nessus® is a type of _______________.

• Question 15 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?

• Question 16  Which organizational committee ensures that an external service provider is meeting the service level agreement (SLA) in the contract?

• Question 17  ___________ is/are key to security policy enforcement.

• Question 18  In a large organization, what is the name of the entity that reviews technology activity and provides approvals before a project or activity can proceed to the next stage?

• Question 19 When monitoring an employee's Internet use, which of the following can potentially violate an employee's rights?

• Question 20  What is the name of a common control that is used across a significant population of systems, applications, and operations?

• Question 21  Which of the following is a manual control for enforcing security policies?Before an incident can be declared, the IRT must develop an incident ________ for incident response.

• Question 22 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future? 

• Question 23  During which phase of incident response do IRT members recover from the attack and resume operations? 

• Question 24 During which phase of incident response do IRT members stop the attack and gather evidence?

• Question 25  During which phase of incident response do IRT members stop the attack and gather evidence?

• Question 26  Triage is performed during which phase of incident response?

• Question 27 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?

• Question 28 When analyzing an IT incident, which of the following is not something you need to identify?

• Question 29 When reporting an incident, the IRT team must first classify the _________ of the incident

• Question 30  A System Use Notification standard describes the on-screen display of system notification messages, such as a legal notice that the user is accessing a protected system. With which IT domain is this standard primarily associated?

• Question 31 A LAN Domain policy would include guidelines for which of the following?

• Question 32 A Separation of Environments standard establishes the need to separate the development environment from the production environment. With which IT domain is this standard primarily associated?

• Question 33  A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?

• Question 34  Baseline standards for the LAN Domain would include ____________.

• Question 35  Which of the following documents describes core control requirements for framework policies?

• Question 36  A PKI uses public and private ______ for the secure exchange of information.

• Question 37 When classifying documents in a business, the data owner must strike a balance between protection and _____________.

• Question 38 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?

• Question 39  In a business classification scheme, which classification refers to routine communications within the organization?

• Question 40  Before a BCP can be completed, a(n) _________ must first be completed and agreed upon by all the key departments within the organization.

• Question 41 Regarding data classification, what does "declassification" mean?

• Question 42  Which U.S. government data classification refers to confidential data that's not subject to release under the Freedom of Information Act? 

• Question 43  What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons? 

• Question 44  Which of the following is not a primary reason a business classifies data?

• Question 45 Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take?

• Question 46 Which of the following is generally not true of contractor workers?

• Question 47 What is an example of "hardening"?

• Question 48  Who is most likely to have the least amount of security awareness about your organization?

• Question 49  Who evaluates an organization's technology controls and risks for compliance with internal security policies or regulations?

• Question 50  Which type of agreement would you have a contract system administrator (temporary worker) sign?

Write a review

Order Id

Order Id will be kept Confidential
Your Name:


Your Review:
Rating:   A   B   C   D   F  

Enter the code in the box below:



webzindagi
Tutorial Rank © 2021