CIS 462 question with answer
- Question 1
In order to enhance the training experience and emphasize the core security goals and mission, it is recommended that the executives _______________________. | ||||
|
- Question 2
Which of the following scenarios illustrates an ideal time to implement security policies in order to gain the maximum level of organizational commitment? | ||||
|
- Question 3
__________________ is a term that denotes the way that a policy either diminishes business disruptions or facilitates the business’s success. | ||||
|
- Question 4
Which of the following is the most important reason to solicit feedback from people who have completed security awareness training? | ||||
|
- Question 5
Many organizations have a(n) ________________________, which is comprised of end user devices (including tablets, laptops, and smartphones) on a shared network and that use distributed system software; this enables these devices to function simultaneously, regardless of location. | ||||
|
- Question 6
In order to build security policy implementation awareness across the organization, there should be ____________________ who partner with other team and departments to promote IT security through different communication channels. | ||||
|
- Question 7
The department responsible for providing security training to new employees is the _______________. | ||||
|
- Question 8
Which of the following statements doesnotoffer an explanation of what motivates an insider to pose a security risk? | ||||
|
- Question 9
One of seven domains of a typical IT infrastructure is the user domain. Within that domain is a range of user types, and each type has specific and distinct access needs. Which of the following types of users has the responsibility of creating and putting into place a security program within an organization? | ||||
|
- Question 10
The Barings Bank collapsed in 1995 after it was found that an employee had lost over $1.3 billion of the bank’s assets on the market. The collapse occurred when an arbitrage trader was responsible for both managing trades and guaranteeing that trades were settled and reported according to proper procedures. To which of the following causes is this collapse attributed? | ||||
|
- Question 11
Which of the following isnotone of the types of control partners? | ||||
|
- Question 12
Of all the reasons that people commit errors when it comes to IT security, which of the following is the main reason people make mistakes? | ||||
|
- Question 13
One of the processes designed to eradicate maximum possible security risks is to ________________, which limits access credentials to the minimum required to conduct any activity and ensures that access is authenticated to particular individuals. | ||||
|
- Question 14
Which of the following user types is responsible for audit coordination and response, physical security and building operations, and disaster recovery and contingency planning? | ||||
|
- Question 15
There are many different types of automated controls that are configured into devices for the purpose of enforcing a security policy. Which of the following isnotan automated control? | ||||
|
- Question 16
There are number of issues to consider when composing security policies. One such issue concerns the use of security devices. One such device is a ____________, which is a network security device with characteristics of a decoy that serves as a target that might tempt a hacker. | ||||
|
- Question 17
In information security, the individual responsible for setting goals for implementing security policies is the _________________. | ||||
|
- Question 18
___________________ are responsible for the monitoring of activities the pre, middle, and post stages of goal implementation, whereas __________________are responsible for the monitoring of activities following the implementation and are called upon to evaluate whether or not the goals have been achieved. | ||||
|
- Question 19
Consider this scenario: A health insurer in Oklahoma settled a class-action lawsuit after having reported that one laptop was stolen in 2008; this laptop contained personal data of more than 1.6 million customers. Based on the fact that the laptop was not encrypted, and that employees were lacking in security awareness training, which of the following statements captures the root cause of this breach? | ||||
|
- Question 20
It is important that partnership exists between the ___________________, which needs to review the standing legislation that governs their business, and the ____________________, which needs to review all recent or significant policy changes. | ||||
|
- Question 21
One of the many roles of the security compliance committee is to focus on controls that are widely used across a large population of applications, systems, and operations. These types of controls are known as ___________________. | ||||
|
- Question 22
In workstation domain policies, _________________ provide the specific technology requirements for each device. IT staff uses recorded and published procedures to enact configurations by devices to ensure that secure connectivity for remote devices exists, as well as virus and malware protection and patch management capability, among several other related functions. | ||||
|
- Question 23
In general, WAN-specific standards identify specific security requirements for WAN devices. For example, the ____________________ explains the family of controls needed to secure the connection from the internal network to the WAN router, whereas the ______________________ identifies which controls are vital for use of Web services provided by suppliers and external partnerships. | ||||
|
- Question 24
___________________ is a term that denotes a user’s capability to authenticate once to access the network and then have automatic authentication on different applications and devices afterward. | ||||
|
- Question 25
A procure document should accompany every baseline document. Which of the following is a true statement about the circumstances for when a procedure document needs to be created to support the baseline document? | ||||
|
- Question 26
Which of the following statements is most accurate with respect to infrastructure security, as demonstrated by the private sector? | ||||
|
- Question 27
Baseline LAN standards are concerned with network traffic monitoring because no matter how good firewalls and routers can be, they are still not 100% effective. Thus, _________________ offer a wide range of protection because they seek out patterns of attack. | ||||
|
- Question 28
An important principle in information security is the concept oflayers of security, which is often referred to aslayered security, ordefense indepth. Which of the following isnotan example of a layer of security? | ||||
|
- Question 29
The ______________________ denotes the application software and technology that concerns a wide range of topics from the data management to the systems that process information. | ||||
|
- Question 30
While it would not be possible to classify all data in an organization, there has nonetheless been an increase in the amount of unstructured data retained in recent years, which has included data and logs. There are many different ways to make the time-consuming and expensive process of retaining data less challenging. Which of the following isnotone these approaches? | ||||
|
- Question 31
The term ________________ denotes data that is being stored on devices like a universal serial bus (USB) thumb drive, laptop, server, DVD, CD, or server. The term ______________ denotes data that exists in a mobile state on the network, such as data on the Internet, wireless networks, or a private network. | ||||
|
- Question 32
If a vulnerability is not fixed at the root cause, there is a possibility that another route of attack can emerge. This route is known as the ____________________. | ||||
|
- Question 33
At Stanford University, data is labeled according to a classification scheme that identifies information in the following way: prohibited, restricted, confidential, and unrestricted. Which of the following schemes has Stanford adopted? | ||||
|
- Question 34
Which of the following outcomes is one of the benefits of a risk-management approach to security policies? | ||||
|
- Question 35
In policies regarding the ___________ of data, it must be guaranteed that the data that exits the private network is secured and monitored; the data should also be encrypted while in transit. | ||||
|
- Question 36
The National Security Information document EO 12356 explains the U.S. military classification scheme of top secret, secret data, confidential, sensitive but unclassified, and unclassified. Which of the following data can be reasonably expected to create serious damage to national security in the event that it was subject to unauthorized disclosure? | ||||
|
- Question 37
2 out of 2 points
In addition to compiling the list of user access requirements, applications, and systems, the BIA also includes processes that are ____________. These processes safeguard against any risks that might occur due to key staff being unavailable or distracted. | ||||
|
- Question 38
In order to form an IRT, an organization is required to create a charter; this document identifies the authority, mission, and goals of a committee or team, and there are a number of different types of IRT models for doing this. Which of the following models permits an IRT to have the complete authority to ensure a breach is contained? | ||||
|
- Question 39
2 out of 2 points
An organization’s _______________________ is a particular group of differently skilled individuals who are responsible for attending to serious security situations. | ||||
|
- Question 40
When reporting incidents, it is necessary to institute transparent procedures for filing incident reports. The process of the incident classification is known astriage. When triage is set in motion, the severity of the threat is assessed. For example, ___________________ occurs when there are a numbers of unauthorized scans, system probes, or vast viruses detected; the event also necessitates manual intervention. | ||||
|
- Question 41
The ____________________ identifies the processes entailed in the business continuity plan and/or the disaster recovery plan. | ||||
|
- Question 42
The goal of conducting an incident analysis is to ascertain weakness. Because each incident is unique and might necessitate a distinct set of approaches, there is a range of steps that can be pursued to aid the analysis. One of these steps is to ________________, which entails mapping the network traffic according to the time of day and look for trends. | ||||
|
- Question 43
It is important to conduct a nearly continuous evaluation of possible ______________ to guarantee that recovery estimates provided to customers are accurate and maintain credibility with customers. | ||||
|
- Question 44
A __________________________ is a term that refers to the original image that is duplicated for deployment. Using this image saves times by eradicating the need for repeated changes to configuration and tweaks to performance. | ||||
|
- Question 45
Microsoft domains offer _______________ in order to enhance security for certain departments or users in an organization. This method allows security gaps to close and security settings to be increased for some computers or users. | ||||
|
- Question 46
Consider this scenario: A sales organization with an onsite IT staff experiences a major outage due to a minor change to a printer. Though systems were working successfully, the printer stopped working when a new server was added to the network. The new server that was added to the network shared the same IP address as the printer. Which of the following statements captures a contributing cause of the problem with the IP compatibility? | ||||
|
- Question 47
There have been a number of attacks on government systems that have been the result of fundamental errors. Correct configurations of these systems would have prevented these attacks, so security experts created the solution in the form of the ___________________________. | ||||
|
- Question 48
2 out of 2 points
A ________________________ is a string of data associated with a file that provides added security, authentication, and nonrepudiation. | ||||
|
- Question 49
A security _____________identifies a group of fundamental configurations designed to accomplish particular security objectives. | ||||
|
Question 50
Even though SNMP is a part of the TCP/IP suite of protocols, it has undergone a series of improvements since its first version. Which of the following is not one of the improvements offered in version 3? | ||||
|