Details of this Paper

Saint COm510 final exam fall 2014




Question;Question 1.1.Which of the following is a subprocess of the unfreezing process in Lewin's change model? (Points: 5) cognitive redefinitionrealization that a new method is the best waycreation of psychological safety or overcoming learning anxietyimitation and positive or defensive identification with a role modelQuestion 2.2.A _____ is an example of the "something you are" authentication mechanism. (Points: 5) fingerprintpasswordsmart cardsignature pattern recognitionQuestion 3.3.A security technician usually reports to a person with a ____ level of authority. (Points: 5) CIOCFOCEOCISOQuestion 4.4.The ____ certification program is an option for individuals who wish to take the CISSP or SSCP exams before obtaining the requisite experience for certification. (Points: 5) TICSASCPMCSE(ISC)? AssociateQuestion 5.5._____ allow only specific packets with a particular source, destination, and port address to pass through it. (Points: 5) dynamic packet filtering firewallspacket filtering firewallsstateful inspection firewallsapplication-level firewallsQuestion 6.6.The analysis team presents its proposed mitigation plans to the _____ group. (Points: 5) information technologysenior managementinformation securitymiddle managementQuestion 7.7._____ is the third generation of firewalls. (Points: 5) stateful inspection firewallapplication-level firewalldynamic packet filtering firewallpacket filtering firewallsQuestion 8.8.The _____ team is involved in the operational area management knowledge process. (Points: 5) middle managerssenior managersinformation securityindependent consultantsQuestion 9.9.____ work on special projects for organizations, and are self-employed people with their own contractual obligations and security requirements. (Points: 5) ConsultantsContractorsBusiness partnersTemporary workersQuestion 10.10._____ is the most critical success factor for security risk evaluations. (Points: 5) selecting the analysis teamscoping the OCTAVE Methodgetting senior management sponsorshipselecting participantsQuestion 11.11.The ____ is a division of the NSA, and provides a wide variety of information security solutions for cyber defense. (Points: 5) IADNIPCFBICIAQuestion 12.12.In a cost-benefit analysis, the _____ is the value to the organization of using controls to prevent losses associated with a specific vulnerability? (Points: 5) costbenefitloss expectancyasset valueQuestion 13.13.Deliberate software attacks include worms, denial of service, macros, and ____. (Points: 5) unknown loopholespiracybugsvirusesQuestion 14.14.The Public Company Accounting Reform and Investor Protection Act demands that the CEO and ____ assume direct and personal accountability for the completeness and accuracy of a publicly traded organization's financial reporting and record-keeping systems. (Points: 5) CIOCISOCFOCOOQuestion 15.15._____ is the primary and dominant cryptographic authentication and encryption framework for security development within the TCP/IP family of protocol standards. (Points: 5) Secure Hypertext Transfer ProtocolSecure ShellIP SecuritySecure Sockets LayerQuestion 16.16.An information security project wrap-up is usually a procedural task that would be assigned to a ____ staff member or an information security manager. (Points: 5) low-levelCOOmid-levelCIOQuestion 17.17.Which of the following is not an example of a disaster recovery plan? (Points: 5) data recovery proceduresreestablishment of lost service proceduresinformation gathering proceduresshut down proceduresQuestion 18.18.In keeping with the requirements of the Public Company Accounting Reform and Investor Protection Act, the executives in an organization rely on the expertise of the ____ to ensure that the systems used to report and record information are sound. (Points: 5) COOCISOCFOComptrollerQuestion 19.19._____ technical controls defend against threats from outside of the organization. (Points: 5) security planningpolicy and laweducation and trainingfirewallQuestion 20.20.A(n) _____ is a valuable tool in managing an intrusion detection system. (Points: 5) port scanneragentfirewallconsolidated enterprise managerQuestion 21.21.In the US military classification scheme, ____ refers to information assets that would adversely affect US national interests if lost, misused, or made available to sources with unauthorized access. (Points: 5) Confidential DataSensitive But UnclassifiedTop Secret DataSecret DataQuestion 22.22.Which of the following is NOT part of the Implementing Controls phase of the Microsoft Security Risk Management program? (Points: 5) seek holistic approachorganize by defense-in-depthdevelop risk scorecardall of these are part of this phaseQuestion 23.23.Enacted in 1999, the Gramm-Leach-Bliley Act addresses ____ issues. (Points: 5) bankingtrade secretscryptographyprivacyQuestion 24.24.Which of the following is a software asset type? (Points: 5) test equipmentcustom applicationnetworking devicesdesktopsQuestion 25.25.When it is developed, the CIFI body of knowledge is expected to cover ____. (Points: 5) tracebackinformation security governanceresponse managementrisk managementQuestion 26.26.Which law governs the federal agency use of personal information? (Points: 5) The Telecommunications Deregulation and Competition Act of 1996Computer Security Act of 1987USA Patriot Act of 2001Federal Privacy Act of 1974Question 27.27.____ should not be allowed to wander freely in and out of buildings. (Points: 5) ConsultantsBusiness partnersService contractorsTemporary workersQuestion 28.28.Which of the following is a domain of the CompTIA Security+ exam? (Points: 5) general security conceptsbusiness risk managementIS audit processdisaster recovery and business continuityQuestion 29.29.Which access controls are structured and coordinated with a data classification scheme? (Points: 5) mandatory access controlsdiscretionary access controlsrole-based controlsnondiscretionary controlsQuestion 30.30.The ____ was enacted to prevent abuse of information while employed elsewhere. (Points: 5) Electronic Communications Privacy Act of 1986Public Company Accounting Reform and Investor Protection Act of 2002Economic Espionage Act of 1996Financial Services Act of 1999Question 31.31.In phase 3 of the OCTAVE Method, the creation of mitigation plans occurs during the _____ process. (Points: 5) development of a protection strategyrisk analysiscreation of threat profilesidentification of key componentsQuestion 32.32.The identification of a system of interest occurs during the _____. (Points: 5) identification of relative prioritiesidentification of key componentscreation of threat profilesevaluation of selected componentsQuestion 33.33.Which of the following characteristics currently used today for authentication purposes is not considered truly unique? (Points: 5) fingerprintsirisretinaID CardsQuestion 34.34.Which of the following best describes the incident response plan? (Points: 5) actions undertaken by an organization during an attackrecovery preparationsstep-by-step rules to regain normalcystrategies to limit business losses before and during a disasterQuestion 35.35._____ firewalls are simple network devices that examine all incoming and outgoing packet headers, selectively allowing or rejecting packets. (Points: 5) packet filteringstateful inspectionDMZproxyQuestion 36.36.Which of the following is a responsibility of an information security department manager? (Points: 5) offering technical information security consulting services to network administratorsrunning vulnerability identification software packagespreparing post-mortem analyses of information security breachestraining Access Control System administrators to set up firewallsQuestion 37.37.Which official determines which package best serves the needs of the organization? (Points: 5) VP of Human ResourcesCFOCIO or CISOCOOQuestion 38.38._____ are software programs or hardware/software appliances that allow administrators to restrict content that comes into a network. (Points: 5) port scannerspacket sniffersvulnerability scannerscontent filtersQuestion 39.39.From Schwartz et al., information security positions can be categorized as those that define, those that build, and those that ____. (Points: 5) implementdesignadministeroperateQuestion 40.40._____ is a biometric authentication system that is considered to be least secure. (Points: 5) keystroke pattern recognitionsignature recognitionretina pattern recognitionfingerprint recognition


Paper#36387 | Written in 18-Jul-2015

Price : $42