Details of this Paper

Saint COm510 midterm exam




Question;Question 1.;1.;The process that develops, creates, and implements strategies for the accomplishment of objectives is called ____.;(Points: 5);leadingcontrollingorganizingplanning;Question 2.;2.;implements and oversees the use of controls to reduce risk.;(Points: 5);Risk assessmentIncident responseRisk managementNetwork security administration;Question 3.;3.;Which of the following is an advantage of the user support group form of training?;(Points: 5);usually conducted in an informal social settingformal training plancan be live, or can be archived and viewed at the trainee's conveniencecan be customized to the needs of the trainee;Question 4.;4.;Which of the following is the first step in the process of implementing training?;(Points: 5);identify training staffidentify target audiencesidentify program scope, goals, and objectivesmotivate management and employees;Question 5.;5.;occurs when a control provides proof that a user possesses the identity that he or she claims.;(Points: 5);IdentificationAuthenticationAuthorizationAccountability;Question 6.;6.;According to the C.I.A. triangle, the three desirable;characteristics of information are confidentiality, integrity, and ____.;(Points: 5);accountabilityavailabilityauthorizationauthentication;Question 7.;7.;Which of the following is a definite indicator of an actual incident?;(Points: 5);unusual system crashesreported attackpresence of new accountsuse of dormant accounts;Question 8.;8.;Which of the following certifications is considered among the most prestigious for security managers?;(Points: 5);CISSPCISAGIACSecurity +;Question 9.;9.;The COSO framework component ____, based on the establishment;of objectives, assists in the identification and examination of valid;risks to objectives as well as information.;(Points: 5);Control environmentRisk assessmentControl activitiesInformation management;Question 10.;10.;A medium-sized organization has ____.;(Points: 5);a larger security staff than a small organizationa larger security budget than a small organization1,000 to 10,000 computerslarger security needs than a small organization;Question 11.;11.;The ____ component of an EISP defines the organizational;structure designed to support information security within the;organization.;(Points: 5);Information Technology Security Responsibilities and RolesNeed for Information Technology SecurityReference to Other Information Technology Standards and GuidelinesInformation Technology Security Elements;Question 12.;12.;The IRP is usually activated ____.;(Points: 5);before an incident takes placewhen an incident is detectedonce the DRP is activatedonce the BCP is activated;Question 13.;13.;is the process of measuring against established standards.;(Points: 5);BaseliningBenchmarkingTargetingProfiling;Question 14.;14.;is the quality or state of being whole, complete, and uncorrupted.;(Points: 5);IntegrityAuthorizationSecurityConfidentiality;Question 15.;15.;Very large organizations have ____ computers.;(Points: 5);100 to 1,0001,000 to 5,00010,000 to 50,000more than 10,000;Question 16.;16.;A(n) ____ is a detailed description of the activities that occur during an attack.;(Points: 5);attack rosterattack profileattack messageattack diagnostic;Question 17.;17.;Identification is typically performed by means of a(n) ____.;(Points: 5);audit loguser namecryptographic certificateaccess control list;Question 18.;18.;The COSO framework component ____ includes the policies and procedures to support management directives.;(Points: 5);Control environmentRisk assessmentControl activitiesInformation management;Question 19.;19.;Defining the scope of an ISMS is part of which phase of the BS7799 Part 2 Plan-Do-Check-Act cycle?;(Points: 5);PlanDoCheckAct;Question 20.;20.;A(n) ____ security policy provides detailed, targeted;guidance to instruct all members of the organization in the use of;technology-based systems.;(Points: 5);issue-specificenterprise informationsystem-specificinformation;Question 21.;21.;Internal ISMS audits are conducted during the ____ phase of the Plan-Do-Check-Act cycle.;(Points: 5);PlanDoCheckAct;Question 22.;22.;control tools evaluate the efficiency and effectiveness of business processes.;(Points: 5);FinancialBehavioralInformationOperational;Question 23.;23.;Which of the following is a disadvantage of user support groups?;(Points: 5);relatively inflexibleresource intensive, to the point of being inefficientcentered on a specific topic or productsoftware can be very expensive;Question 24.;24.;Corrective or preventive action is taken during the ____ phase of the Plan-Do-Check-Act cycle.;(Points: 5);PlanDoCheckAct;Question 25.;25.;To ensure ____, an organization must demonstrate that it is;continuously attempting to meet the requirements of the market in which;it operates.;(Points: 5);policy administrationdue diligenceadequate security measurescertification and accreditation;Question 26.;26.;When users call an organization with problems with their;computers, the network, or an Internet connection, they speak with the;(Points: 5);security officershelp desk personnelsecurity stafferssecurity consultants;Question 27.;27.;Communications security involves the protection of an organization's ____.;(Points: 5);employeesphysical assetstechnologydata network devices;Question 28.;28.;evaluates patches used to close software vulnerabilities;and acceptance testing of new systems to assure compliance with policy;and effectiveness.;(Points: 5);Systems testingRisk assessmentIncident responsePlanning;Question 29.;29.;A risk assessment is performed during the ____ phase of the SecSDLC.;(Points: 5);implementationanalysisdesigninvestigation;Question 30.;30.;An identified weakness of a controlled system is known as a ____.;(Points: 5);liabilitythreatvulnerabilityfault;Question 31.;31.;Which of the following is NOT a question you should ask when considering best practices for your organization?;(Points: 5);Do you have a similar customer base as the target?Is your organization structure similar to the target?Do you face similar challenges as the target?Are you in a similar industry as the target?;Question 32.;32.;Best business practices are also known as ____.;(Points: 5);recommended practicesuniversal practicesindustry practicesbest models;Question 33.;33.;The ____ layer of the bull's-eye model consists of computers;used as servers, desktop computers, and systems used for process control;and manufacturing systems.;(Points: 5);PoliciesNetworksApplicationsSystems;Question 34.;34.;A ____ is a value or profile of a performance metric against;which changes in the performance metric can be usefully compared.;(Points: 5);targetframeworkbenchmarkbaseline;Question 35.;35.;Which of the following is true about a hot site?;(Points: 5);It is an empty room with standard heating, air conditioning, and electrical service.It includes computing equipment and peripherals with servers but not client workstations.It duplicates computing resources, peripherals, phone systems, applications, and workstations.All communications services must be installed after the site is occupied.;Question 36.;36.;The DRP is usually managed by the ____.;(Points: 5);CEOCIOCISOIT community of interest;Question 37.;37.;Operational plans are used by ____.;(Points: 5);managerssecurity managersthe CISOthe CIO;Question 38.;38.;A SDLC-based project that is the result of a carefully developed strategy is said to be ____.;(Points: 5);employee-drivenplan-drivensequence-drivenevent-driven;Question 39.;39.;A disadvantage of creating a number of independent ISSP documents is that the result may ____.;(Points: 5);overgeneralize the issuessuffer from poor policy disseminationskip over vulnerabilitiesbe written by those with less complete subject matter expertise;Question 40.;40.;A joint application development team can survive employee turnover by ____.;(Points: 5);having as few employees in the team as possiblehaving as many employees in the team as possibledocumenting the processes and procedures used by the teamhaving all the members work independently


Paper#36510 | Written in 18-Jul-2015

Price : $29