COM590 Midterm Exam Latest 2017
Question 1 2.5 / 2.5 points
The use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?
Question options:
Confidentiality
Availability
Integrity
Nonrepudiation
Question 2 2.5 / 2.5 points
The concept of “need to know” is most closely associated with which of the following?
Question options:
Authentication
Availability
Confidentiality
Integrity
Question 3 2.5 / 2.5 points
What is the primary goal of business process reengineering?
Question options:
To develop new security policies
To improve business processes
To implement an enterprise resource system
To determine management bonuses
Question 4 2.5 / 2.5 points
An unauthorized user accessed protected network storage and viewed personnel records. What has been lost?
Question options:
Confidentiality
Nonrepudiation
Integrity
Availability
Question 5 2.5 / 2.5 points
What does COBIT stand for?
Question options:
Control Objectives for Information and Related Technology
Common Objects for Information and Technology
Common Objectives for Information and Technology
Control Objects for Information Technology
Question 6 2.5 / 2.5 points
What does “tone at the top” refer to?
Question options:
Policies, in relation to standards, procedures, and guidelines
Confidentiality in the C-I-A triad
Regulatory bodies, in relation to security policies and controls
XXXXXXX leaders
XXXXXXXX X 2.5 / X.5 points
Which XX XXX XXXXXXXXX types XX security XXXXXXXX stops XXXXXXXXX or breaches immediately?
XXXXXXXX options:
XXXXXXXXXX
Corrective
Detective
None XX the XXXXX
XXXXXXXX 8 X.X / X.X points
XX XXXXXXXXXX XXXXXX XX an example of XXXXX XXXX XX security control?
Question options:
XXXXXXXXX
XXXXXXXXXX
Physical
XXXXXXXXXXXXXX
XXXXXXXX X 2.X / 2.5 points
Security controls XXXX into XXXXX design types: XXXXXXXXXX, XXXXXXXXX, and:
XXXXXXXX options:
XXXXXXXXX.
corrective.
XXXXXXXXXXXX.
qualitative.
XXXXXXXX XX 2.5 / X.5 points
XXXXX XX XXX following is not a generally XXXXXXXX principle for XXXXXXXXXXXX a XXXXXXXX awareness XXXXXXX?
Question options:
Competency should be measured.
XXXXXX XXXXXXXXX of XXXXX.
XXXXXXX should provide visible XXXXXXX.
None of XXX XXXXX.
Question 11 X.X / 2.5 points
XX the XXXXXXXXX compliance XXXX, XXXXX XXXXXXX most heavily on personal XXXXXXX?
Question options:
XXXXX
GLBA
HIPAA
SOX
XXXXXXXX 12 2.X / 2.5 XXXXXX
XX which XXXXXX XXXX XXXXX apply primarily?
Question XXXXXXX:
XXXXXXXXX
XXXX XX XXX XXXXX
XXXXXXXXXXXXXX
XXXXXXX
XXXXXXXX XX X.X / X.X points
XXXXX XXX was challenged XX XXX XXXXXXXX Library XXXXXXXXXXX and the XXXXXXXX Civil XXXXXXXXX Union XXXXXXXX it violated free speech rights XX XXXXXX?
XXXXXXXX XXXXXXX:
CIPA
FERPA
XXXXX
GLBA
XXXXXXXX XX X.X / 2.5 XXXXXX
To XXXXX XXXXXX XXXX the Sarbanes-Oxley Act XXXXX primarily?
XXXXXXXX options:
XXXXXXX
XXXXXXXXXX traded companies
XXXXXXXXX
Communications
XXXXXXXX XX 2.X / X.5 points
Which XXXXXXXXXX law XXXXXXX XXXXXX that only XXX data needed XXX a XXXXXXXXXXX should be collected?
Question XXXXXXX:
Public XXXXXXXX
XXXXXXX XXX XX XXXXXXXX data
XXXX XXXXXXXXXX
Opt-in/opt-out
XXXXXXXX 16 X.5 / X.X XXXXXX
XXX are on XXX XXXX Coast but want to connect to your company’s intranet XX XXX East XXXXX. You XXX a program XX “XXXXXX” XXXXXXX XXX Internet XX XXXXX XXX XXXXXXXX. Which technology are you using?
Question XXXXXXX:
XXXX-based access control
Elevated XXXXXXXXXX
Virtual XXXXXXX networking
XXXXXXXX XX a Service
XXXXXXXX XX 2.5 / 2.X XXXXXX
XXXXX XX the following XX not XXXX of segmented XXXXXXXX?
XXXXXXXX options:
XX limiting XXXXXXX XXXXX XX XXXXXXX to a group XX computers, you are eliminating a number of threats.
Switches, XXXXXXX, XXXXXXXX firewalls, and XXXXX XXXXXXX restrict XXXXXXXXX XXXXXXX traffic.
A flat XXXXXXX XXX more controls XXXX a segmented XXXXXXX for XXXXXXXX XXXXXXX.
XXXXXXX segmentation XXXXXX XXXX and how computers XXX able to talk XX each other.
Question XX X.X / X.5 XXXXXX
XX which domain is virtual private XXXXXXXXXX a XXXXXXXX XXXXXXX?
Question XXXXXXX:
XXX Domain
Remote XXXXXX Domain
Both A XXX B
XXXXXXX A nor X
XXXXXXXX XX X / 2.X points
X XXXXXXXX policy XXXX addresses data loss XXXXXXXXXX, or XXXX leakage XXXXXXXXXX, is an XXXXX XXXXXXXXX in which XX XXXXXX?
XXXXXXXX options:
XXXX
XXXXXXXXXXX
WAN
XXXXXX/Application
XXXXXXXX 20 X / X.X points
X nurse XXXX a wireless computer from a XXXXXXX’s XXXX to access XXXX-time patient information XXXX the XXXXXXXX server. XXXXX domain XXXX XXXX wireless XXXXXXXXXX fall XXXXX?
Question options:
XXXXXX/XXXXXXXXXXX
User
WAN
LAN
Question 21 X.X / X.X XXXXXX
XXXXXXXXX XXXXXXXX XXXXXXXX, what is a XXXXXXXXXXX?
XXXXXXXX options:
XX individual XXX XXX an interest in the success XX XXX security XXXXXXXX
A framework in XXXXX XXXXXXXX policies are XXXXXX
X placeholder in XXX XXXXXXXXX where new policies XXX XX added
XXXXXXX name XXX a XXXXXX request
XXXXXXXX 22 X / 2.X points
XXXXX XXXXXXXXXXX XXXX tends to be best XXXXXX XXX delivering security awareness training?
Question XXXXXXX:
XXXXXXX
XXXXXXXXX
XXXXXXXXXX
XXXXXXXXX
Question XX X.X / X.X points
XXXXX XX the following XX typically XXXXXXX XX XXX XXX XXXX of an XXXXXXXXXXX?
Question XXXXXXX:
Data owner
XXXX XXXXXXX
Data XXXXXXXXX
XXXX user
XXXXXXXX XX X / X.5 points
Which XX the XXXXXXXXX XX not true XX auditors?
Question options:
Report XX the leaders XXXX XXX XXXXXXXX
XXX XXXXXXXXXXX XXX assessing XXX design and XXXXXXXXXXXXX XX XXXXXXXX policies
Can be internal or external
XXXXX XXXXXXXX XX how well XXX XXXXXXXX XXX XXXXX XXXXXXXX and how effective they XXX
Question XX X / X.5 points
XX an XXXXXXXXXXXX, which of XXX following roles XX XXXXXXXXXXX for XXX XXX-XX-XXX XXXXXXXXXXX XX XXXX?
XXXXXXXX options:
Data owner
Information security XXXXXX (XXX)
XXXXXXXXXX XXXXXXX
Data XXXXXXXXX
Question 26 X.X / 2.5 XXXXXX
XXXXX of the XXXXXXXXX include details of how an XX security program XXXX, who XX XXXXXXXXXXX for day-XX-XXX work, how training XXX XXXXXXXXX are XXXXXXXXX, XXX how compliance XX handled?
Question options:
Procedures
Guidelines
Standards
XXXXXXXX
Question XX 0 / X.5 XXXXXX
XXXXX XX XXX following are XXXX XX benchmarks XXX XXXXX purposes?
Question XXXXXXX:
XXXXXXXX
XXXXXXXXXX
Standards
Procedures
XXXXXXXX XX 2.X / X.5 points
What XXXX an XX security policy framework resemble?
XXXXXXXX options:
Narrative document
XXXXX XXXXXXX
List
Hierarchy or XXXX
Question 29 0 / 2.5 points
Which XX the XXXXXXXXX is not a XXXXXXX area XX XXX/XXX XXXXX, “Information Technology–XXXXXXXX Techniques–Code XX Practice for Information XXXXXXXX XXXXXXXXXX”?
Question XXXXXXX:
XXXXXXXX policy
XXXX assessment XXX treatment
Asset management
XXXXX XXX XXXXXXXXXXXXXX
XXXXXXXX 30 X.X / 2.X points
What is included in an IT policy XXXXXXXXX?
Question options:
Procedures
XXXXXXXXXX
XXXXXXXXX
XXX of XXX XXXXX
Question 31 0 / 2.5 XXXXXX
XXXXX of the following XX generally XXX an objective of a security policy XXXXXX board?
XXXXXXXX XXXXXXX:
Review XXXXXXXXX XXXXXXX to the XXXXXX XXXXXXXXX
XXXXXXXXXX XXXXXXXX XXX changes
Make and XXXXXXX approved changes to policies
XXXXXX XXXXXXXX XXX XXXXXXXXX changes
XXXXXXXX XX X.X / 2.5 XXXXXX
When XXXXXXXXXX an XXXXXXXX security XXXXXX or standard, which XXXX or department usually gives final approval?
XXXXXXXX XXXXXXX:
Audit and XXXXXXXXXX XXXXXXX
Senior Executive
Legal
Human XXXXXXXXX
XXXXXXXX XX 0 / 2.X points
XXXXX XXXXXXX and closing a XXXXXXXX port are XXXXXXXX XX which type XX security control?
Question options:
XXXXXXXXXX
Recovery
Detective or response
Preventive
Question 34 X / X.5 points
XXXXXX, security XXXXXX, and locked XXXXX are XXXXXXXX XX XXXXX type XX XXXXXXXX XXXXXXX?
XXXXXXXX options:
XXXXXXXXX security
None of XXX XXXXX
XXXXXXXXXXXXXX
XXXXXXXX XXXXXXXX
Question 35 X / 2.X points
Which XXXXXXXXX XXX developing policies, XXXXXXXXX, XXXXXXXXX, procedures, and XXXXXXXXXX discusses a XXXXXX of overlapping layers of XXXXXXXX XXX XXXXXXXXXXXXXXX?
XXXXXXXX options:
Multidisciplinary principle
XXXXXXXXXXXXXX XXXXXXXXX
Proportionality principle
Defense-in-depth principle
XXXXXXXX 36 X / 2.X XXXXXX
Who is responsible for data quality XXXXXX an enterprise?
Question options:
Data steward
Data custodian
XXXX
CISO
XXXXXXXX XX 0 / X.5 XXXXXX
The core requirement XX an XXXXXXXXX IT security XXXXXXX XXXXXXX is that the XXXXXXXXXXX is:
Question options:
alphabetized.
in a numerical XXXXXXXX.
in PDF XXXXXX
searchable.
Question 38 2.5 / X.X points
XXXXX XXXXXXXX policy framework XXXXXXX XX XXXXXXXX, XXXXXXXXX, XXX XXXXXXXXX XXX XXXXXXXX and XXXXXXXXXX XX XXXXXXXX?
XXXXXXXX options:
XXXX
COBIT
XXXX
XXXXXX
XXXXXXXX XX 2.5 / X.5 points
__________ refers XX the XXXXXX XX XXXX an XXXXXXXXXXXX is willing XX XXXXXX.
Question options:
Probability
XXXX XXXXXXXX
Risk XXXXXXXXX
XXXX appetite
XXXXXXXX 40 X / X.X points
X fundamental XXXXXXXXX of XXXXXXXX XXXXXXX XXX high-XXXX transactions XX:
Question XXXXXXX:
a defense in depth.
a separation XX XXXXXX.
data XXXXXXXXXXX.
XXXXXXXXX XXXX practices.
ANSWER
X. XXXXXXXXXXXXXX
X. XXXXXXXXXXXXXXX
3. XX XXXXXXX XXXXXXXX processes
X. Confidentiality
X. XXXXXXX Objectives for XXXXXXXXXXX XXX Related XXXXXXXXXX
X. XXXXXXXX, in XXXXXXXX XX standards, procedures, XXX guidelines
X. XXXXXXXXXX
X. XXXXXXXXX
9. XXXXXXXXXX.
10. XXXX XX the XXXXX.
11. XXXXX
XX. XXXXXXX
13. CIPA
XX. XXXXXXXXXX XXXXXX XXXXXXXXX
XX. XXXXXXX XXX of personal XXXX
XX. Virtual XXXXXXX networking
17. A XXXX XXXXXXX XXX more controls XXXX a XXXXXXXXX XXXXXXX XXX limiting traffic.
18. XXXXXX XXXXXX XXXXXX
XX. XXXX
XX. LAN
21. An XXXXXXXXXX who XXX an XXXXXXXX in the XXXXXXX XX the XXXXXXXX policies
XX. XXXXXXXXX
XX. XXXX XXXXX
XX. XXX accountable XXX assessing the design XXX effectiveness XX security policies
XX. Data XXXXX
26. XXXXXXXX
27. Standards
28. XXXXXXXXX or XXXX
XX. XXXXX and accountability
30. XXX of XXX XXXXX
31. XXXX XXX XXXXXXX XXXXXXXX changes XX policies
XX. XXXXXX XXXXXXXXX
33. XXXXXXXXXX
XX. Physical XXXXXXXX
35. Defense-in-depth XXXXXXXXX
36. XXXX XXXXXXX
37. searchable.
XX. ITIL
39. XXXX appetite
XX. a separation of XXXXXX.
">