Question 1 2.5 / 2.5 points

The use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?
Question options:
Confidentiality
Availability
Integrity
Nonrepudiation
Question 2 2.5 / 2.5 points
The concept of “need to know” is most closely associated with which of the following?
Question options:
Authentication
Availability
Confidentiality
Integrity
Question 3 2.5 / 2.5 points
What is the primary goal of business process reengineering?
Question options:
To develop new security policies
To improve business processes
To implement an enterprise resource system
To determine management bonuses
Question 4 2.5 / 2.5 points
An unauthorized user accessed protected network storage and viewed personnel records. What has been lost?
Question options:
Confidentiality
Nonrepudiation
Integrity
Availability
Question 5 2.5 / 2.5 points
What does COBIT stand for?
Question options:
Control Objectives for Information and Related Technology
Common Objects for Information and Technology
Common Objectives for Information and Technology
Control Objects for Information Technology
Question 6 2.5 / 2.5 points
What does “tone at the top” refer to?
Question options:
Policies, in relation to standards, procedures, and guidelines
Confidentiality in the C-I-A triad
Regulatory bodies, in relation to security policies and controls
Company leaders
Question 7 2.5 / 2.5 points
Which of the following types of security controls stops incidents or breaches immediately?
Question options:
Preventive
Corrective
Detective
None of the above
Question 8 2.5 / 2.5 points
An encryption system is an example of which type of security control?
Question options:
Technical
Corrective
Physical
Administrative
Question 9 2.5 / 2.5 points
Security controls fall into three design types: preventive, detective, and:
Question options:
effective.
corrective.
quantitative.
qualitative.
Question 10 2.5 / 2.5 points
Which of the following is not a generally accepted principle for implementing a security awareness program?
Question options:
Competency should be measured.
Remind employees of risks.
Leaders should provide visible support.
None of the above.
Question 11 2.5 / 2.5 points
Of the following compliance laws, which focuses most heavily on personal privacy?
Question options:
FISMA
GLBA
HIPAA
SOX
Question 12 2.5 / 2.5 points
To which sector does HIPAA apply primarily?
Question options:
Financial
None of the above
Communications
Medical
Question 13 2.5 / 2.5 points
Which law was challenged by the American Library Association and the American Civil Liberties Union claiming it violated free speech rights of adults?
Question options:
CIPA
FERPA
HIPAA
GLBA
Question 14 2.5 / 2.5 points
To which sector does the Sarbanes-Oxley Act apply primarily?
Question options:
Medical
Publically traded companies
Financial
Communications
Question 15 2.5 / 2.5 points
Which compliance law concept states that only the data needed for a transaction should be collected?
Question options:
Public interest
Limited use of personal data
Full disclosure
Opt-in/opt-out
Question 16 2.5 / 2.5 points
You are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?
Question options:
Role-based access control
Elevated privileges
Virtual private networking
Software as a Service
Question 17 2.5 / 2.5 points
Which of the following is not true of segmented networks?
Question options:
By limiting certain types of traffic to a group of computers, you are eliminating a number of threats.
Switches, routers, internal firewalls, and other devices restrict segmented network traffic.
A flat network has more controls than a segmented network for limiting traffic.
Network segmentation limits what and how computers are able to talk to each other.
Question 18 2.5 / 2.5 points
In which domain is virtual private networking a security control?
Question options:
WAN Domain
Remote Access Domain
Both A and B
Neither A nor B
Question 19 0 / 2.5 points
A security policy that addresses data loss protection, or data leakage protection, is an issue primarily in which IT domain?
Question options:
User
Workstation
WAN
System/Application
Question 20 0 / 2.5 points
A nurse uses a wireless computer from a patient’s room to access real-time patient information from the hospital server. Which domain does this wireless connection fall under?
Question options:
System/Application
User
WAN
LAN
Question 21 2.5 / 2.5 points
Regarding security policies, what is a stakeholder?
Question options:
An individual who has an interest in the success of the security policies
A framework in which security policies are formed
A placeholder in the framework where new policies can be added
Another name for a change request
Question 22 0 / 2.5 points
Which personality type tends to be best suited for delivering security awareness training?
Question options:
Pleaser
Performer
Analytical
Commander
Question 23 2.5 / 2.5 points
Which of the following is typically defined as the end user of an application?
Question options:
Data owner
Data manager
Data custodian
Data user
Question 24 0 / 2.5 points
Which of the following is not true of auditors?
Question options:
Report to the leaders they are auditing
Are accountable for assessing the design and effectiveness of security policies
Can be internal or external
Offer opinions on how well the policies are being followed and how effective they are
Question 25 0 / 2.5 points
In an organization, which of the following roles is responsible for the day-to-day maintenance of data?
Question options:
Data owner
Information security office (ISO)
Compliance officer
Data custodian
Question 26 2.5 / 2.5 points
Which of the following include details of how an IT security program runs, who is responsible for day-to-day work, how training and awareness are conducted, and how compliance is handled?
Question options:
Procedures
Guidelines
Standards
Policies
Question 27 0 / 2.5 points
Which of the following are used as benchmarks for audit purposes?
Question options:
Policies
Guidelines
Standards
Procedures
Question 28 2.5 / 2.5 points
What does an IT security policy framework resemble?
Question options:
Narrative document
Cycle diagram
List
Hierarchy or tree
Question 29 0 / 2.5 points
Which of the following is not a control area of ISO/IEC 27002, “Information Technology–Security Techniques–Code of Practice for Information Security Management”?
Question options:
Security policy
Risk assessment and treatment
Asset management
Audit and accountability
Question 30 2.5 / 2.5 points
What is included in an IT policy framework?
Question options:
Procedures
Guidelines
Standards
All of the above
Question 31 0 / 2.5 points
Which of the following is generally not an objective of a security policy change board?
Question options:
Review requested changes to the policy framework
Coordinate requests for changes
Make and publish approved changes to policies
Assess policies and recommend changes
Question 32 2.5 / 2.5 points
When publishing an internal security policy or standard, which role or department usually gives final approval?
Question options:
Audit and Compliance Manager
Senior Executive
Legal
Human Resources
Question 33 0 / 2.5 points
Virus removal and closing a firewall port are examples of which type of security control?
Question options:
Corrective
Recovery
Detective or response
Preventive
Question 34 0 / 2.5 points
Fences, security guards, and locked doors are examples of which type of security control?
Question options:
Technical security
None of the above
Administrative
Physical security
Question 35 0 / 2.5 points
Which principle for developing policies, standards, baselines, procedures, and guidelines discusses a series of overlapping layers of controls and countermeasures?
Question options:
Multidisciplinary principle
Accountability principle
Proportionality principle
Defense-in-depth principle
Question 36 0 / 2.5 points
Who is responsible for data quality within an enterprise?
Question options:
Data steward
Data custodian
CISA
CISO
Question 37 0 / 2.5 points
The core requirement of an automated IT security control library is that the information is:
Question options:
alphabetized.
in a numerical sequence.
in PDF format
searchable.
Question 38 2.5 / 2.5 points
Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?
Question options:
ITIL
COBIT
COSO
OCTAVE
Question 39 2.5 / 2.5 points
__________ refers to the degree of risk an organization is willing to accept.
Question options:
Probability
Risk aversion
Risk tolerance
Risk appetite
Question 40 0 / 2.5 points
A fundamental component of internal control for high-risk transactions is:
Question options:
a defense in depth.
a separation of duties.
data duplication.
following best practices.