saint leo com590 midterm exam latest 2015 all correct answers

| November 9, 2018

Why are formation security policies important to an
organization?

They add complexity to employee functions, so
it’s hard for employees to change anythg.
They make it hard to attack the organization
with viruses.
They strengthen the company’s ability to
protect its formation resources.
They allow controls to be relaxed or reduced.

Comments:

Question 2. Question
:
Which of the followg is considered a how-to document?

Policy
Standard
Guidele
Procedure

Comments:

Question 3. Question
:
The concept of “need to know” is most closely associated
with which of the followg?

Confidentiality
tegrity
Availability
Authentication

Comments:

Question 4. Question
:
What does COBIT stand for?

Common Objectives for formation and Technology
Common Objects for formation and Technology
Control Objects for formation Technology
Control Objectives for formation and Related
Technology

Comments:

Question 5. Question
:
Which of the followg is not one of the four domas of the
COBIT framework for ISS management?

Plan and Organize
Support and Monitor
Acquire and Implement
Deliver and Support

Comments:

Question 6. Question
:
Which of the followg types of security controls stops cidents
or breaches immediately?

Preventive
Detective
ive
None of the above

Comments:

Question 7. Question
:
A(n) __________ is a confirmed event that compromises the
confidentiality, tegrity, or availability of formation.

risk
threat
breach
impact

Comments:

Question 8. Question
:
Security controls fall to three design types: preventive,
detective, and:

ive.
quantitative.
qualitative.
effective.

Comments:

Question 9. Question
:
A busess __________ emerges when an organization cannot meet
its obligation or duty.

liability
driver
culture
None of the above

Comments:

Question 10. Question
:
A backup generator is an example of which type of security
control?

Physical
Admistrative
Technical
Detective

Comments:

Question 11. Question
:
Which compliance law concept states that dividuals should
know what formation about them is beg collected and should be told how that formation
is beg used?

Full disclosure
Limited use of personal data
formed consent
Public terest

Comments:

Question 12. Question
:
A popular social networkg site recently changed its privacy
policy regardg personal profiles. To prevent your profile formation from beg
shared with anyone on the ternet, you must check a box requestg privacy. What
is this an example of?

Opt
Opt out
Least privilege
Defense depth

Comments:

Question 13. Question
:
Which law applies to educational stitutions and protects
students’ records?

CIPA
FERPA
GLBA
HIPAA

Comments:

Question 14. Question
:
To which sector does HIPAA apply primarily?

Communications
Fancial
Medical
None of the above

Comments:

Question 15. Question
:
To which sector does the Gramm-Leach-Bliley Act apply
primarily?

Communications
Fancial
Medical
None of the above

Comments:

Question 16. Question
:
A policy that addresses the use of personal mobile devices,
such as a smartphone, to access an ternal busess network is an issue of which
IT doma?

User
Workstation
Remote Access
WAN

Comments:

Question 17. Question
:
A nurse uses a wireless computer from a patient’s room to
access real-time patient formation from the hospital server. Which doma does
this wireless connection fall under?

User
LAN
WAN
System/Application

Comments:

Question 18. Question
:
Authentication and encryption of tranet traffic is a
__________ Doma issue.

System/Application
User
Workstation
LAN

Comments:

Question 19. Question
:
You swipe your fger over your laptop’s fgerprt reader to
unlock the computer. Which type of authentication method are you usg?

Somethg you know
Somethg you are
Somethg you have
None of the above

Comments:

Question 20. Question
:
With the User Doma, some of the ways which risk can be mitigated clude awareness,
enforcement, and:

people.
reward.
process.
user access.

Comments:

Question 21. Question
:
Which personality type tends to be associated with good
leaders?

Achiever
Pleaser
Attacker
Analytical

Comments:

Question 22. Question
:
Which of the followg is not true of auditors?

Are accountable for assessg the design and
effectiveness of security policies
Can be ternal or external
Report to the leaders they are auditg
Offer opions on how well the policies are beg
followed and how effective they are

Comments:

Question 23. Question
:
A primary reason why security policies often fail is
__________.

lack of complexity
sufficient leadership support
not enough money
poor planng

Comments:

Question 24. Question
:
an organization,
which of the followg roles is responsible for the day-to-day matenance of data?

formation security office (ISO)
Compliance officer
Data owner
Data custodian

Comments:

Question 25. Question
:
Which of the followg is not true of a hierarchical
organization?

More layers than a flat organization
Centralized authorities
A necessity many large organizations
Wide span of control

Comments:

Question 26. Question
:
Which part of an IT policy framework cludes the program’s
purpose and mission, and the program’s scope with the organization?

Charter
Standards
Guideles
Procedures

Comments:

Question 27. Question
:
The program framework policy or formation security program
charter is the __________ document.

policy
capstone
project
compliance

Comments:

Question 28. Question
:
__________ is the ability to reasonably ensure conformity
and adherence to both ternal and external policies, standards, procedures,
laws, and regulations.

Availability
Nonrepudiation
Awareness
Compliance

Comments:

Question 29. Question
:
Which act was passed the wake of the collapse of Enron, Arthur
Andersen, WorldCom, and several other large firms?

SOX
FERPA
CIPA
FISMA

Comments:

Question 30. Question
:
Your organization was awarded a U.S. government contract.
You need to ensure your organization adheres to an acceptable IT security
framework. Which of the followg is the best choice?

COBIT
COSO
NIST SP 800-53
None of the above

Comments:

Question 31. Question
:
Which of the followg is generally not an objective of a
security policy change board?

Assess policies and recommend changes
Make and publish approved changes to policies
Coordate requests for changes
Review requested changes to the policy
framework

Comments:

Question 32. Question
:
Antivirus systems, cryptographic systems, and firewalls are
examples of which type of security control?

Admistrative
Technical security
Physical security
None of the above

Comments:

Question 33. Question
:
Before you beg security policy awareness trag, what is the
first step you should take to help ensure success?

Purchase a Governance, Risk, and Compliance
tool
Publish the security policy documents to a
wiki
Seek management buy-
Write an article about the trag the company newsletter

Comments:

Question 34. Question
:
What is the primary role of a security policy evangelist?

Promote security policy awareness and address
user questions
Monitor user adherence to security policies
Conduct security policy awareness trag
Review student participation security policy awareness trag

Comments:

Question 35. Question
:
Which of the followg is not a valid reason for usg a
taxonomy to organize an IT policy library?

Organizes policy library
Makes it easy to see how standards,
procedures, and guideles are related
Is required by all compliance laws
The name of a document dicates where it’s
located the library

Comments:

Question 36. Question
:
Which IT framework extends the COBIT framework and is a
comprehensive risk management approach?

ISACA Risk IT framework
COSO
ITIL
ISO 27002

Comments:

Question 37. Question
:
Which security policy framework, developed by CERT, focuses
on formation security assessment and planng?

COSO
COBIT
ITIL
OCTAVE

Comments:

Question 38. Question
:
The core requirement of an automated IT security control
library is that the formation is:

alphabetized.
searchable.
a
numerical sequence.
PDF
format.

?

Comments:

Question 39. Question
:
the fancial services
sector, the use of the “three les of defense” cludes the busess unit (BU), a
risk management program, and:

separation of duties.
an AUP.
an dependent auditor.
Both B and C.

Comments:

Question 40. Question
:
Your organization is adoptg several security policy
frameworks. Which of the followg is best suited for processg credit cards?

COSO
PCI DSS
COBIT
ITIL

Comments:

Get a 20 % discount on an order above $ 40
Use the following coupon code:
LOBSTER
Positive SSL