CIS 462 Week 11 Final Exam

ClickLinkBelowToBuy:
http://hwaid.com/shop/cis-462-week-11-final-exam/

Question 1

2 out of 2 points
A User Internet Proxy standard and a Content-Blocking Tools
Configuration standard would be associated primarily with which IT
domain?

Question 2

2 out of 2 points
What entity issues and manages digital certificates?

Question 3

2 out of 2 points
A PKI uses public and private ______ for the secure exchange of
information.
Answer

Question 4

0 out of 2 points

A Wi-Fi Access Point Security standard defines secure wireless

connectivity to a network. With which IT domain is this standard
primarily associated?
Answer

Question 5

2 out of 2 points
Baseline standards for the LAN Domain would include
____________.
Answer

Question 6

2 out of 2 points
A standard for Web Services from an external provider would be
part of which set of policies?
Answer

Question 7

2 out of 2 points
A control standard that separates the development environment
from the production environment would be found in which set of
policies?
Answer

Question 8

0 out of 2 points
What is a benefit of instructor-led classroom training for security
awareness?
Answer

Question 9

2 out of 2 points
Accountability, lack of budget, lack of priority, and tight
schedules are examples of ____________.
Answer

Question 10

2 out of 2 points
What is a common consequence of failing to adhere to an
acceptable use policy (AUP)?
Answer

Question 11

2 out of 2 points
Which of the following is least likely to be required to attend an
organization's formal security awareness training program?
Answer

Question 12

0 out of 2 points
Implementing IT security policies is as much about __________ as
it is about implementing controls.
Answer

Question 13

2 out of 2 points
What is the best way to measure a specific user's comprehension
of security awareness training?
Answer

Question 14

0 out of 2 points
Conducting __________ can be an effective security awareness
program solution.
Answer

Question 15

2 out of 2 points
The primary objective of a security awareness program is to
_________.
Answer

Question 16

2 out of 2 points
Which tool can you use in a Microsoft domain to manage security
settings for users and organizational units (OUs)?
Answer

Question 17

2 out of 2 points
What does a configuration management database (CMDB) hold?
Answer

Question 18

0 out of 2 points
A(n) __________ can include a computer's full operating system,
applications, and system settings, including security and configuration
settings.
Answer

Question 19

2 out of 2 points
You want to manage patches and updates for Windows client
computers centrally. Which is the best tool to use?
Answer

Question 20

2 out of 2 points
Which organization maintains the Common Vulnerabilities and
Exposures (CVE) list?
Answer

Question 21

2 out of 2 points
Which of the following methods is used to track compliance?
Answer

Question 22

0 out of 2 points
What is due care?
Answer

Question 23

2 out of 2 points
Common IRT members may be IT subject matter experts, IT
security reps, HR reps, and ____________ reps.
Answer

Question 24

2 out of 2 points
When responding to an incident, when does the IRT timeline
start?
Answer

Question 25

2 out of 2 points
During which phase of incident response do IRT members study
the attack and develop recommendations to prevent similar attacks in
the future?
Answer

Question 26

2 out of 2 points
Before an incident can be declared, the IRT must develop an
incident ________ for incident response.

Question 27

2 out of 2 points

FISMA requires federal agencies to report major incidents to

which organization?

Question 28

2 out of 2 points
During which phase of incident response do IRT members stop
the attack and gather evidence?

Question 29

0 out of 2 points
According to the Payment Card Industry Data Security Standard
(PCI DSS), what is classified as an incident?

Question 30

0 out of 2 points
In a business classification scheme, which classification refers to
routine communications within the organization?

Question 31

0 out of 2 points
Regarding data classification, what does "declassification" mean?

Question 32

2 out of 2 points
What is the general retention period of regulated documents?

Question 33

2 out of 2 points
What is considered to be a natural extension of the BIA when
conducting a BCP?

Question 34

2 out of 2 points
Which of the following is not a primary reason a business
classifies data?

Question 35

2 out of 2 points
In a business classification scheme, which classification refers to
mission-critical data?

Question 36

2 out of 2 points

What is a security benefit of routinely deleting electronic

documents that are no longer required for legal or business reasons?

Question 37

0 out of 2 points
Which U.S. military data classification refers to data that the
unauthorized disclosure of which would reasonably be expected to
cause serious damage to national security?

Question 38

2 out of 2 points
___________ is/are key to security policy enforcement.

Question 39

2 out of 2 points
Your company does not want its employees to use the Internet to
exchange personal e-mail during work hours. What is the best tool to
use to ensure the company does not violate an employee's right to
privacy?

Question 40

0 out of 2 points
Which of the following is least likely to indicate the effectiveness
of an organization's security policies?

Question 41

2 out of 2 points
What is the name of a common control that is used across a
significant population of systems, applications, and operations?

Question 42

0 out of 2 points
Which employee role is directly accountable to ensure that
employees are implementing security policies consistently?

Question 43

2 out of 2 points
Your company wants to minimize the risk of its employees
sharing confidential company information via e-mail. What is the best
tool to use to minimize this risk?

Question 44

2 out of 2 points
An employee used her company-owned computer to e-mail
invitations to friends for her upcoming party, which violated the
company's acceptable use policy. Who is responsible for correcting the
employee's behavior?

Question 45

2 out of 2 points
What is a disadvantage of hard-coding a user name and
password into an application to simplify guest access?

Question 46

2 out of 2 points
What is an example of "hardening"?

Question 47

0 out of 2 points
Which type of agreement would you have a contract system
administrator (temporary worker) sign?

Question 48

2 out of 2 points
Which of the following is a policy that prohibits access or storage
of offensive content?

Question 49

2 out of 2 points
What is pretexting associated with?

Question 50

2 out of 2 points
Who evaluates an organization's technology controls and risks
for compliance with internal security policies or regulations?