Professional Documents
Culture Documents
ClickLinkBelowToBuy:
http://hwaid.com/shop/cis-462-week-11-final-exam/
Question 1
2 out of 2 points
A User Internet Proxy standard and a Content-Blocking Tools
Configuration standard would be associated primarily with which IT
domain?
Question 2
2 out of 2 points
What entity issues and manages digital certificates?
Question 3
2 out of 2 points
A PKI uses public and private ______ for the secure exchange of
information.
Answer
Question 4
0 out of 2 points
Question 5
2 out of 2 points
Baseline standards for the LAN Domain would include
____________.
Answer
Question 6
2 out of 2 points
A standard for Web Services from an external provider would be
part of which set of policies?
Answer
Question 7
2 out of 2 points
A control standard that separates the development environment
from the production environment would be found in which set of
policies?
Answer
Question 8
0 out of 2 points
What is a benefit of instructor-led classroom training for security
awareness?
Answer
Question 9
2 out of 2 points
Accountability, lack of budget, lack of priority, and tight
schedules are examples of ____________.
Answer
Question 10
2 out of 2 points
What is a common consequence of failing to adhere to an
acceptable use policy (AUP)?
Answer
Question 11
2 out of 2 points
Which of the following is least likely to be required to attend an
organization's formal security awareness training program?
Answer
Question 12
0 out of 2 points
Implementing IT security policies is as much about __________ as
it is about implementing controls.
Answer
Question 13
2 out of 2 points
What is the best way to measure a specific user's comprehension
of security awareness training?
Answer
Question 14
0 out of 2 points
Conducting __________ can be an effective security awareness
program solution.
Answer
Question 15
2 out of 2 points
The primary objective of a security awareness program is to
_________.
Answer
Question 16
2 out of 2 points
Which tool can you use in a Microsoft domain to manage security
settings for users and organizational units (OUs)?
Answer
Question 17
2 out of 2 points
What does a configuration management database (CMDB) hold?
Answer
Question 18
0 out of 2 points
A(n) __________ can include a computer's full operating system,
applications, and system settings, including security and configuration
settings.
Answer
Question 19
2 out of 2 points
You want to manage patches and updates for Windows client
computers centrally. Which is the best tool to use?
Answer
Question 20
2 out of 2 points
Which organization maintains the Common Vulnerabilities and
Exposures (CVE) list?
Answer
Question 21
2 out of 2 points
Which of the following methods is used to track compliance?
Answer
Question 22
0 out of 2 points
What is due care?
Answer
Question 23
2 out of 2 points
Common IRT members may be IT subject matter experts, IT
security reps, HR reps, and ____________ reps.
Answer
Question 24
2 out of 2 points
When responding to an incident, when does the IRT timeline
start?
Answer
Question 25
2 out of 2 points
During which phase of incident response do IRT members study
the attack and develop recommendations to prevent similar attacks in
the future?
Answer
Question 26
2 out of 2 points
Before an incident can be declared, the IRT must develop an
incident ________ for incident response.
Question 27
2 out of 2 points
Question 28
2 out of 2 points
During which phase of incident response do IRT members stop
the attack and gather evidence?
Question 29
0 out of 2 points
According to the Payment Card Industry Data Security Standard
(PCI DSS), what is classified as an incident?
Question 30
0 out of 2 points
In a business classification scheme, which classification refers to
routine communications within the organization?
Question 31
0 out of 2 points
Regarding data classification, what does "declassification" mean?
Question 32
2 out of 2 points
What is the general retention period of regulated documents?
Question 33
2 out of 2 points
What is considered to be a natural extension of the BIA when
conducting a BCP?
Question 34
2 out of 2 points
Which of the following is not a primary reason a business
classifies data?
Question 35
2 out of 2 points
In a business classification scheme, which classification refers to
mission-critical data?
Question 36
2 out of 2 points
Question 37
0 out of 2 points
Which U.S. military data classification refers to data that the
unauthorized disclosure of which would reasonably be expected to
cause serious damage to national security?
Question 38
2 out of 2 points
___________ is/are key to security policy enforcement.
Question 39
2 out of 2 points
Your company does not want its employees to use the Internet to
exchange personal e-mail during work hours. What is the best tool to
use to ensure the company does not violate an employee's right to
privacy?
Question 40
0 out of 2 points
Which of the following is least likely to indicate the effectiveness
of an organization's security policies?
Question 41
2 out of 2 points
What is the name of a common control that is used across a
significant population of systems, applications, and operations?
Question 42
0 out of 2 points
Which employee role is directly accountable to ensure that
employees are implementing security policies consistently?
Question 43
2 out of 2 points
Your company wants to minimize the risk of its employees
sharing confidential company information via e-mail. What is the best
tool to use to minimize this risk?
Question 44
2 out of 2 points
An employee used her company-owned computer to e-mail
invitations to friends for her upcoming party, which violated the
company's acceptable use policy. Who is responsible for correcting the
employee's behavior?
Question 45
2 out of 2 points
What is a disadvantage of hard-coding a user name and
password into an application to simplify guest access?
Question 46
2 out of 2 points
What is an example of "hardening"?
Question 47
0 out of 2 points
Which type of agreement would you have a contract system
administrator (temporary worker) sign?
Question 48
2 out of 2 points
Which of the following is a policy that prohibits access or storage
of offensive content?
Question 49
2 out of 2 points
What is pretexting associated with?
Question 50
2 out of 2 points
Who evaluates an organization's technology controls and risks
for compliance with internal security policies or regulations?