14 Jan Data steward
COM590 Strategic Planning Cybersecurity
MIDTERM EXAM
Question 1 Which set of security tenets best represents the information assurance framework?
Question 1 options:
C-I-A triad
None of the above
Confidentiality and integrity
The five pillars
Question 2 During which phase of the COBIT ISS management life cycle do you review how you are going to manage your IT investment such as contracts, service level agreements (SLAs), and new policy ideas?
Question 2 options:
Deliver and Support
Monitor and Evaluate
Acquire and Implement
Plan and Organize
Question 3 Which of the following is considered a how-to document?
Question 3 options:
Guideline
Policy
Standard
Procedure
Question 4 During which phase of the COBIT ISS management life cycle do internal and external audits occur?
Question 4 options:
Acquire and Implement
Monitor and Evaluate
Deliver and Support
Plan and Organize
Question 5 What does COBIT stand for?
Question 5 options:
Common Objects for Information and Technology
Control Objectives for Information and Related Technology
Common Objectives for Information and Technology
Control Objects for Information Technology
Question 6 A business __________ emerges when an organization cannot meet its obligation or duty.
Question 6 options:
driver
None of the above
liability
culture
Question 7 Security controls fall into three design types: preventive, detective, and:
Question 7 options:
qualitative.
quantitative.
effective.
corrective.
Question 8 An organization’s security awareness program is an example of which type of security control?
Question 8 options:
Administrative
Detective
Technical
Physical
Question 9 Which of the following is not a generally accepted principle for implementing a security awareness program?
Question 9 options:
Competency should be measured.
Remind employees of risks.
Leaders should provide visible support.
None of the above.
Question 10 The key to __________ is being able to measure compliance against a set of controls.
Question 10 options:
nonrepudiation
security policy
business management
risk exposure
Question 11 Which compliance law concept states that a person of legal age, capable, with the needed facts, and without undue pressure can make an informed judgment?
Question 11 options:
Full disclosure
Limited use of personal data
Informed consent
Public interest
Question 12 Which compliance law concept states that only the data needed for a transaction should be collected?
Question 12 options:
Public interest
Limited use of personal data
Opt-in/opt-out
Full disclosure
Question 13 Of the following compliance laws, which focuses most heavily on personal privacy?
Question 13 options:
HIPAA
GLBA
SOX
FISMA
Question 14 To which sector does the Gramm-Leach-Bliley Act apply primarily?
Question 14 options:
Medical
None of the above
Financial
Communications
Question 15 To which sector does HIPAA apply primarily?
Question 15 options:
Medical
Financial
None of the above
Communications
Question 16 Within the User Domain, some of the ways in which risk can be mitigated include awareness, enforcement, and:
Question 16 options:
people.
user access.
reward.
process.
Question 17 In which domain is virtual private networking a security control?
Question 17 options:
Remote Access Domain
WAN Domain
Both A and B
Neither A nor B
Question 18 Which of the following is not true of segmented networks?
Question 18 options:
A flat network has more controls than a segmented network for limiting traffic.
Switches, routers, internal firewalls, and other devices restrict segmented network traffic.
Network segmentation limits what and how computers are able to talk to each other.
By limiting certain types of traffic to a group of computers, you are eliminating a number of threats.
Question 19 Web graffiti as a result of Web site defacement is an issue primarily in which IT domain?
Question 19 options:
LAN-to-WAN
Workstation
LAN
User
Question 20 How is risk reduced in the LAN-to-WAN Domain?
Question 20 options:
Setting up a DMZ
Both A and B
Neither A nor B
Reviewing logs
Question 21 In an organization, which of the following roles is accountable for approving security policy implementation?
Question 21 options:
Compliance officer
Executive management
Auditor
Information security office (ISO)
Question 22 Successful security policy implementation depends on the correct alignment of people, processes, and __________.
Question 22 options:
time
motivation
money
technology
Question 23 In an organization, which of the following roles is accountable for monitoring adherence to laws and regulations?
Question 23 options:
Information security office (ISO)
Compliance officer
Data owner
Data custodian
Question 24 A primary reason why security policies often fail is __________.
Question 24 options:
poor planning
lack of complexity
insufficient leadership support
not enough money
Question 25 Which personality type tends to be associated with good leaders?
Question 25 options:
Attacker
Achiever
Pleaser
Analytical
Question 26 Which of the following is not a control area of ISO/IEC 27002, “Information Technology–Security Techniques–Code of Practice for Information Security Management”?
Question 26 options:
Risk assessment and treatment
Asset management
Audit and accountability
Security policy
Question 27 Your organization was awarded a U.S. government contract. You need to ensure your organization adheres to an acceptable IT security framework. Which of the following is the best choice?
Question 27 options:
None of the above
COBIT
COSO
NIST SP 800-53
Question 28 Which of the following is one of the prime objectives of an information security program?
Question 28 options:
Keep policies updated
Protect information
None of the above
Learn about compliance
Question 29 What does an IT security policy framework resemble?
Question 29 options:
List
Narrative document
Cycle diagram
Hierarchy or tree
Question 30 Which act was passed in the wake of the collapse of Enron, Arthur Andersen, WorldCom, and several other large firms?
Question 30 options:
SOX
FISMA
CIPA
FERPA
Question 31 Which of the following is generally not an objective of a security policy change board?
Question 31 options:
Make and publish approved changes to policies
Assess policies and recommend changes
Review requested changes to the policy framework
Coordinate requests for changes
Question 32 Virus removal and closing a firewall port are examples of which type of security control?
Question 32 options:
Preventive
Recovery
Detective or response
Corrective
Question 33 When publishing an internal security policy or standard, which role or department usually gives final approval?
Question 33 options:
Legal
Human Resources
Audit and Compliance Manager
Senior Executive
Question 34 Pre-employment screening of personnel and a change management process are examples of which type of security control?
Question 34 options:
Administrative
Physical security
None of the above
Technical security
Question 35 What is the primary role of a security policy evangelist?
Question 35 options:
Monitor user adherence to security policies
Conduct security policy awareness training
Review student participation in security policy awareness training
Promote security policy awareness and address user questions
Question 36 Who has a highly restricted role and grants access rights?
Question 36 options:
None of the above
Data security administrator
Data administrator
CISO
Question 37 Which security policy framework, developed by CERT, focuses on information security assessment and planning?
Question 37 options:
COSO
COBIT
ITIL
OCTAVE
Question 38 Which IT framework extends the COBIT framework and is a comprehensive risk management approach?
Question 38 options:
ISO 27002
ISACA Risk IT framework
COSO
ITIL
Question 39 Who is responsible for executing policies and procedures, such as backup and versioning?
Question 39 options:
Data administrator
CISO
Data custodian
Data steward
Question 40 A fundamental component of internal control for high-risk transactions is:
Question 40 options:
following best practices.
data duplication.
a defense in depth.
a separation of duties.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteEdu. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
Do you need help with this question?
Get assignment help from WriteEdu.com Paper Writing Website and forget about your problems.
WriteEdu provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.
With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Chat with us today! We are always waiting to answer all your questions.