devry SEC440 final exam 2105
Page 1
Question 1.1. (TCO 1) A security policy must be accepted by (Points : 5)
management.
end-users.
customers.
all members of an organization.
Question 2.2. (TCO 2) What element of a security policy does the following phrase belong to? “This policy is established to achieve compliance with applicable statutes, regulations, and mandates regarding the management of information resources.” (Points : 5)
The statement of authority
The policy statement
The policy objectives
The policy audience
Question 3.3. (TCO 3) Which is the process of accumulating data regarding a specific logical or physical environment? (Points : 5)
Footprinting
Scanning
Enumeration
All of the above
Question 4.4. (TCO 4) Which of the following information about a person can be used to influence a hiring decision? (Points : 5)
Educational credentials
Negative credit history
Relevant certifications
All of the above
Question 5.5. (TCO 5) Why is it sometimes better to isolate critical equipment than it is to apply additional protective measures, in order to protect against exposure to greater hazards or risks from unauthorized access? (Points : 5)
Management requests it.
There is less risk involved.
It can be less costly.
Regulators prefer it.
Question 6.6. (TCO 5) A security perimeter is (Points : 5)
the widest imaginary circle around a facility.
a barrier of protection.
the field around which security alarms can monitor activity.
None of the above
Question 7.7. (TCO 6) Logging, as it pertains to media removal, is only needed when (Points : 5)
the media are paper based.
it is outsourced.
it is handled in-house.
It is always needed.
Question 8.8. (TCO 7) Prohibiting access to information not required for one’s work is the (Points : 5)
access need concept.
need-to-monitor concept.
need-to-know concept.
required information process concept.
Question 9.9. (TCO 8) Output validation is (Points : 5)
verifying that a piece of code does not have any inherent vulnerabilities.
making sure that employees know what information to enter in a new system.
testing an application system by entering all kinds of character strings in the provided fields.
testing what information an application system returns when information is entered.
Question 10.10. (TCO 9) This test subjects a system or device to real-world attacks. (Points : 5)
Audit
Penetration test
Assessment
Interview
Question 11.11. (TCO 10) As it pertains to HIPAA, which is a covered entity? (Points : 5)
A medical patient protected by HIPAA
A healthcare provider who must be compliant with HIPAA
A healthcare provider who does NOT have to be compliant with HIPAA
A medical patient NOT protected by HIPAA
Question 12.12. (TCO 10) Which of the following standards includes monitoring failed log-ons? (Points : 5)
Access Control
Audit Controls
Device and Media Controls
Integrity Controls
Question 13.13. (TCO 11) Which government agency is in charge of developing technical security standards and guidelines for unclassified federal systems, according to FISMA? (Points : 5)
The OMB
NIST
The OCS
The NSA
Question 14.14. (TCO 11) Transmitting ePHI in e-mail is not recommended because (Points : 5)
e-mail is usually in clear text.
e-mail can be forwarded.
Both A and B
Neither A nor B
Question 15.15. (TCO 12) Attaching an unauthorized wireless network to the corporate network is considered (Points : 5)
a major breach in network security and a violation of the security policy.
a major breach in network security but not a violation of the security policy.
a violation of the security policy but not a major breach in network security.
neither a major breach in network security nor a violation of the security policy.
Question 16.16. (TCO 12) A strong password is at least how many characters? (Points : 5)
5
6
7
8
Question 17.17. (TCO 1) A policy that secures and protects assets from foreseeable harm and provides flexibility for the unforeseen is (Points : 5)
accurately reflecting the current technology environment.
complying with applicable government policy.
the best goal for a new policy.
approved by management and understood by everyone.
Question 18.18. (TCO 2) Which of the following should you strive for in the policy statement, in order to have a well-written policy? (Points : 5)
Contain areas that address every aspect of operations and information and every area affecting the organization’s information assets.
Spell check the document to avoid typographical errors.
Include applicable standards, guidelines, and procedures within the policy document.
Describe everything in layman’s terms so that it is clear the policy is a statement of everyone’s intent.
Question 19.19. (TCO 3) When it comes to information security, what is labeling the primary vehicle for? (Points : 5)
Communicating the sensitivity level
Communicating the access controls
Enforcing the access controls
Auditing the access controls
Question 20.20. (TCO 5) In the context of information security, environmental security would refer to all of the following except (Points : 5)
design and construction of facilities.
configuration of wireless access points.
where equipment is stored.
how and where people move.
Page 2
Question 1. 1. (TCO 3) Explain and contrast the core information security concepts of confidentiality, integrity, and availability. (Points : 40)
Question 2. 2. (TCO 8) Describe the steps a system development team could take to make sure security features are designed into newly developed systems, and explain why this is important to an organization. (Points : 40)
Question 3. 3. (TCO 10) Describe and explain the HIPAA Security Rule. (Points : 40)
Question 4. 4. (TCO 12) What should every small business do to ensure that it is secure? (Points : 40)
-
Rating:
5/
Solution: devry SEC440 final exam 2105