Saint COm510 midterm exam

Saint COm510 midterm exam 24608

•            

Question 1. 1. The process that develops, creates, and implements strategies for the accomplishment of objectives is called ____. (Points : 5)

  leading

 

  controlling

 

  organizing

 

  planning

 

 

Question 2. 2. ____ implements and oversees the use of controls to reduce risk. (Points : 5)

  Risk assessment

 

  Incident response

 

  Risk management

 

  Network security administration

 

 

Question 3. 3. Which of the following is an advantage of the user support group form of training? (Points : 5)

  usually conducted in an informal social setting

 

  formal training plan

 

  can be live, or can be archived and viewed at the trainee's convenience

 

  can be customized to the needs of the trainee

 

 

Question 4. 4. Which of the following is the first step in the process of implementing training? (Points : 5)

  identify training staff

 

  identify target audiences

 

  identify program scope, goals, and objectives

 

  motivate management and employees

 

 

Question 5. 5. ____ occurs when a control provides proof that a user possesses the identity that he or she claims. (Points : 5)

  Identification

 

  Authentication

 

  Authorization

 

  Accountability

 

 

Question 6. 6. According to the C.I.A. triangle, the three desirable characteristics of information are confidentiality, integrity, and ____. (Points : 5)

  accountability

 

  availability

 

  authorization

 

  authentication

 

 

Question 7. 7. Which of the following is a definite indicator of an actual incident? (Points : 5)

  unusual system crashes

 

  reported attack

 

  presence of new accounts

 

  use of dormant accounts

 

 

Question 8. 8. Which of the following certifications is considered among the most prestigious for security managers? (Points : 5)

  CISSP

 

  CISA

 

  GIAC

 

  Security +

 

 

Question 9. 9. The COSO framework component ____, based on the establishment of objectives, assists in the identification and examination of valid risks to objectives as well as information. (Points : 5)

  Control environment

 

  Risk assessment

 

  Control activities

 

  Information management

 

 

Question 10. 10. A medium-sized organization has ____. (Points : 5)

  a larger security staff than a small organization

 

  a larger security budget than a small organization

 

  1,000 to 10,000 computers

 

  larger security needs than a small organization

 

 

Question 11. 11. The ____ component of an EISP defines the organizational structure designed to support information security within the organization. (Points : 5)

  Information Technology Security Responsibilities and Roles

 

  Need for Information Technology Security

 

  Reference to Other Information Technology Standards and Guidelines

 

  Information Technology Security Elements

 

 

Question 12. 12. The IRP is usually activated ____. (Points : 5)

  before an incident takes place

 

  when an incident is detected

 

  once the DRP is activated

 

  once the BCP is activated

 

 

Question 13. 13. ____ is the process of measuring against established standards. (Points : 5)

  Baselining

 

  Benchmarking

 

  Targeting

 

  Profiling

 

 

Question 14. 14. ____ is the quality or state of being whole, complete, and uncorrupted. (Points : 5)

  Integrity

 

  Authorization

 

  Security

 

  Confidentiality

 

 

Question 15. 15. Very large organizations have ____ computers. (Points : 5)

  100 to 1,000

 

  1,000 to 5,000

 

  10,000 to 50,000

 

  more than 10,000

 

 

Question 16. 16. A(n) ____ is a detailed description of the activities that occur during an attack. (Points : 5)

  attack roster

 

  attack profile

 

  attack message

 

  attack diagnostic

 

 

Question 17. 17. Identification is typically performed by means of a(n) ____. (Points : 5)

  audit log

 

  user name

 

  cryptographic certificate

 

  access control list

 

 

Question 18. 18. The COSO framework component ____ includes the policies and procedures to support management directives. (Points : 5)

  Control environment

 

  Risk assessment

 

  Control activities

 

  Information management

 

 

Question 19. 19. Defining the scope of an ISMS is part of which phase of the BS7799 Part 2 Plan-Do-Check-Act cycle? (Points : 5)

  Plan

 

  Do

 

  Check

 

  Act

 

 

Question 20. 20. A(n) ____ security policy provides detailed, targeted guidance to instruct all members of the organization in the use of technology-based systems. (Points : 5)

 

  issue-specific

 

  enterprise information

 

  system-specific

 

  information

 

 

Question 21. 21. Internal ISMS audits are conducted during the ____ phase of the Plan-Do-Check-Act cycle. (Points : 5)

  Plan

 

  Do

 

  Check

 

  Act

 

 

Question 22. 22. ____ control tools evaluate the efficiency and effectiveness of business processes. (Points : 5)

  Financial

 

  Behavioral

 

  Information

 

  Operational

 

 

Question 23. 23. Which of the following is a disadvantage of user support groups? (Points : 5)

  relatively inflexible

 

  resource intensive, to the point of being inefficient

 

  centered on a specific topic or product

 

  software can be very expensive

 

 

Question 24. 24. Corrective or preventive action is taken during the ____ phase of the Plan-Do-Check-Act cycle. (Points : 5)

  Plan

 

  Do

 

  Check

 

  Act

 

 

Question 25. 25. To ensure ____, an organization must demonstrate that it is continuously attempting to meet the requirements of the market in which it operates. (Points : 5)

  policy administration

 

  due diligence

 

  adequate security measures

 

  certification and accreditation

 

 

Question 26. 26. When users call an organization with problems with their computers, the network, or an Internet connection, they speak with the ____. (Points : 5)

  security officers

 

  help desk personnel

 

  security staffers

 

  security consultants

 

 

Question 27. 27. Communications security involves the protection of an organization's ____. (Points : 5)

  employees

 

  physical assets

 

  technology

 

  data network devices

 

 

Question 28. 28. ____ evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness. (Points : 5)

  Systems testing

 

  Risk assessment

 

  Incident response

 

  Planning

 

 

Question 29. 29. A risk assessment is performed during the ____ phase of the SecSDLC. (Points : 5)

  implementation

 

  analysis

 

  design

 

  investigation

 

 

Question 30. 30. An identified weakness of a controlled system is known as a ____. (Points : 5)

  liability

 

  threat

 

  vulnerability

 

  fault

 

 

Question 31. 31. Which of the following is NOT a question you should ask when considering best practices for your organization? (Points : 5)

  Do you have a similar customer base as the target?

 

  Is your organization structure similar to the target?

 

  Do you face similar challenges as the target?

 

  Are you in a similar industry as the target?

 

 

Question 32. 32. Best business practices are also known as ____. (Points : 5)

  recommended practices

 

  universal practices

 

  industry practices

 

  best models

 

 

Question 33. 33. The ____ layer of the bull's-eye model consists of computers used as servers, desktop computers, and systems used for process control and manufacturing systems. (Points : 5)

  Policies

 

  Networks

 

  Applications

 

  Systems

 

 

Question 34. 34. A ____ is a value or profile of a performance metric against which changes in the performance metric can be usefully compared. (Points : 5)

  target

 

  framework

 

  benchmark

 

  baseline

 

 

Question 35. 35. Which of the following is true about a hot site? (Points : 5)

  It is an empty room with standard heating, air conditioning, and electrical service.

 

  It includes computing equipment and peripherals with servers but not client workstations.

 

  It duplicates computing resources, peripherals, phone systems, applications, and workstations.

 

  All communications services must be installed after the site is occupied.

 

 

Question 36. 36. The DRP is usually managed by the ____. (Points : 5)

  CEO

 

  CIO

 

  CISO

 

  IT community of interest

 

 

Question 37. 37. Operational plans are used by ____. (Points : 5)

  managers

 

  security managers

 

  the CISO

 

  the CIO

 

 

Question 38. 38. A SDLC-based project that is the result of a carefully developed strategy is said to be ____. (Points : 5)

  employee-driven

 

  plan-driven

 

  sequence-driven

 

  event-driven

 

 

Question 39. 39. A disadvantage of creating a number of independent ISSP documents is that the result may ____. (Points : 5)

  overgeneralize the issues

 

  suffer from poor policy dissemination

 

  skip over vulnerabilities

 

  be written by those with less complete subject matter expertise

 

 

 

 

Question 40. 40. A joint application development team can survive employee turnover by ____. (Points : 5)

  having as few employees in the team as possible

 

  having as many employees in the team as possible

 

  documenting the processes and procedures used by the team

 

  having all the members work independently