Saint Leo COM590 Final Exam 100% correct
Question 1 (4 points)
Saved
What is pretexting associated with?
Question 1 options:
Hiring personnel
Communication between senior management and general employees
Policy dissemination
Social engineering
Question 2 (4 points)
Saved
Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take?
Question 2 options:
SAP
AUP
None of the above
PAA
Question 3 (4 points)
Saved
Which type of agreement would you have a contract system administrator (temporary worker) sign?
Question 3 options:
PAA
Both A and C
AUP
SAP
Question 4 (4 points)
Saved
A standard for Web Services from an external provider would be part of which set of policies?
Question 4 options:
WAN Domain policies
System/Application Domain policies
User Domain policies
LAN Domain policies
Question 5 (4 points)
Saved
Which of the following would include information on firewalls that handle application traffic?
Question 5 options:
WAN Domain policies
System/Application Domain policies
LAN Domain policies
User Domain policies
Question 6 (4 points)
Saved
A LAN Domain policy would include guidelines for which of the following?
Question 6 options:
Telecommunications
User access rights
IDS and IPS architecture and management
Applications
Question 7 (4 points)
Saved
Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?
Question 7 options:
Secret
Top Secret
Confidential
Unclassified
Question 8 (4 points)
Saved
Which policy outlines the process by which a BCP and DRP plan is activated?
Question 8 options:
Server Policy
Disaster Declaration Policy
RTP
Incident Policy
Question 9 (4 points)
Saved
In a business classification scheme, which classification refers to routine communications within the organization?
Question 9 options:
Highly sensitive
Public
Internal
Sensitive
Question 10 (4 points)
Saved
Triage is performed during which phase of incident response?
Question 10 options:
Discovery
Clean-up
Containing and Minimizing
Reporting
Previous PageNext Page
Question 11 (4 points)
Saved
Evidence from an incident must be documented and protected from the time it’s obtained to the time it’s presented in court. Which tool is used to document this evidence?
Question 11 options:
Writ of evidence
Chain of custody
Incident log
Real evidence docket
Question 12 (4 points)
Saved
According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?
Question 12 options:
An incomplete transaction
Loss of a password
Denial of Service attack
Wi-Fi password loss
Question 13 (4 points)
Saved
Before an incident can be declared, the IRT must develop an incident __________ for incident response.
Question 13 options:
procedure
budget
discovery process
control
Question 14 (4 points)
Saved
What is a benefit of instructor-led classroom training for security awareness?
Question 14 options:
Low cost
Flexibility
Both A and B
Neither A nor B
Question 15 (4 points)
Saved
What is a common consequence of failing to adhere to an acceptable use policy (AUP)?
Question 15 options:
Loss of computer privileges at work
E-mail reminder
Nothing; an AUP is only a guideline
Disciplinary action
Question 16 (4 points)
Saved
Implementing IT security policies is as much about __________ as it is about implementing controls.
Question 16 options:
changing attitudes
changing personnel
disciplinary actions
budgeting
Question 17 (4 points)
Saved
Which of the following is a common cause of security breaches?
Question 17 options:
Outsourced processing to vendors
Improved training and security awareness
Increased employee motivation
Inadequate management and user decisions
Question 18 (4 points)
Saved
What is the name of a common control that is used across a significant population of systems, applications, and operations?
Question 18 options:
Pervasive
Enterprise
Perpetual
Persistent
Question 19 (4 points)
Saved
__________ is/are key(s) to security policy enforcement.
Question 19 options:
IT personnel support
Executive support
Physical controls
A communications plan
Question 20 (4 points)
Saved
Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee’s right to privacy?
Question 20 options:
Encryption
A risk assessment
An acceptable use policy
A data leakage protection system
Question 21 (4 points)
Saved
Which of the following is least likely to indicate the effectiveness of an organization’s security policies?
Question 21 options:
Vulnerability assessments
Detective controls
Policy compliance reviews
An incident response plan
Question 22 (4 points)
Saved
Which organization created the Security Content Automation Protocol (SCAP) as part of its responsibilities under FISMA?
Question 22 options:
Microsoft
The MITRE Corporation
US-CERT
NIST
Question 23 (4 points)
Saved
A(n) __________ can include a computer’s full operating system, applications, and system settings, including security and configuration settings.
Question 23 options:
baseline
image
group policy
patch
Question 24 (4 points)
Saved
What does a configuration management database (CMDB) hold?
Question 24 options:
System configuration information
Policy change documentation
Security policies
None of the above
Question 25 (4 points)
Saved
What is a vulnerability window?
Question 25 options:
The time between when a new vulnerability is discovered and when software developers start writing a patch.
The time required to image a computer.
System downtime associated with a successful attack.
The period of time during which an attacker may launch a DoS attack.
-
Rating:
/5
Solution: Saint Leo COM590 Final Exam 100% Accurate