CIS4361 Chapter 5 Exam with Questions and Correct Answers 2025.

CIS4361 Chapter 5 Exam with Questions
and Correct Answers 2025




A ,firewall ,can ,be ,a ,single ,device ,or ,a ,firewall ,extranet, ,which ,consists ,of ,multiple
,firewalls ,creating ,a ,buffer ,between ,the ,outside ,and ,inside ,networks. ,- ,CORRECT
,ANSWER-False


A(n) ,full ,backup ,only ,archives ,the ,files ,that ,have ,been ,modified ,that ,day, ,and ,thus
,requires ,less ,space ,and ,time ,than ,the ,differential. ,- ,CORRECT ,ANSWER-False


A(n) ,contingency ,plan ,is ,prepared ,by ,the ,organization ,to ,anticipate, ,react ,to, ,and
,recover ,from ,events ,that ,threaten ,the ,security ,of ,information ,and ,information ,assets
,in ,the ,organization, ,and, ,subsequently, ,to ,restore ,the ,organization ,to ,normal ,modes
,of ,business ,operations. ,- ,CORRECT ,ANSWER-True


NIST ,documents ,can ,assist ,in ,the ,design ,of ,a ,security ,framework. ,- ,CORRECT
,ANSWER-True


The ,security ,framework ,is ,a ,more ,detailed ,version ,of ,the ,security ,blueprint. ,-
,CORRECT ,ANSWER-False


Technical ,controls ,are ,the ,tactical ,and ,technical ,implementations ,of ,security ,in ,the
,organization. ,- ,CORRECT ,ANSWER-True


A ,managerial ,guidance ,SysSP ,document ,is ,created ,by ,the ,IT ,experts ,in ,a ,company
,to ,guide ,management ,in ,the ,implementation ,and ,configuration ,of ,technology. ,-
,CORRECT ,ANSWER-False


ISO/IEC ,17799 ,is ,more ,useful ,than ,any ,other ,information ,security ,management
,approach. ,- ,CORRECT ,ANSWER-False

, The ,Federal ,Bureau ,of ,Investigation ,deals ,with ,many ,computer ,crimes ,that ,are
,categorized ,as ,felonies. ,- ,CORRECT ,ANSWER-True


Quality ,security ,programs ,begin ,and ,end ,with ,policy. ,- ,CORRECT ,ANSWER-True

A ,policy ,should ,state ,that ,if ,employees ,violate ,a ,company ,policy ,or ,any ,law ,using
,company ,technologies, ,the ,company ,will ,protect ,them, ,and ,the ,company ,is ,liable ,for
,the ,employee's ,actions. ,- ,CORRECT ,ANSWER-False


A ,disaster ,recovery ,plan ,addresses ,the ,preparation ,for ,and ,recovery ,from ,a ,disaster,
,whether ,natural ,or ,man-made. ,- ,CORRECT ,ANSWER-True


Many ,industry ,observers ,claim ,that ,ISO/IEC ,17799 ,is ,not ,as ,complete ,as ,other
,frameworks. ,- ,CORRECT ,ANSWER-True


Proxy ,servers ,can ,temporarily ,store ,a ,frequently ,visited ,Web ,page, ,and ,thus ,are
,sometimes ,called ,demilitarized ,servers. ,- ,CORRECT ,ANSWER-False


NIST ,800-14, ,The ,Principles ,for ,Securing ,Information ,Technology ,Systems, ,provides
,detailed ,methods ,for ,assessing, ,designing, ,and ,implementing ,controls ,and ,plans ,for
,applications ,of ,varying ,size. ,- ,CORRECT ,ANSWER-False


A ,cold ,site ,provides ,many ,of ,the ,same ,services ,and ,options ,of ,a ,hot ,site. ,-
,CORRECT ,ANSWER-False


ACLs ,are ,more ,specific ,to ,the ,operation ,of ,a ,system ,than ,rule-based ,policies ,and
,they ,may ,or ,may ,not ,deal ,with ,users ,directly. ,- ,CORRECT ,ANSWER-False


Evidence ,is ,the ,physical ,object ,or ,documented ,information ,that ,proves ,an ,action
,occurred ,or ,identifies ,the ,intent ,of ,a ,perpetrator. ,- ,CORRECT ,ANSWER-True


NIST ,Special ,Publication ,800-18 ,Rev. ,1, ,The ,Guide ,for ,Developing ,Security ,Plans ,for
,Federal ,Information ,Systems, ,includes ,templates ,for ,major ,application ,security ,plans.
,- ,CORRECT ,ANSWER-True


A ,service ,bureau ,is ,an ,agency ,that ,provides ,a ,service ,for ,a ,fee. ,- ,CORRECT
,ANSWER-True


The ,Federal ,Agency ,Security ,Practices ,(FASP) ,site ,is ,a ,popular ,place ,to ,look ,up ,best
,practices. ,- ,CORRECT ,ANSWER-True


A ,standard ,is ,a ,plan ,or ,course ,of ,action ,that ,conveys ,instructions ,from ,an
,organization's ,senior ,management ,to ,those ,who ,make ,decisions, ,take ,actions, ,and
,perform ,other ,duties. ,- ,CORRECT ,ANSWER-False