Infosec Final 2 Exam Questions and Answers Already Passed Latest Update 2025-2026
If an organization deals successfully with change and has created procedures and systems that
can be adjusted to the environment, the existing security improvement program will probably
continue to work well.
a. True
b. False - Answers True
Over time, policies and procedures may become inadequate due to changes in the
organization's mission and operational requirements, threats, or the environment.
a. True
b. False - Answers True
An effective information security governance program requires no ongoing review once it is well
established.
a. True
b. False - Answers False
A general guideline for performance of hard drives suggests that when the amount of data
stored on a particular hard drive averages 95% of available capacity for a prolonged period, you
should consider an upgrade for the drive.
a. True
b. False - Answers False
Documentation procedures are not required for configuration and change management
processes.
a. True
b. False - Answers False
management model such as the ISO 27000 series deals with methods to maintain systems.
a. True
b. False - Answers False
External monitoring entails forming intelligence from various data sources and then giving that
intelligence context and meaning for use by decision makers within the organization. - Answers
True
,US-CERT is generally viewed as the definitive authority for computer emergency response
teams.
a. True
b. False - Answers True
Intelligence for external monitoring can come from a number of sources: vendors, CERT
organizations, public network sources, and membership sites.
a. True
b. False - Answers True
Over time, external monitoring processes should capture information about the external
environment in a format that can be referenced across the organization as threats emerge and
for historical use.
a. True
b. False - Answers True
The internal monitoring domain is the component of the maintenance model that focuses on
identifying, assessing, and managing the physical security of assets in an organization.
a. True
b. False - Answers False
Inventory characteristics for hardware and software assets that record the manufacturer and
versions are related to technical functionality, and should be highly accurate and updated each
time there is a change.
a. True
b. False - Answers True
The target selection step of Internet vulnerability assessment involves using the external
monitoring intelligence to configure a test engine (such as Nessus) for the tests to be
performed.
a. True
b. False - Answers False
An intranet vulnerability scan starts with the scan of the organization's default Internet search
engine.
, a. True
b. False - Answers False
All systems that are mission critical should be enrolled in platform security validation (PSV)
measurement.
a. True
b. False - Answers True
Wireless vulnerability assessment begins with the planning, scheduling, and notification of all
Internet connections, using software such as Wireshark.
a. True
b. False - Answers False
Remediation of vulnerabilities can be accomplished by accepting or transferring the risk,
removing the threat, or repairing the vulnerability.
a. True
b. False - Answers True
The vulnerability database, like the risk, threat, and attack database, both stores and tracks
information.
a. True
b. False - Answers True
In some instances, risk is acknowledged as being part of an organization's business process.
a. True
b. False - Answers True
Threats cannot be removed without requiring a repair of the vulnerability.
a. True
b. False - Answers False
Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a
current foundation for the information security program.
a. True
If an organization deals successfully with change and has created procedures and systems that
can be adjusted to the environment, the existing security improvement program will probably
continue to work well.
a. True
b. False - Answers True
Over time, policies and procedures may become inadequate due to changes in the
organization's mission and operational requirements, threats, or the environment.
a. True
b. False - Answers True
An effective information security governance program requires no ongoing review once it is well
established.
a. True
b. False - Answers False
A general guideline for performance of hard drives suggests that when the amount of data
stored on a particular hard drive averages 95% of available capacity for a prolonged period, you
should consider an upgrade for the drive.
a. True
b. False - Answers False
Documentation procedures are not required for configuration and change management
processes.
a. True
b. False - Answers False
management model such as the ISO 27000 series deals with methods to maintain systems.
a. True
b. False - Answers False
External monitoring entails forming intelligence from various data sources and then giving that
intelligence context and meaning for use by decision makers within the organization. - Answers
True
,US-CERT is generally viewed as the definitive authority for computer emergency response
teams.
a. True
b. False - Answers True
Intelligence for external monitoring can come from a number of sources: vendors, CERT
organizations, public network sources, and membership sites.
a. True
b. False - Answers True
Over time, external monitoring processes should capture information about the external
environment in a format that can be referenced across the organization as threats emerge and
for historical use.
a. True
b. False - Answers True
The internal monitoring domain is the component of the maintenance model that focuses on
identifying, assessing, and managing the physical security of assets in an organization.
a. True
b. False - Answers False
Inventory characteristics for hardware and software assets that record the manufacturer and
versions are related to technical functionality, and should be highly accurate and updated each
time there is a change.
a. True
b. False - Answers True
The target selection step of Internet vulnerability assessment involves using the external
monitoring intelligence to configure a test engine (such as Nessus) for the tests to be
performed.
a. True
b. False - Answers False
An intranet vulnerability scan starts with the scan of the organization's default Internet search
engine.
, a. True
b. False - Answers False
All systems that are mission critical should be enrolled in platform security validation (PSV)
measurement.
a. True
b. False - Answers True
Wireless vulnerability assessment begins with the planning, scheduling, and notification of all
Internet connections, using software such as Wireshark.
a. True
b. False - Answers False
Remediation of vulnerabilities can be accomplished by accepting or transferring the risk,
removing the threat, or repairing the vulnerability.
a. True
b. False - Answers True
The vulnerability database, like the risk, threat, and attack database, both stores and tracks
information.
a. True
b. False - Answers True
In some instances, risk is acknowledged as being part of an organization's business process.
a. True
b. False - Answers True
Threats cannot be removed without requiring a repair of the vulnerability.
a. True
b. False - Answers False
Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a
current foundation for the information security program.
a. True
