CSIS 340 Final Exam 2 QUESTIONS WITH VERIFIED ANSWERS, GRADED A+

1. The _____ domain connects an organizations private network to the Internet? 2. To promote cultural change, the goal should be to make security policies _____? 3. Without _____ sponsorship, users will be less likely to eagerly participate in awareness training. 4. What needs do organizations have to classify data? 5. The Security Compliance Committee _____? 6. Web Services policies would be an example of _____ domain. 7. Production data should be _____ before being used in a test environment? 8. Which of the following includes guidelines under the LAN domain policies? 9. Which of the following is a common cause of security breaches? 10. What is a strong indicator that awareness training is not effective? 11. Baseline standards for the LAN domain would include _____. 12. Which of the following is not an organizational challenge when implementing security policies? 13. The ______________ model was the first model developed to address the concerns of integrity. Originally published in 1977 14. _____ occurs when you manipulate or trick a person into weakening the security of an organization? 15. Data in transit refers to what type of data? 16. Simple security policy awareness requires that _____ report suspicious activity? 17. A business impact analysis requires an impact report, component reliance, and a _____. 18. _____ techniques can provide a security baseline for full operating systems and applications? 19. A _____ standard describes the requirements for obtaining a domain name for use by external parties? 20. A(n) _____ has an easier time bypassing security controls and hiding his or her tracks by deleting or altering logs and time stamps. 21. _____ typically have the technical skills to make critical recommendation on how to stop an attack. 22. Why should a security policy implementation be flexible to allow for updates? 23. Two-factor authentication is a typical control used by employees to remotely access which of the following? 24. It is necessary to retain data for what major reasons? 25. A _____ is the first step in building a business continuity plan (BCP) to minimize losses. 26. Security policy enforcement can include _____? 27. _____ protects data at rest from all type of breaches. 28. Once security policies are established, line management must _____ ? 29. Outdated application controls place a greater reliance on _____? 30. The following documents help capture domain security control requirements? 31. The ________________ model uses mandatory access control to enforce the DoD multilevel security policy. 32. Generally, an Acceptable Use Policy should outline _____? 33. A _____ is a specialized group of people whose purpose is to respond to major incidents. 34. Which of the following should be in an information response team charter? 35. A(n) ______ ensures workers are conscious of security risks and how to deal with unexpected risk. 36. Without a policy that leads to controls that restrict employees from installing their own software on a company workstation, a company could suffer which of the following consequences? 37. Good reasons to monitor worker’s computer activities are when ______? 38. A _____ is a common control that is used across a significant population of systems? 39. Employer response to an employee posting company passwords on their social network site should include _____? 40. Security experts consider _____ the weakest link in security. 41. A malicious _____ attack uses viruses, worms, Trojan horses, and scripts to gain access to systems, applications, and data. 42. You can use a _____ process to grant temporary elevated rights. 43. The following organization has offered reliable security policies in the past to help organizations develop proper infrastructure policies. 44. _____ are especially useful for identifying unauthorized changes. 45. The Risk Management Continuous Improvement Model includes _____? 46. The signs of an incident can be _____? 47. _____ determines how quickly a business process should be recovered. 48. A privileged-level access agreement (PAA) is designed to heighten the awareness and accountability of? 49. ______ software is capable of capturing usernames, passwords, and websites visited on a local workstation? 50. A _____ can identify hosts on a network and determine services running on the hosts.