CSIS 340 MIDTERM EXAM

Which type of control is associated with responding to and fixing a security incident? • Question 2 The key to determining if a business will implement any policy is? 2 out of 2 points • Question 3 2 out of 2 points A is a term that refers to a network that limits what and how computers are able to talk to each other. • Question 4 Policy acceptance challenges include? 2 out of 2 points • Question 5 2 out of 2 points is the concept that only the data needed for the transaction should be collected. • Question 6 Security are the technical implementations of the policies defined by the organization. 2 out of 2 points • Question 7 Overcoming the effects of apathy on security policies includes . 2 out of 2 points • Question 8 2 out of 2 points The Sarbanes-Oxley Act was passed by the U.S. Senate in 2002 to require that companies maintain ? • Question 9 0 out of 2 points Security personnel need to be aware of policy and standards change requirements. Business drivers for policy and standards changes may include ? • Question 10 Where is a DMZ usually located? 2 out of 2 points • Question 11 2 out of 2 points The principle recommended for industry best practice, is written in order to inform owners, providers, and users of information systems, and other parties of the existence and general context of policies, responsibilities, practices, procedures, and organization for security of information systems. Awarene ss • Question 12 2 out of 2 points Which of the following is a generally accepted and widely used policy framework? • Question 13 2 out of 2 points What term relates to the number of layers and number of direct reports found in an organization? • Question 14 When should a wireless security policy be initially written? 2 out of 2 points What is policy compliance? • Question 16 2 out of 2 points Which of the following is the first step in establishing an information security program? • Question 17 Using the steps in Kotter’s Eight-Step Change Model, what are the roles and responsibilities involved in the change process? 2 out of 2 points • Question 18 2 out of 2 points Which of the following laws require proper security controls for handling privacy data? • Question 19 Which of the following are control objectives for PCI DSS? 2 out of 2 points • Question 20 2 out of 2 points conduct periodic risk-based reviews of information resources security policies and procedures. • Question 21 2 out of 2 points Devices and objects with built in are connected to an Internet of Things platform, which integrates data from the different devices and applies analytics to share the most valuable information with applications built to address specific needs. • Question 22 2 out of 2 points Policies are the key to repeatable behavior. To achieve repeatable behavior, you must measure both and . • Question 23 2 out of 2 points Within the user domain, some of the ways in which risk can be mitigated include: awareness, enforcement, and . • Question 24 2 out of 2 points Among other things, security awareness programs must emphasize value, culture, and . • Question 25 2 out of 2 points When a catastrophic security breach occurs, who is ultimately held accountable by regulators and the public? • Question 26 Information used to open or access a bank account is generally considered? 2 out of 2 points • Question 27 2 out of 2 points You can get a basic understanding if individuals are being held accountable for adherence to security policies by examining these basic measurements. • Question 28 2 out of 2 points To achieve repeatable behavior of policies, you must measure both and . • Question 29 2 out of 2 points Which personality type often breaks through barriers that previously prevented success? • Question 30 Which of the following is a PCIDSS network requirement? 2 out of 2 points • Question 31 The Risk IT framework process model is built on which three domains? 2 out of 2 points • Question 32 The Seven Domains of a typical IT infrastructure include? 2 out of 2 points • Question 33 2 out of 2 points Which of the following are common steps taken in the development of documents such as security policies, standards, and procedures? • Question 34 The basic elements of motivation include pride, success, and . 2 out of 2 points • Question 35 What is an information security policy? 2 out of 2 points • Question 36 Which of the following is the best measure of success for a security policy? 2 out of 2 points • Question 37 In a workstation domain, you can reduce risk by . 2 out of 2 points • Question 38 2 out of 2 points The shifts responsibility to the owner to operate a system when certification and accreditation is achieved. • Question 39 2 out of 2 points When building a policy framework, which of the following information systems factors should be considered? • Question 40 2 out of 2 points Implementation and enforcement of policies is a challenge. The biggest hindrance to implementation of policies is the factor. • Question 41 Which of the following is not a key area of improvement noted after COBIT implementation? 2 out of 2 points • Question 42 2 out of 2 points PCI DSS provides highly specific technology requirements for handling data. • Question 43 Which of the following does a policy change control board do? 2 out of 2 points • Question 44 2 out of 2 points Well-defined and properly implemented security policies help the business in which of the following ways? • Question 45 2 out of 2 points is the ability to reasonably ensure conformity and adherence to both internal and external policies, standards, procedures, laws, and regulations? • Question 46 2 out of 2 points The principle recommended for industry best practice, is written in order to consider everyone affected, including technical, administrative, organizational, operational, commercial, educational, and legal personnel. • Question 47 Good security policies mitigate risk through? 2 out of 2 points • Question 48 2 out of 2 points is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT security and risks. • Question 49 is a promise not to disclose to any third party information covered by the 2 out of 2 points agreement. • Question 50 2 out of 2 points Which of the following attempts to identify where sensitive data is currently stored?