Misy 5325 Midterm Actual Exam Newest 2025/2026
Complete Questions And Correct Detailed Answers
(Verified Answers) |Brand New Version!!
A new company does not have a lot of revenue for the first year. Installing
antivirus software for all the company's computers would be very costly, so the
owners decide to forgo purchasing antivirus software for the first year of the
business. In what domain of a typical IT infrastructure is a vulnerability created? -
ans -Workstation Domain
A technician in a large corporation fixes a printer that was not receiving an IP
address automatically by manually assigning it an address. The address was
assigned to a server that was offline and being upgraded. When the server was
brought online, it was no longer accessible. How could this problem have been
avoided? - ans -Through change management
A warm site is: - ans -a compromise between a hot site and a cold site.
A_____ is a computer joined to a botnet - ans -zombie
A______policy governs how patches are understood ,tested ,and rolled out to
systems and clients. - ans -patch management
A(n) _________ is the likelihood that something unexpected is going to occur. -
ans -risk
A(n) _________ provides secure access to a private network over a public
network such as the Internet. - ans -virtual private network (VPN)
A(n) _____________ is a process used to determine how to manage risk. - ans -
cost-benefit analysis (CBA)
A(n) ___________________ is performed to identify and evaluate risks. - ans -risk
assessment
,According to the World Intellectual Property Organization (WIPO), the two
categories of intellectual property (IP) are _______________ and
_______________. - ans -industrial property, copyright
Aditya is assessing the value of IT systems. His company sells sporting goods
online. One factor of his evaluation is the required availability of each system.
Some systems must be available 24/7, while others must be available during
regular business hours Monday through Friday. Which of the following would
have the highest availability requirements? - ans -E-commerce website server
Alice is an aspiring hacker. She wants to get information on computer and
network vulnerabilities and ways to exploit applications. Which of the following is
the best source? - ans -Dark web
All of following are examples of hardware assets, except: - ans -operating system.
All of the following are reasons why configuration management is an important
risk management process, except: - ans -it reduces unintended outages.
All of the following are true of risk assessment critical area identification, except: -
ans -when critical areas are identified, areas that are least critical to the business
should be the first priority.
All of the following are true of risk assessment scope identification, except: - ans -
the system or network administrator ultimately decides what is included in the
scope of a risk assessment.
All of the following terms have the same meaning, except: - ans -Internal network
zone
An exploit assessment is also known as a(n): - ans -penetration test.
Another term for risk mitigation is: - ans -risk reduction.
_______ are acts that are hostile to an organization. - ans -Intentional threats
,________ help(s) prevent a hard drive from being a single point of failure.
__________ help(s) prevent a server from being a single point of failure.
_________ help(s) prevent a person from being a single point of failure. - ans -
RAID, Failover clusters, Cross-training
_________ is the process of creating a list of threats. - ans -Threat identification
__________ damage for the sake of doing damage, and they often choose targets
of opportunity. - ans -Vandals
____________ assessments are objective, while ___________ assessments are
subjective. - ans -Quantitative, qualitative
_____________ is the likelihood that a threat will exploit a vulnerability. - ans -
Probability
A __________ is a computer joined to a botnet. - ans -zombie
A ___________ plan can help ensure that mission-critical systems continue to
function after a disaster. - ans -business continuity
A ___________ plan can help you identify steps needed to restore a failed
system. - ans -disaster recovery
A _____________ policy governs how patches are understood, tested, and rolled
out to systems and clients. - ans -patch management
A business impact analysis (BIA) is an important part of a _____________, and it
can also be part of a __________. - ans -business continuity plan, disaster
recovery plan
Carl is a security professional preparing to perform a risk assessment on database
servers. He is reviewing the findings of a previous risk assessment. He is trying to
determine which controls should be in place but were not implemented. Which of
the following is typically found in a risk assessment report and would address
Carl's needs? - ans -Current status of accepted recommendations
, Carl is a security specialist. He is updating the organization's hardware inventory
in the asset management system. Which of the following would be least helpful to
record? - ans -A competitor's product
Companies use risk assessment strategies to differentiate ___________ from
_________. - ans -severe risks, minor risks
Email addresses or domains ______________ are automatically marked as spam.
- ans -on a blacklist
Hajar is a security professional for a government contractor. Her company
recently hired three new employees for a special project, all of whom have a
security clearance for Secret data. Rather than granting the employees access to
all files and folders in the data repository, she is granting them access only to the
data they need for the project. What principle is Hajar following? - ans -Principle
of need to know
Hajar is a security specialist. Her organization has about 500 systems that must be
tracked for inventory purposes. She is preparing an email to her manager that
describes the benefits of including specific details about software in the
inventory, as well as the use of an automated asset management system. Which
of the following is not one of those benefits? - ans -The frequency of operating
system upgrades will be reduced.
Hardening a server refers to: - ans -the combination of all the steps that it takes to
protect a vulnerable system and make it more secure than the default installation.
How can you determine the importance of a system? - ans -By how the system is
used
In a quantitative risk assessment, what describes the loss that will happen to the
asset as a result of a threat? - ans -Exposure factor (EF)
In a risk assessment, which of the following refers to how responsibilities are
assigned? - ans -Management Structure
Complete Questions And Correct Detailed Answers
(Verified Answers) |Brand New Version!!
A new company does not have a lot of revenue for the first year. Installing
antivirus software for all the company's computers would be very costly, so the
owners decide to forgo purchasing antivirus software for the first year of the
business. In what domain of a typical IT infrastructure is a vulnerability created? -
ans -Workstation Domain
A technician in a large corporation fixes a printer that was not receiving an IP
address automatically by manually assigning it an address. The address was
assigned to a server that was offline and being upgraded. When the server was
brought online, it was no longer accessible. How could this problem have been
avoided? - ans -Through change management
A warm site is: - ans -a compromise between a hot site and a cold site.
A_____ is a computer joined to a botnet - ans -zombie
A______policy governs how patches are understood ,tested ,and rolled out to
systems and clients. - ans -patch management
A(n) _________ is the likelihood that something unexpected is going to occur. -
ans -risk
A(n) _________ provides secure access to a private network over a public
network such as the Internet. - ans -virtual private network (VPN)
A(n) _____________ is a process used to determine how to manage risk. - ans -
cost-benefit analysis (CBA)
A(n) ___________________ is performed to identify and evaluate risks. - ans -risk
assessment
,According to the World Intellectual Property Organization (WIPO), the two
categories of intellectual property (IP) are _______________ and
_______________. - ans -industrial property, copyright
Aditya is assessing the value of IT systems. His company sells sporting goods
online. One factor of his evaluation is the required availability of each system.
Some systems must be available 24/7, while others must be available during
regular business hours Monday through Friday. Which of the following would
have the highest availability requirements? - ans -E-commerce website server
Alice is an aspiring hacker. She wants to get information on computer and
network vulnerabilities and ways to exploit applications. Which of the following is
the best source? - ans -Dark web
All of following are examples of hardware assets, except: - ans -operating system.
All of the following are reasons why configuration management is an important
risk management process, except: - ans -it reduces unintended outages.
All of the following are true of risk assessment critical area identification, except: -
ans -when critical areas are identified, areas that are least critical to the business
should be the first priority.
All of the following are true of risk assessment scope identification, except: - ans -
the system or network administrator ultimately decides what is included in the
scope of a risk assessment.
All of the following terms have the same meaning, except: - ans -Internal network
zone
An exploit assessment is also known as a(n): - ans -penetration test.
Another term for risk mitigation is: - ans -risk reduction.
_______ are acts that are hostile to an organization. - ans -Intentional threats
,________ help(s) prevent a hard drive from being a single point of failure.
__________ help(s) prevent a server from being a single point of failure.
_________ help(s) prevent a person from being a single point of failure. - ans -
RAID, Failover clusters, Cross-training
_________ is the process of creating a list of threats. - ans -Threat identification
__________ damage for the sake of doing damage, and they often choose targets
of opportunity. - ans -Vandals
____________ assessments are objective, while ___________ assessments are
subjective. - ans -Quantitative, qualitative
_____________ is the likelihood that a threat will exploit a vulnerability. - ans -
Probability
A __________ is a computer joined to a botnet. - ans -zombie
A ___________ plan can help ensure that mission-critical systems continue to
function after a disaster. - ans -business continuity
A ___________ plan can help you identify steps needed to restore a failed
system. - ans -disaster recovery
A _____________ policy governs how patches are understood, tested, and rolled
out to systems and clients. - ans -patch management
A business impact analysis (BIA) is an important part of a _____________, and it
can also be part of a __________. - ans -business continuity plan, disaster
recovery plan
Carl is a security professional preparing to perform a risk assessment on database
servers. He is reviewing the findings of a previous risk assessment. He is trying to
determine which controls should be in place but were not implemented. Which of
the following is typically found in a risk assessment report and would address
Carl's needs? - ans -Current status of accepted recommendations
, Carl is a security specialist. He is updating the organization's hardware inventory
in the asset management system. Which of the following would be least helpful to
record? - ans -A competitor's product
Companies use risk assessment strategies to differentiate ___________ from
_________. - ans -severe risks, minor risks
Email addresses or domains ______________ are automatically marked as spam.
- ans -on a blacklist
Hajar is a security professional for a government contractor. Her company
recently hired three new employees for a special project, all of whom have a
security clearance for Secret data. Rather than granting the employees access to
all files and folders in the data repository, she is granting them access only to the
data they need for the project. What principle is Hajar following? - ans -Principle
of need to know
Hajar is a security specialist. Her organization has about 500 systems that must be
tracked for inventory purposes. She is preparing an email to her manager that
describes the benefits of including specific details about software in the
inventory, as well as the use of an automated asset management system. Which
of the following is not one of those benefits? - ans -The frequency of operating
system upgrades will be reduced.
Hardening a server refers to: - ans -the combination of all the steps that it takes to
protect a vulnerable system and make it more secure than the default installation.
How can you determine the importance of a system? - ans -By how the system is
used
In a quantitative risk assessment, what describes the loss that will happen to the
asset as a result of a threat? - ans -Exposure factor (EF)
In a risk assessment, which of the following refers to how responsibilities are
assigned? - ans -Management Structure
