CMIT 425 EXAM Questions AND Correct Answers
_______ is a series of international standards that, among other things, provides
guidance for managing security controls. - ✔✔ISO/IEC 27000
________ is a legal obligation applied to executives which stockholders can use
to sue company leaders who fail to protect a company's assets from harm or
loss. - ✔✔Due notice
Due diligence
Due performance
________ is a legal principle that requires that individuals perform necessary
actions to prevent negligence from occurring. It is judged using the reasonable
person standard. - ✔✔Due care
Customary law
Separation of duties
A ______ is a document which defines mandatory activities, actions, or rules. -
✔✔Standard
A ___________ is a potential danger which occurs when a ___________ exploits
a vulnerability. - ✔✔threat, threat agent
A company needs to conduct a Business Impact Assessment (BIA) in order to
identify important business processes and assets which could be impacted by a
cyber attack, natural disaster or any other event with potential to cause an
extended interruption in its operations. Which of the following groups are most
likely to provide critical information for the team conducting the BIA? -
✔✔National Hurricane Center.
, Business process owners.
Employees, Managers, and Supervisors.
A control is _____________ - ✔✔used to reduce or mitigate risks.
A risk is __________ - ✔✔the probability that a vulnerability will be successfully
exploited by a threat agent causing a business to experience loss or harm.
A weakness in a system that allows malware to compromise security is called a
_________. - ✔✔vulnerability
An exposure occurs when a vulnerability _____________. - ✔✔creates the
possibility of incurring a loss or experiencing harm.
Availability is the principle which ensures ____________. - ✔✔reliability and
timely access to data and other resources by authorized individuals.
Balanced security refers to _____________ - ✔✔weighing choices in controls
against the magnitude of risk presented by a variety of threats.
addressing threats and implementing controls for availability, integrity, and
confidentiality.
understanding the concepts of the AIC triad.
_______ is a series of international standards that, among other things, provides
guidance for managing security controls. - ✔✔ISO/IEC 27000
________ is a legal obligation applied to executives which stockholders can use
to sue company leaders who fail to protect a company's assets from harm or
loss. - ✔✔Due notice
Due diligence
Due performance
________ is a legal principle that requires that individuals perform necessary
actions to prevent negligence from occurring. It is judged using the reasonable
person standard. - ✔✔Due care
Customary law
Separation of duties
A ______ is a document which defines mandatory activities, actions, or rules. -
✔✔Standard
A ___________ is a potential danger which occurs when a ___________ exploits
a vulnerability. - ✔✔threat, threat agent
A company needs to conduct a Business Impact Assessment (BIA) in order to
identify important business processes and assets which could be impacted by a
cyber attack, natural disaster or any other event with potential to cause an
extended interruption in its operations. Which of the following groups are most
likely to provide critical information for the team conducting the BIA? -
✔✔National Hurricane Center.
, Business process owners.
Employees, Managers, and Supervisors.
A control is _____________ - ✔✔used to reduce or mitigate risks.
A risk is __________ - ✔✔the probability that a vulnerability will be successfully
exploited by a threat agent causing a business to experience loss or harm.
A weakness in a system that allows malware to compromise security is called a
_________. - ✔✔vulnerability
An exposure occurs when a vulnerability _____________. - ✔✔creates the
possibility of incurring a loss or experiencing harm.
Availability is the principle which ensures ____________. - ✔✔reliability and
timely access to data and other resources by authorized individuals.
Balanced security refers to _____________ - ✔✔weighing choices in controls
against the magnitude of risk presented by a variety of threats.
addressing threats and implementing controls for availability, integrity, and
confidentiality.
understanding the concepts of the AIC triad.
