INFOSEC FINAL 2 EXAM QUESTIONS AND ANSWERS 100% PASS

INFOSEC FINAL 2 EXAM QUESTIONS
AND ANSWERS 100% PASS




If an organization deals successfully with change and has created procedures and systems that
can be adjusted to the environment, the existing security improvement program will probably
continue to work well.

a. True

b. False - ANS True



Over time, policies and procedures may become inadequate due to changes in the
organization's mission and operational requirements, threats, or the environment.

a. True

b. False - ANS True



An effective information security governance program requires no ongoing review once it is well
established.

a. True

b. False - ANS False



A general guideline for performance of hard drives suggests that when the amount of data
stored on a particular hard drive averages 95% of available capacity for a prolonged period, you
should consider an upgrade for the drive.

a. True
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

,b. False - ANS False



Documentation procedures are not required for configuration and change management
processes.

a. True

b. False - ANS False



management model such as the ISO 27000 series deals with methods to maintain systems.

a. True

b. False - ANS False



External monitoring entails forming intelligence from various data sources and then giving that
intelligence context and meaning for use by decision makers within the organization. -
ANS True



US-CERT is generally viewed as the definitive authority for computer emergency response
teams.

a. True

b. False - ANS True



Intelligence for external monitoring can come from a number of sources: vendors, CERT
organizations, public network sources, and membership sites.

a. True

b. False - ANS True



Over time, external monitoring processes should capture information about the external
environment in a format that can be referenced across the organization as threats emerge and
for historical use.

2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

,a. True

b. False - ANS True



The internal monitoring domain is the component of the maintenance model that focuses on
identifying, assessing, and managing the physical security of assets in an organization.

a. True

b. False - ANS False



Inventory characteristics for hardware and software assets that record the manufacturer and
versions are related to technical functionality, and should be highly accurate and updated each
time there is a change.

a. True

b. False - ANS True



The target selection step of Internet vulnerability assessment involves using the external
monitoring intelligence to configure a test engine (such as Nessus) for the tests to be
performed.

a. True

b. False - ANS False



An intranet vulnerability scan starts with the scan of the organization's default Internet search
engine.

a. True

b. False - ANS False



All systems that are mission critical should be enrolled in platform security validation (PSV)
measurement.

a. True

3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

, b. False - ANS True



Wireless vulnerability assessment begins with the planning, scheduling, and notification of all
Internet connections, using software such as Wireshark.

a. True

b. False - ANS False



Remediation of vulnerabilities can be accomplished by accepting or transferring the risk,
removing the threat, or repairing the vulnerability.

a. True

b. False - ANS True



The vulnerability database, like the risk, threat, and attack database, both stores and tracks
information.

a. True

b. False - ANS True



In some instances, risk is acknowledged as being part of an organization's business process.

a. True

b. False - ANS True



Threats cannot be removed without requiring a repair of the vulnerability.

a. True

b. False - ANS False



Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a
current foundation for the information security program.

4 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.