INFOSEC FINAL 2 EXAM QUESTIONS
AND ANSWERS 100% PASS
If an organization deals successfully with change and has created procedures and systems that
can be adjusted to the environment, the existing security improvement program will probably
continue to work well.
a. True
b. False - ANS True
Over time, policies and procedures may become inadequate due to changes in the
organization's mission and operational requirements, threats, or the environment.
a. True
b. False - ANS True
An effective information security governance program requires no ongoing review once it is well
established.
a. True
b. False - ANS False
A general guideline for performance of hard drives suggests that when the amount of data
stored on a particular hard drive averages 95% of available capacity for a prolonged period, you
should consider an upgrade for the drive.
a. True
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,b. False - ANS False
Documentation procedures are not required for configuration and change management
processes.
a. True
b. False - ANS False
management model such as the ISO 27000 series deals with methods to maintain systems.
a. True
b. False - ANS False
External monitoring entails forming intelligence from various data sources and then giving that
intelligence context and meaning for use by decision makers within the organization. -
ANS True
US-CERT is generally viewed as the definitive authority for computer emergency response
teams.
a. True
b. False - ANS True
Intelligence for external monitoring can come from a number of sources: vendors, CERT
organizations, public network sources, and membership sites.
a. True
b. False - ANS True
Over time, external monitoring processes should capture information about the external
environment in a format that can be referenced across the organization as threats emerge and
for historical use.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,a. True
b. False - ANS True
The internal monitoring domain is the component of the maintenance model that focuses on
identifying, assessing, and managing the physical security of assets in an organization.
a. True
b. False - ANS False
Inventory characteristics for hardware and software assets that record the manufacturer and
versions are related to technical functionality, and should be highly accurate and updated each
time there is a change.
a. True
b. False - ANS True
The target selection step of Internet vulnerability assessment involves using the external
monitoring intelligence to configure a test engine (such as Nessus) for the tests to be
performed.
a. True
b. False - ANS False
An intranet vulnerability scan starts with the scan of the organization's default Internet search
engine.
a. True
b. False - ANS False
All systems that are mission critical should be enrolled in platform security validation (PSV)
measurement.
a. True
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, b. False - ANS True
Wireless vulnerability assessment begins with the planning, scheduling, and notification of all
Internet connections, using software such as Wireshark.
a. True
b. False - ANS False
Remediation of vulnerabilities can be accomplished by accepting or transferring the risk,
removing the threat, or repairing the vulnerability.
a. True
b. False - ANS True
The vulnerability database, like the risk, threat, and attack database, both stores and tracks
information.
a. True
b. False - ANS True
In some instances, risk is acknowledged as being part of an organization's business process.
a. True
b. False - ANS True
Threats cannot be removed without requiring a repair of the vulnerability.
a. True
b. False - ANS False
Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a
current foundation for the information security program.
4 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
AND ANSWERS 100% PASS
If an organization deals successfully with change and has created procedures and systems that
can be adjusted to the environment, the existing security improvement program will probably
continue to work well.
a. True
b. False - ANS True
Over time, policies and procedures may become inadequate due to changes in the
organization's mission and operational requirements, threats, or the environment.
a. True
b. False - ANS True
An effective information security governance program requires no ongoing review once it is well
established.
a. True
b. False - ANS False
A general guideline for performance of hard drives suggests that when the amount of data
stored on a particular hard drive averages 95% of available capacity for a prolonged period, you
should consider an upgrade for the drive.
a. True
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,b. False - ANS False
Documentation procedures are not required for configuration and change management
processes.
a. True
b. False - ANS False
management model such as the ISO 27000 series deals with methods to maintain systems.
a. True
b. False - ANS False
External monitoring entails forming intelligence from various data sources and then giving that
intelligence context and meaning for use by decision makers within the organization. -
ANS True
US-CERT is generally viewed as the definitive authority for computer emergency response
teams.
a. True
b. False - ANS True
Intelligence for external monitoring can come from a number of sources: vendors, CERT
organizations, public network sources, and membership sites.
a. True
b. False - ANS True
Over time, external monitoring processes should capture information about the external
environment in a format that can be referenced across the organization as threats emerge and
for historical use.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,a. True
b. False - ANS True
The internal monitoring domain is the component of the maintenance model that focuses on
identifying, assessing, and managing the physical security of assets in an organization.
a. True
b. False - ANS False
Inventory characteristics for hardware and software assets that record the manufacturer and
versions are related to technical functionality, and should be highly accurate and updated each
time there is a change.
a. True
b. False - ANS True
The target selection step of Internet vulnerability assessment involves using the external
monitoring intelligence to configure a test engine (such as Nessus) for the tests to be
performed.
a. True
b. False - ANS False
An intranet vulnerability scan starts with the scan of the organization's default Internet search
engine.
a. True
b. False - ANS False
All systems that are mission critical should be enrolled in platform security validation (PSV)
measurement.
a. True
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, b. False - ANS True
Wireless vulnerability assessment begins with the planning, scheduling, and notification of all
Internet connections, using software such as Wireshark.
a. True
b. False - ANS False
Remediation of vulnerabilities can be accomplished by accepting or transferring the risk,
removing the threat, or repairing the vulnerability.
a. True
b. False - ANS True
The vulnerability database, like the risk, threat, and attack database, both stores and tracks
information.
a. True
b. False - ANS True
In some instances, risk is acknowledged as being part of an organization's business process.
a. True
b. False - ANS True
Threats cannot be removed without requiring a repair of the vulnerability.
a. True
b. False - ANS False
Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a
current foundation for the information security program.
4 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
