CMIT 425 Exam Questions and Correct Answers Latest Update 2024 Already Passed (100% Pass)
A ___________ is a potential danger which occurs when a ___________ exploits a vulnerability. -
Answers threat, threat agent
Which of the following is NOT a category of control types? - Answers protects or assures the accuracy
and reliability of information and systems.
Integrity is the principle that _________________. - Answers
An exposure occurs when a vulnerability _____________. - Answers creates the possibility of incurring a
loss or experiencing harm.
Confidentiality can be protected by implementing which of the following controls? - Answers Software
digital signing to verify recipients.
Data hiding and data obscuring techniques.
Encrypting data at rest and in transit.
Clustering and load balancing are controls that ________ - Answers map to the Availability component
of the AIC triad.
Balanced security refers to _____________ - Answers weighing choices in controls against the
magnitude of risk presented by a variety of threats.
addressing threats and implementing controls for availability, integrity, and confidentiality.
understanding the concepts of the AIC triad.
Which of the following best describes a security program? - Answers A group of standards, regulations,
and best-practices.
An organization within an enterprise that houses business activities related to providing security.
, A framework made up of many entities that work together to provide protection for an organization.
Which of the following is used to reduce the risk of vulnerabilities in purchased or acquired hardware
and software products? - Answers Supply Chain Risk Management
Hashing is a control that _______ - Answers maps to the Integrity component of the AIC triad.
Which category of control types is referred to as "soft controls?" - Answers Administrative
Risk can be reduced by _____________. - Answers applying countermeasures to eliminate
vulnerabilities.
Which of the following statements is true? - Answers PCI-DSS is a federal law that protects the privacy of
credit card transactions.
USA Patriot Act broadens privacy protections for federal law enforcement agents and immigration
authorities.
FISMA applies to federal agencies and their contractors.
Which of the following guidance documents specifically addresses security controls required for
information systems owned by or operated for the U.S. Federal Government? - Answers NIST SP-800-53
A control is _____________ - Answers used to reduce or mitigate risks.
Which of the following best describes leadership behaviors which promote ethical behavior amongst
employees? - Answers Tone at the Top
Which category of control types is also referred to as "logical controls? - Answers Technical
A weakness in a system that allows malware to compromise security is called a _________. - Answers
vulnerability
________ is a legal obligation applied to executives which stockholders can use to sue company leaders
who fail to protect a company's assets from harm or loss. - Answers Due notice
Due diligence
Due performance
Availability is the principle which ensures ____________. - Answers reliability and timely access to data
and other resources by authorized individuals.
A ______ is a document which defines mandatory activities, actions, or rules. - Answers Standard
A ___________ is a potential danger which occurs when a ___________ exploits a vulnerability. -
Answers threat, threat agent
Which of the following is NOT a category of control types? - Answers protects or assures the accuracy
and reliability of information and systems.
Integrity is the principle that _________________. - Answers
An exposure occurs when a vulnerability _____________. - Answers creates the possibility of incurring a
loss or experiencing harm.
Confidentiality can be protected by implementing which of the following controls? - Answers Software
digital signing to verify recipients.
Data hiding and data obscuring techniques.
Encrypting data at rest and in transit.
Clustering and load balancing are controls that ________ - Answers map to the Availability component
of the AIC triad.
Balanced security refers to _____________ - Answers weighing choices in controls against the
magnitude of risk presented by a variety of threats.
addressing threats and implementing controls for availability, integrity, and confidentiality.
understanding the concepts of the AIC triad.
Which of the following best describes a security program? - Answers A group of standards, regulations,
and best-practices.
An organization within an enterprise that houses business activities related to providing security.
, A framework made up of many entities that work together to provide protection for an organization.
Which of the following is used to reduce the risk of vulnerabilities in purchased or acquired hardware
and software products? - Answers Supply Chain Risk Management
Hashing is a control that _______ - Answers maps to the Integrity component of the AIC triad.
Which category of control types is referred to as "soft controls?" - Answers Administrative
Risk can be reduced by _____________. - Answers applying countermeasures to eliminate
vulnerabilities.
Which of the following statements is true? - Answers PCI-DSS is a federal law that protects the privacy of
credit card transactions.
USA Patriot Act broadens privacy protections for federal law enforcement agents and immigration
authorities.
FISMA applies to federal agencies and their contractors.
Which of the following guidance documents specifically addresses security controls required for
information systems owned by or operated for the U.S. Federal Government? - Answers NIST SP-800-53
A control is _____________ - Answers used to reduce or mitigate risks.
Which of the following best describes leadership behaviors which promote ethical behavior amongst
employees? - Answers Tone at the Top
Which category of control types is also referred to as "logical controls? - Answers Technical
A weakness in a system that allows malware to compromise security is called a _________. - Answers
vulnerability
________ is a legal obligation applied to executives which stockholders can use to sue company leaders
who fail to protect a company's assets from harm or loss. - Answers Due notice
Due diligence
Due performance
Availability is the principle which ensures ____________. - Answers reliability and timely access to data
and other resources by authorized individuals.
A ______ is a document which defines mandatory activities, actions, or rules. - Answers Standard
