Misy 5325 Midterm Exam Questions with
100% Correct Answers | Verified | Latest
Update graded A+
Enforcement of Gramm-Leach-Bliley Act (GLBA) was assigned to federal oversight agencies,
including all except: - Answer- Securities Investor Protection Corporation (SIPC)
Which of the following is another term for statutory law? - Answer- Legislation
Regulatory compliance is a powerful driver for many organizations. - Answer- True
What are the possible outcomes of policy review? - Answer- The policy is retired or
reauthorized
Which of the following is not an example of an information asset? - Answer- Building
directory
Which of the following statements is true? - Answer- Policies should require only what is
possible.
A cybersecurity policy must take into account all these factors except: - Answer- The cultural
norms of the general public
Which of the following is the correct order of the policy life cycle? - Answer- Develop,
publish, adopt, review
Which layer in the defense-in-depth strategy includes firewalls, IDS/IPS devices,
segmentation, and VLANs? - Answer- Perimeter security
,Which of the following can be defined as the shared attitudes, goals, and practices that
characterize a company, corporation, or institution? - Answer- Corporate culture
One of the most common ways to protect the confidentiality of a system or its data is with
__________. - Answer- encryption
A(n) __________ has the authority and responsibility for ensuring that information is protected,
from creation through destruction. - Answer- information owner
__________ is the requirement that private or confidential information not be disclosed to
unauthorized individuals. - Answer- Confidentiality
User productivity is unaffected if data is not available. - Answer- False
Confidentiality, integrity, and accessibility (CIA) are the unifying attributes of an information
security program. - Answer- False
Inherent risk is the level of risk ater security measures are applied. - Answer- False
It is the __________ department's responsiblity for measuring compliance with Board-approved
policies and to ensure that controls are functioning as intended. - Answer- internal audit
A(n) __________ approach to cybersecurity assigns responsibility for being secure to the IT
department. - Answer- silo-based
A(n) __________ audit is a systematic, evidence-based evaluation of how well the organization
conforms to such established criteria as Board-approved policies, regulatory requirements,
and internationally recognized standards. - Answer- cybersecurity
,The __________ team is responsible for responding to and managing security-related incidents.
- Answer- incident response
Loss, corruption, or unauthorized disclosure of internal use data will always impair the
business or will always result in business, financial, or legal loss. - Answer- False
Secure access controls are protection related to: - Answer- data in rest
Examples include nonpublic personal information (NPPI) include all but: - Answer- listed
phone number
The success of an information security program is not directly related to the defined
relationship between the data owner and the information. - Answer- False
__________ potential impact means the loss of CIA could be expected to have a severe or
catastrophic adverse effect on organizational operations, organizational assets, or individuals.
- Answer- High
Layered defense is neither physical nor psychological. - Answer- False
Fire prevention controls include all BUT the following: - Answer- improper handling and
storage procedures for flammable/combustible materials
When looking for a location, best practices dictate that critical information-processing
facilities be while labeled with company signs and logos. - Answer- False
__________ are files that the operating system by design does not display. - Answer- Hidden
files
__________ is recognizing that there is a fire. - Answer- Fire detection
, The NIST Cybersecurity Framework Tiers include all of these categories EXCEPT: - Answer-
Internal Participation
The NIST Cybersecurity Framework cannot be used to translate among a variety of risk
management practices. - Answer- False
The NIST Cybersecurity Framework __________ is/are a collection of cybersecurity activities,
outcomes, and informative references that are common across critical infrastructure sectors. -
Answer- Core
The NIST Cybersecurity Framework __________ is/are designed to help organizations to view
and understand the characteristics of their approach to managing cybersecurity risk. -
Answer- Tiers
The NIST Cybersecurity Framework Core subcategory outcomes are meaningful for multiple
requirements. - Answer- True
__________ group the elements of a function into collections of cybersecurity outcomes. -
Answer- Categories
The four (4) NIST Cybersecurity Framework Tiers are: - Answer- "partial, risk-informed,
repeatable, adaptive"
In the NIST s Cybersecurity Framework Coordination model, the executive level
communicates the mission priorities, available resources, and overall risk tolerance to the
__________ level. - Answer- business/process
"Using specially crafted phone calls during a corporate account takeover, criminals capture a
business s online banking credentials or compromise the workstation used for online
banking." - Answer- False
100% Correct Answers | Verified | Latest
Update graded A+
Enforcement of Gramm-Leach-Bliley Act (GLBA) was assigned to federal oversight agencies,
including all except: - Answer- Securities Investor Protection Corporation (SIPC)
Which of the following is another term for statutory law? - Answer- Legislation
Regulatory compliance is a powerful driver for many organizations. - Answer- True
What are the possible outcomes of policy review? - Answer- The policy is retired or
reauthorized
Which of the following is not an example of an information asset? - Answer- Building
directory
Which of the following statements is true? - Answer- Policies should require only what is
possible.
A cybersecurity policy must take into account all these factors except: - Answer- The cultural
norms of the general public
Which of the following is the correct order of the policy life cycle? - Answer- Develop,
publish, adopt, review
Which layer in the defense-in-depth strategy includes firewalls, IDS/IPS devices,
segmentation, and VLANs? - Answer- Perimeter security
,Which of the following can be defined as the shared attitudes, goals, and practices that
characterize a company, corporation, or institution? - Answer- Corporate culture
One of the most common ways to protect the confidentiality of a system or its data is with
__________. - Answer- encryption
A(n) __________ has the authority and responsibility for ensuring that information is protected,
from creation through destruction. - Answer- information owner
__________ is the requirement that private or confidential information not be disclosed to
unauthorized individuals. - Answer- Confidentiality
User productivity is unaffected if data is not available. - Answer- False
Confidentiality, integrity, and accessibility (CIA) are the unifying attributes of an information
security program. - Answer- False
Inherent risk is the level of risk ater security measures are applied. - Answer- False
It is the __________ department's responsiblity for measuring compliance with Board-approved
policies and to ensure that controls are functioning as intended. - Answer- internal audit
A(n) __________ approach to cybersecurity assigns responsibility for being secure to the IT
department. - Answer- silo-based
A(n) __________ audit is a systematic, evidence-based evaluation of how well the organization
conforms to such established criteria as Board-approved policies, regulatory requirements,
and internationally recognized standards. - Answer- cybersecurity
,The __________ team is responsible for responding to and managing security-related incidents.
- Answer- incident response
Loss, corruption, or unauthorized disclosure of internal use data will always impair the
business or will always result in business, financial, or legal loss. - Answer- False
Secure access controls are protection related to: - Answer- data in rest
Examples include nonpublic personal information (NPPI) include all but: - Answer- listed
phone number
The success of an information security program is not directly related to the defined
relationship between the data owner and the information. - Answer- False
__________ potential impact means the loss of CIA could be expected to have a severe or
catastrophic adverse effect on organizational operations, organizational assets, or individuals.
- Answer- High
Layered defense is neither physical nor psychological. - Answer- False
Fire prevention controls include all BUT the following: - Answer- improper handling and
storage procedures for flammable/combustible materials
When looking for a location, best practices dictate that critical information-processing
facilities be while labeled with company signs and logos. - Answer- False
__________ are files that the operating system by design does not display. - Answer- Hidden
files
__________ is recognizing that there is a fire. - Answer- Fire detection
, The NIST Cybersecurity Framework Tiers include all of these categories EXCEPT: - Answer-
Internal Participation
The NIST Cybersecurity Framework cannot be used to translate among a variety of risk
management practices. - Answer- False
The NIST Cybersecurity Framework __________ is/are a collection of cybersecurity activities,
outcomes, and informative references that are common across critical infrastructure sectors. -
Answer- Core
The NIST Cybersecurity Framework __________ is/are designed to help organizations to view
and understand the characteristics of their approach to managing cybersecurity risk. -
Answer- Tiers
The NIST Cybersecurity Framework Core subcategory outcomes are meaningful for multiple
requirements. - Answer- True
__________ group the elements of a function into collections of cybersecurity outcomes. -
Answer- Categories
The four (4) NIST Cybersecurity Framework Tiers are: - Answer- "partial, risk-informed,
repeatable, adaptive"
In the NIST s Cybersecurity Framework Coordination model, the executive level
communicates the mission priorities, available resources, and overall risk tolerance to the
__________ level. - Answer- business/process
"Using specially crafted phone calls during a corporate account takeover, criminals capture a
business s online banking credentials or compromise the workstation used for online
banking." - Answer- False
