CMIT 425 Exam Questions And Accurate Answers
A ___________ is a potential danger which occurs when a ___________ exploits a
vulnerability. - ANSWER threat, threat agent
Which of the following is NOT a category of control types? - ANSWER protects or
assures the accuracy and reliability of information and systems.
Integrity is the principle that _________________. - ANSWER
An exposure occurs when a vulnerability _____________. - ANSWER creates the
possibility of incurring a loss or experiencing harm.
Which of the following controls would protect confidentiality? ANSWER Digital signing
software to authenticate recipients.
Data hiding and data obscuring techniques.
Encrypting data at rest and in transit.
Clustering and load balancing are controls that ________ ANSWER map to the Availability
component of the AIC triad.
Balanced security refers to _____________ ANSWER a process of weighing choices in
controls against the magnitude of risk presented by a variety of threats.
Availability, integrity, and confidentiality controls along with addressing threats.
, understand concepts of the AIC triad.
Which of the following does best describes a security program? - ANSWER A group of
standards, regulations, and best practices.
An organization within an enterprise that houses business activities associated with
providing security.
A framework made up of many entities working together to provide protection for an
organization.
Which of the following is used to reduce the risk of vulnerabilities in purchased or
acquired hardware and software products? - ANSWER Supply Chain Risk Management
Hashing is a control that _______ - ANSWER maps to the Integrity component of the AIC
triad.
Which category of control types is referred to as "soft controls?" - ANSWER
Administrative
Risk can be reduced by _____________. - ANSWER applying countermeasures to
eliminate vulnerabilities.
Which of the following is true? - ANSWER PCI-DSS is a federal law that protects the
confidentiality of credit card transactions.
USA Patriot Act extends privacy protection for federal law enforcement agents and for
immigration officials.
FISMA pertains to federal agencies and their contractors.
Which of the following guidance documents specifically addresses security controls
required for information systems owned by or operated for the U.S. Federal
A ___________ is a potential danger which occurs when a ___________ exploits a
vulnerability. - ANSWER threat, threat agent
Which of the following is NOT a category of control types? - ANSWER protects or
assures the accuracy and reliability of information and systems.
Integrity is the principle that _________________. - ANSWER
An exposure occurs when a vulnerability _____________. - ANSWER creates the
possibility of incurring a loss or experiencing harm.
Which of the following controls would protect confidentiality? ANSWER Digital signing
software to authenticate recipients.
Data hiding and data obscuring techniques.
Encrypting data at rest and in transit.
Clustering and load balancing are controls that ________ ANSWER map to the Availability
component of the AIC triad.
Balanced security refers to _____________ ANSWER a process of weighing choices in
controls against the magnitude of risk presented by a variety of threats.
Availability, integrity, and confidentiality controls along with addressing threats.
, understand concepts of the AIC triad.
Which of the following does best describes a security program? - ANSWER A group of
standards, regulations, and best practices.
An organization within an enterprise that houses business activities associated with
providing security.
A framework made up of many entities working together to provide protection for an
organization.
Which of the following is used to reduce the risk of vulnerabilities in purchased or
acquired hardware and software products? - ANSWER Supply Chain Risk Management
Hashing is a control that _______ - ANSWER maps to the Integrity component of the AIC
triad.
Which category of control types is referred to as "soft controls?" - ANSWER
Administrative
Risk can be reduced by _____________. - ANSWER applying countermeasures to
eliminate vulnerabilities.
Which of the following is true? - ANSWER PCI-DSS is a federal law that protects the
confidentiality of credit card transactions.
USA Patriot Act extends privacy protection for federal law enforcement agents and for
immigration officials.
FISMA pertains to federal agencies and their contractors.
Which of the following guidance documents specifically addresses security controls
required for information systems owned by or operated for the U.S. Federal
