Do My Essay!
Do not waste time. Get a complete paper today.
Our leading custom writing service provides custom written papers in 80+ disciplines. Order essays, research papers, term papers, book reviews, assignments, dissertation, thesis or extensive dissertations & our expert ENL writers will easily prepare a paper according to your requirements.
You’ll get your high quality plagiarism-free paper according to your deadline! No Bullshit!!
Special offer! Get 20% discount on your first order. Promo code: SAVE20
Final exam
Question 1
What should you be armed with to adequately assess potential weaknesses in each information asset?
Question 1 options:
Intellectual property assessment
Properly classified inventory
List of known threats
Audited accounting spreadsheet
Question 2
Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?
Question 2 options:
IP address
Part number
MAC address
Serial number
Question 3
Which of the following is NOT a valid rule of thumb on risk control strategy selection?
Question 3 options:
When the attackers potential gain is less than the costs of attack: Apply protections to decrease the attackers cost or reduce the attackers gain, by using technical or operational controls.
When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.
When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.
When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited.
Question 4
By multiplying the asset value by the exposure factor, you can calculate which of the following?
Question 4 options:
Value to adversaries
Annualized cost of the safeguard
Annualized loss expectancy
Single loss expectancy
Question 5
The Microsoft Risk Management Approach includes four phases. Which of the following is NOT one of them?
Question 5 options:
Implementing controls
Evaluating alternative strategies
Conducting decision support
Measuring program effectiveness
Question 6
What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?
Question 6 options:
Qualitative assessment of many risk components
Quantitative valuation of safeguards
Subjective prioritization of controls
Risk analysis estimates
Question 7
Which of the following affects the cost of a control?
Question 7 options:
Maintenance
Liability insurance
CBA report
Asset resale
Question 8
Strategies to limit losses before and during a realized adverse event is covered by which of the following plans in the mitigation control approach?
Question 8 options:
Disaster recovery plan
Business continuity plan
Damage control plan
Incident response plan
Question 9
The identification and assessment of levels of risk in an organization describes which of the following?
Question 9 options:
Risk reduction
Risk management
Risk identification
Risk analysis
Question 10
Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?
Question 10 options:
Cost of prevention
Cost of identification
Cost of litigation
Cost of detection
Question 11
Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?
Question 11 options:
Ticket Granting Service
Authentication Server
Authentication Client
Key Distribution Center
Question 12
Which of the following is a commonly used criteria used to compare and evaluate biometric technologies?
Question 12 options:
False accept rate
False reject rate
Crossover error rate
Valid accept rate
Question 13
To move the InfoSec discipline forward, organizations should take all but which of the following steps?
Question 13 options:
Learn more about the requirements and qualifications for InfoSec and IT positions
Learn more about InfoSec budgetary and personnel needs
Insist all mid-level and upper-level management take introductory InfoSec courses
Grant the InfoSec function an appropriate level of influence and prestige
Question 14
Which of the following InfoSec positions is responsible for the day-to-day operation of the InfoSec program?
Question 14 options:
Security technician
Security officer
Security manager
CISO
Question 15
The intermediate area between trusted and untrusted networks is referred to as which of the following?
Question 15 options:
Demilitarized zone
Unfiltered area
Proxy zone
Semi-trusted area
Question 16
Which technology has two modes of operation: transport and tunnel?
Question 16 options:
Secure Sockets Layer
Secure Hypertext Transfer Protocol
Secure Shell
IP Security
Question 17
Which of the following is NOT a typical task performed by the security technician?
Question 17 options:
Develop security policy
Coordinate with systems and network administrators
Configure firewalls and IDPSs
Implement advanced security appliances
Question 18
Temporary hires called contract employees – or simply contractors – should not be allowed to do what?
Question 18 options:
Work on the premises
Wander freely in and out of buildings
Compensated by the organization based on hourly rates
Visit the facility without specific, prior coordination
Question 19
Which tool can best identify active computers on a network?
Question 19 options:
Packet sniffer
Port scanner
Honey pot
Trap and trace
Question 20
Which of the following is typically true about the CISO position?
Question 20 options:
Accountable for the day-to-day operation of all or part of the InfoSec program
Frequently reports directly to the Chief Executive Officer
Technically qualified individual who may configure firewalls and IDPSs
Business managers first and technologists second
Previous PageNext Page
Question 21
The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following?
Question 21 options:
For political advantage
For private financial gain
In furtherance of a criminal act
For purposes of commercial advantage
Question 22
There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them?
Question 22 options:
Intent
Accident
Ignorance
Malice
Question 23
Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls.
Question 23 options:
Persecution
Remediation
Rehabilitation
Deterrence
Question 24
Which of the following is an international effort to reduce the impact of copyright, trademark
and privacy infringement, especially via the removal of technological copyright protection measures?
Question 24 options:
DMCA
European Council Cybercrime Convention
U.S. Copyright Law
PCI DSS
Question 25
Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right?
Question 25 options:
Descriptive ethics
Normative ethics
Deontological ethics
Applied ethics
Question 26
Deterrence is the best method for preventing an illegal or unethical activity.
Question 26 options:
True
False
Question 27
Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federal computer system?
Question 27 options:
The Telecommunications Deregulation and Competition Act
National Information Infrastructure Protection Act
The Computer Security Act
Computer Fraud and Abuse Act
Question 28
Which of the following is compensation for a wrong committed by an employee acting with or without authorization?
Question 28 options:
Jurisdiction
Due diligence
Liability
Restitution
Question 29
The Secret Service is charged with the detection and arrest of any person committing a U.S. federal offense relating to computer fraud, as well as false identification crimes.
Question 29 options:
True
False
Question 30
Which entity is not exempt from the Federal Privacy Act of 1974?
Question 30 options:
U.S. Congress
Hospitals
Credit agencies
Bureau of the Census