saint com510 Midterm Exam latest 2017 november

Published by Denis on

Midterm Exam

Are your assignments troubling you?

Get your troublesome papers finished by our competent writers now!

Hire A Writer Now

Special offer! Get 20% discount on your first order. Promo code: SAVE20

Question 1

Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) __________.

Question 1 options:





Question 2

Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?

Question 2 options:





Question 3

Corruption of information can occur only while information is being stored.

Question 3 options:



Question 4

“Shoulder spying” is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance.

Question 4 options:



Question 5

Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?

Question 5 options:





Question 6

Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?

Question 6 options:

Brute force

Back door



Question 7

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus __________.

Question 7 options:

false alarms



urban legends

Question 8

According to the C.I.A. triad, which of the following is a desirable characteristic for computer security?

Question 8 options:





Question 9

Blackmail threat of informational disclosure is an example of which threat category?

Question 9 options:

Information extortion

Sabotage or vandalism

Espionage or trespass

Compromises of intellectual property

Question 10

The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack.

Question 10 options:



Question 11

Individuals who control, and are therefore responsible for, the security and use of a particular set of information are known as __________.

Question 11 options:

data generators

data owners

data users

data custodians

Question 12

Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event?

Question 12 options:

Business response

Risk management

Disaster readiness

Module 3

Contingency planning

Question 13

The individual accountable for ensuring the day-to-day operation of the InfoSec program, accomplishing the objectives identified by the CISO and resolving issues identified by technicians are known as a(n) __________.

Question 13 options:

chief information security officer

security manager

chief technology officer

security technician

Question 14

Which type of document grants formal permission for an investigation to occur?

Question 14 options:

Evidentiary report


Search warrant

Forensic concurrence

Question 15

Internal and external stakeholders such as customers, suppliers, or employees who interact with the information in support of their organization’s planning and operations are known as __________.

Question 15 options:

data generators

data custodians

data owners

data users

Question 16

Which of the following is a responsibility of the crisis management team?

Question 16 options:

Evaluating monitoring capabilities

Keeping the public informed about the event and the actions being taken

Restoring the services and processes in use

Restoring the data from backups

Question 17

In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed first in a digital forensics investigation?

Question 17 options:

Acquire (seize) the evidence without alteration or damage

Identify relevant items of evidentiary value (EM)

Analyze the data without risking modification or unauthorized access

Report the findings to the proper authority

Question 18

ISO 27014:2013 is the ISO 27000 series standard for __________.

Question 18 options:

governance of information security

risk management

information security management

policy management

Question 19

Which of the following is an approach available to an organization as an overall philosophy for contingency planning reactions?

Question 19 options:

Track, hack and prosecute

Transfer to local/state/federal law enforcement

Protect and forget

After-action review

Question 20

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

Question 20 options:

Create the incident damage assessment

Conduct an after-action review

Restore services and processes in use

Restore data from backups

Question 21

Which of the following is an advantage of the one-on-one method of training?

Question 21 options:


Very cost-effective

Trainees can learn from each other

Maximizes use of company resources

Question 22

What is the SETA program designed to do?

Question 22 options:

Reduce the occurrence of external attacks

Increase the efficiency of InfoSec staff

Reduce the occurrence of accidental security breaches

Improve operations

Question 23

Which of the following is true about the security staffing, budget, and needs of a medium-sized organization?

Question 23 options:

They have a larger security staff than a small organization

They have a smaller security budget (as percent of IT budget) than a large organization

They have a larger security budget (as percent of IT budget) than a small organization

They have larger information security needs than a small organization

Question 24

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

Question 24 options:

Statement of Purpose

Limitations of Liability

Policy Review and Modification

Systems Management

Question 25

Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?

Question 25 options:

Prohibited Usage of Equipment

Authorized Access and Usage of Equipment

Violations of Policy

Systems Management

Question 26

Which of the following is true about a company’s InfoSec awareness Web site?

Question 26 options:

It should contain large images to maintain interest

It should be tested with multiple browsers

Appearance doesn’t matter if the information is there

It should be placed on the Internet for public use

Question 27

Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk?

Question 27 options:

Risk assessment

Systems testing

Risk management

Vulnerability assessment

Question 28

Which of the following are instructional codes that guide the execution of the system when information

Question 28 options:

access control lists

capability tables

configuration rules

user profiles

Question 29

Which of the following variables is the most influential in determining how to structure an information security program?

Question 29 options:

Security capital budget

Organizational size

Organizational culture

Security personnel budget

Question 30

Which of the following are the two general groups into which SysSPs can be separated?

Question 30 options:

User specifications and managerial guidance

Business guidance and network guidance

Technical specifications and business guidance

Technical specifications and managerial guidance

Question 31

Which of the following is the last phase in the NIST process for performance measures implementation?

Question 31 options:

Develop the business case

Obtain resources

Document the process

Apply corrective actions

Question 32

Which of the following InfoSec measurement specifications makes it possible to define success in the security program?

Question 32 options:

Prioritization and selection

Establishing targets

Development approach

Measurements templates

Question 33

What are the legal requirements that an organization adopt a standard based on what a prudent organization should do, and then maintain that standard?

Question 33 options:

Due care and due diligence

Certification and accreditation

Baselining and benchmarking

Best practices

Question 34

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?

Question 34 options:


Legal liability

Certification revocation

Competitive disadvantage

Question 35

Which type of access controls can be role-based or task-based?

Question 35 options:





Question 36

Which of the following is NOT a factor critical to the success of an information security performance program?

Question 36 options:

Quantifiable performance measurements

Strong upper level management support

Results oriented measurement analysis

High level of employee buy-in

Question 37

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

Question 37 options:

Least privilege

Separation of duties

Eyes only


Question 38

Under the Common Criteria, which term describes the user-generated specifications for security requirements?

Question 38 options:

Security Functional Requirements (SFRs)

Protection Profile (PP)

Security Target (ST)

Target of Evaluation (ToE)

Question 39

Which of the following is the primary purpose of ISO/IEC 27001:2005?

Question 39 options:

Use within an organization to formulate security requirements and objectives

Use within an organization to ensure compliance with laws and regulations

To enable organizations that adopt it to obtain certification

Implementation of business-enabling information security

Question 40

Which of the following is NOT a consideration when selecting recommended best practices?

Question 40 options:

Same certification and accreditation agency or standard

Threat environment is similar

Resource expenditures are practical

Organization structure is similar

Gudwriter Custom Papers

Special offer! Get 20% discount on your first order. Promo code: SAVE20