saint com510 Midterm Exam latest 2017 november
Are your assignments troubling you?
Get your troublesome papers finished by our competent writers now!Hire A Writer Now
Special offer! Get 20% discount on your first order. Promo code: SAVE20
Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) __________.
Question 1 options:
Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?
Question 2 options:
Corruption of information can occur only while information is being stored.
Question 3 options:
“Shoulder spying” is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individuals shoulder or viewing the information from a distance.
Question 4 options:
Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?
Question 5 options:
Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?
Question 6 options:
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus __________.
Question 7 options:
According to the C.I.A. triad, which of the following is a desirable characteristic for computer security?
Question 8 options:
Blackmail threat of informational disclosure is an example of which threat category?
Question 9 options:
Sabotage or vandalism
Espionage or trespass
Compromises of intellectual property
The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack.
Question 10 options:
Individuals who control, and are therefore responsible for, the security and use of a particular set of information are known as __________.
Question 11 options:
Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event?
Question 12 options:
The individual accountable for ensuring the day-to-day operation of the InfoSec program, accomplishing the objectives identified by the CISO and resolving issues identified by technicians are known as a(n) __________.
Question 13 options:
chief information security officer
chief technology officer
Which type of document grants formal permission for an investigation to occur?
Question 14 options:
Internal and external stakeholders such as customers, suppliers, or employees who interact with the information in support of their organizations planning and operations are known as __________.
Question 15 options:
Which of the following is a responsibility of the crisis management team?
Question 16 options:
Evaluating monitoring capabilities
Keeping the public informed about the event and the actions being taken
Restoring the services and processes in use
Restoring the data from backups
In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed first in a digital forensics investigation?
Question 17 options:
Acquire (seize) the evidence without alteration or damage
Identify relevant items of evidentiary value (EM)
Analyze the data without risking modification or unauthorized access
Report the findings to the proper authority
ISO 27014:2013 is the ISO 27000 series standard for __________.
Question 18 options:
governance of information security
information security management
Which of the following is an approach available to an organization as an overall philosophy for contingency planning reactions?
Question 19 options:
Track, hack and prosecute
Transfer to local/state/federal law enforcement
Protect and forget
After an incident, but before returning to its normal duties, the CSIRT must do which of the following?
Question 20 options:
Create the incident damage assessment
Conduct an after-action review
Restore services and processes in use
Restore data from backups
Which of the following is an advantage of the one-on-one method of training?
Question 21 options:
Trainees can learn from each other
Maximizes use of company resources
What is the SETA program designed to do?
Question 22 options:
Reduce the occurrence of external attacks
Increase the efficiency of InfoSec staff
Reduce the occurrence of accidental security breaches
Which of the following is true about the security staffing, budget, and needs of a medium-sized organization?
Question 23 options:
They have a larger security staff than a small organization
They have a smaller security budget (as percent of IT budget) than a large organization
They have a larger security budget (as percent of IT budget) than a small organization
They have larger information security needs than a small organization
Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?
Question 24 options:
Statement of Purpose
Limitations of Liability
Policy Review and Modification
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?
Question 25 options:
Prohibited Usage of Equipment
Authorized Access and Usage of Equipment
Violations of Policy
Which of the following is true about a company’s InfoSec awareness Web site?
Question 26 options:
It should contain large images to maintain interest
It should be tested with multiple browsers
Appearance doesn’t matter if the information is there
It should be placed on the Internet for public use
Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk?
Question 27 options:
Which of the following are instructional codes that guide the execution of the system when information
Question 28 options:
access control lists
Which of the following variables is the most influential in determining how to structure an information security program?
Question 29 options:
Security capital budget
Security personnel budget
Which of the following are the two general groups into which SysSPs can be separated?
Question 30 options:
User specifications and managerial guidance
Business guidance and network guidance
Technical specifications and business guidance
Technical specifications and managerial guidance
Which of the following is the last phase in the NIST process for performance measures implementation?
Question 31 options:
Develop the business case
Document the process
Apply corrective actions
Which of the following InfoSec measurement specifications makes it possible to define success in the security program?
Question 32 options:
Prioritization and selection
What are the legal requirements that an organization adopt a standard based on what a prudent organization should do, and then maintain that standard?
Question 33 options:
Due care and due diligence
Certification and accreditation
Baselining and benchmarking
Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?
Question 34 options:
Which type of access controls can be role-based or task-based?
Question 35 options:
Which of the following is NOT a factor critical to the success of an information security performance program?
Question 36 options:
Quantifiable performance measurements
Strong upper level management support
Results oriented measurement analysis
High level of employee buy-in
Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?
Question 37 options:
Separation of duties
Under the Common Criteria, which term describes the user-generated specifications for security requirements?
Question 38 options:
Security Functional Requirements (SFRs)
Protection Profile (PP)
Security Target (ST)
Target of Evaluation (ToE)
Which of the following is the primary purpose of ISO/IEC 27001:2005?
Question 39 options:
Use within an organization to formulate security requirements and objectives
Use within an organization to ensure compliance with laws and regulations
To enable organizations that adopt it to obtain certification
Implementation of business-enabling information security
Which of the following is NOT a consideration when selecting recommended best practices?
Question 40 options:
Same certification and accreditation agency or standard
Threat environment is similar
Resource expenditures are practical
Organization structure is similar