COM510 Final Exam 2017 (100% Answer)

QuestionQuestion 1 (5 points)What should you be armed with to adequately assess potential weaknesses in each information asset?Question 1 options:Intellectual property assessmentProperly classified inventoryList of known threatsAudited accounting spreadsheetSaveQuestion 2 (5 points)Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?Question 2 options:IP addressPart numberMAC addressSerial numberSaveQuestion 3 (5 points)Which of the following is NOT a valid rule of thumb on risk control strategy selection?Question 3 options:When the attacker’s potential gain is less than the costs of attack: Apply protections to decrease the attacker’s cost or reduce the attacker’s gain, by using technical or operational controls.When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited.SaveQuestion 4 (5 points)By multiplying the asset value by the exposure factor, you can calculate which of the following?Question 4 options:Value to adversariesAnnualized cost of the safeguardAnnualized loss expectancySingle loss expectancySaveQuestion 5 (5 points)The Microsoft Risk Management Approach includes four phases. Which of the following is NOT one of them?Question 5 options:Implementing controlsEvaluating alternative strategiesConducting decision supportMeasuring program effectivenessSaveQuestion 6 (5 points)What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?Question 6 options:Qualitative assessment of many risk componentsQuantitative valuation of safeguardsSubjective prioritization of controlsRisk analysis estimatesSaveQuestion 7 (5 points)Which of the following affects the cost of a control?Question 7 options:MaintenanceLiability insuranceCBA reportAsset resaleSaveQuestion 8 (5 points)Strategies to limit losses before and during a realized adverse event is covered by which of the following plans in the mitigation control approach?Question 8 options:Disaster recovery planBusiness continuity planDamage control planIncident response planSaveQuestion 9 (5 points)The identification and assessment of levels of risk in an organization describes which of the following?Question 9 options:Risk reductionRisk managementRisk identificationRisk analysisSaveQuestion 10 (5 points)Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?Question 10 options:Cost of preventionCost of identificationCost of litigationCost of detectionQuestion 11 (5 points)Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?Question 11 options:Ticket Granting ServiceAuthentication ServerAuthentication ClientKey Distribution CenterSaveQuestion 12 (5 points)Which of the following is a commonly used criteria used to compare and evaluate biometric technologies?Question 12 options:False accept rateFalse reject rateCrossover error rateValid accept rateSaveQuestion 13 (5 points)To move the InfoSec discipline forward, organizations should take all but which of the following steps?Question 13 options:Learn more about the requirements and qualifications for InfoSec and IT positionsLearn more about InfoSec budgetary and personnel needsInsist all mid-level and upper-level management take introductory InfoSec coursesGrant the InfoSec function an appropriate level of influence and prestigeSaveQuestion 14 (5 points)Which of the following InfoSec positions is responsible for the day-to-day operation of the InfoSec program?Question 14 options:Security technicianSecurity officerSecurity managerCISOSaveQuestion 15 (5 points)The intermediate area between trusted and untrusted networks is referred to as which of the following?Question 15 options:Demilitarized zoneUnfiltered areaProxy zoneSemi-trusted areaSaveQuestion 16 (5 points)Which technology has two modes of operation: transport and tunnel?Question 16 options:Secure Sockets LayerSecure Hypertext Transfer ProtocolSecure ShellIP SecuritySaveQuestion 17 (5 points)Which of the following is NOT a typical task performed by the security technician?Question 17 options:Develop security policyCoordinate with systems and network administratorsConfigure firewalls and IDPSsImplement advanced security appliancesSaveQuestion 18 (5 points)Temporary hires called contract employees - or simply contractors - should not be allowed to do what?Question 18 options:Work on the premisesWander freely in and out of buildingsCompensated by the organization based on hourly ratesVisit the facility without specific, prior coordinationSaveQuestion 19 (5 points)Which tool can best identify active computers on a network?Question 19 options:Packet snifferPort scannerHoney potTrap and traceSaveQuestion 20 (5 points)Which of the following is typically true about the CISO position?Question 20 options:Accountable for the day-to-day operation of all or part of the InfoSec programFrequently reports directly to the Chief Executive OfficerTechnically qualified individual who may configure firewalls and IDPSsBusiness managers first and technologists secondSavePrevious PageNext PageQuestion 21 (5 points)The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following?Question 21 options:For political advantageFor private financial gainIn furtherance of a criminal actFor purposes of commercial advantageSaveQuestion 22 (5 points)There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is NOT one of them?Question 22 options:IntentAccidentIgnoranceMaliceSaveQuestion 23 (5 points)Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls.Question 23 options:PersecutionRemediationRehabilitationDeterrenceSaveQuestion 24 (5 points)Which of the following is an international effort to reduce the impact of copyright, trademark and privacy infringement, especially via the removal of technological copyright protection measures?Question 24 options:DMCAEuropean Council Cybercrime ConventionU.S. Copyright LawPCI DSSSaveQuestion 25 (5 points)Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right?Question 25 options:Descriptive ethicsNormative ethicsDeontological ethicsApplied ethicsSaveQuestion 26 (5 points)Deterrence is the best method for preventing an illegal or unethical activity.Question 26 options:TrueFalseSaveQuestion 27 (5 points)Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federal computer system?Question 27 options:The Telecommunications Deregulation and Competition ActNational Information Infrastructure Protection ActThe Computer Security ActComputer Fraud and Abuse ActSaveQuestion 28 (5 points)Which of the following is compensation for a wrong committed by an employee acting with or without authorization?Question 28 options:JurisdictionDue diligenceLiabilityRestitutionSaveQuestion 29 (5 points)The Secret Service is charged with the detection and arrest of any person committing a U.S. federal offense relating to computer fraud, as well as false identification crimes.Question 29 options:TrueFalseSaveQuestion 30 (5 points)Which entity is not exempt from the Federal Privacy Act of 1974?Question 30 options:U.S. CongressHospitalsCredit agenciesBureau of the Census