Answered You can buy a ready-made answer or pick a professional tutor to order an original one.
COM590 Midterm Exam Latest 2017 (All Correct)
Question 1 2.5 / 2.5 pointsThe use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?Question options:ConfidentialityAvailabilityIntegrityNonrepudiationQuestion 2 2.5 / 2.5 pointsThe concept of “need to know” is most closely associated with which of the following?Question options:AuthenticationAvailabilityConfidentialityIntegrityQuestion 3 2.5 / 2.5 pointsWhat is the primary goal of business process reengineering?Question options:To develop new security policiesTo improve business processesTo implement an enterprise resource systemTo determine management bonusesQuestion 4 2.5 / 2.5 pointsAn unauthorized user accessed protected network storage and viewed personnel records. What has been lost?Question options:ConfidentialityNonrepudiationIntegrityAvailabilityQuestion 5 2.5 / 2.5 pointsWhat does COBIT stand for?Question options:Control Objectives for Information and Related TechnologyCommon Objects for Information and TechnologyCommon Objectives for Information and TechnologyControl Objects for Information TechnologyQuestion 6 2.5 / 2.5 pointsWhat does “tone at the top” refer to?Question options:Policies, in relation to standards, procedures, and guidelinesConfidentiality in the C-I-A triadRegulatory bodies, in relation to security policies and controlsCompany leadersQuestion 7 2.5 / 2.5 pointsWhich of the following types of security controls stops incidents or breaches immediately?Question options:PreventiveCorrectiveDetectiveNone of the aboveQuestion 8 2.5 / 2.5 pointsAn encryption system is an example of which type of security control?Question options:TechnicalCorrectivePhysicalAdministrativeQuestion 9 2.5 / 2.5 pointsSecurity controls fall into three design types: preventive, detective, and:Question options:effective.corrective.quantitative.qualitative.Question 10 2.5 / 2.5 pointsWhich of the following is not a generally accepted principle for implementing a security awareness program?Question options:Competency should be measured.Remind employees of risks.Leaders should provide visible support.None of the above.Question 11 2.5 / 2.5 pointsOf the following compliance laws, which focuses most heavily on personal privacy?Question options:FISMAGLBAHIPAASOXQuestion 12 2.5 / 2.5 pointsTo which sector does HIPAA apply primarily?Question options:FinancialNone of the aboveCommunicationsMedicalQuestion 13 2.5 / 2.5 pointsWhich law was challenged by the American Library Association and the American Civil Liberties Union claiming it violated free speech rights of adults?Question options:CIPAFERPAHIPAAGLBAQuestion 14 2.5 / 2.5 pointsTo which sector does the Sarbanes-Oxley Act apply primarily?Question options:MedicalPublically traded companiesFinancialCommunicationsQuestion 15 2.5 / 2.5 pointsWhich compliance law concept states that only the data needed for a transaction should be collected?Question options:Public interestLimited use of personal dataFull disclosureOpt-in/opt-outQuestion 16 2.5 / 2.5 pointsYou are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?Question options:Role-based access controlElevated privilegesVirtual private networkingSoftware as a ServiceQuestion 17 2.5 / 2.5 pointsWhich of the following is not true of segmented networks?Question options:By limiting certain types of traffic to a group of computers, you are eliminating a number of threats.Switches, routers, internal firewalls, and other devices restrict segmented network traffic.A flat network has more controls than a segmented network for limiting traffic.Network segmentation limits what and how computers are able to talk to each other.Question 18 2.5 / 2.5 pointsIn which domain is virtual private networking a security control?Question options:WAN DomainRemote Access DomainBoth A and BNeither A nor BQuestion 19 0 / 2.5 pointsA security policy that addresses data loss protection, or data leakage protection, is an issue primarily in which IT domain?Question options:UserWorkstationWANSystem/ApplicationQuestion 20 0 / 2.5 pointsA nurse uses a wireless computer from a patient’s room to access real-time patient information from the hospital server. Which domain does this wireless connection fall under?Question options:System/ApplicationUserWANLANQuestion 21 2.5 / 2.5 pointsRegarding security policies, what is a stakeholder?Question options:An individual who has an interest in the success of the security policiesA framework in which security policies are formedA placeholder in the framework where new policies can be addedAnother name for a change requestQuestion 22 0 / 2.5 pointsWhich personality type tends to be best suited for delivering security awareness training?Question options:PleaserPerformerAnalyticalCommanderQuestion 23 2.5 / 2.5 pointsWhich of the following is typically defined as the end user of an application?Question options:Data ownerData managerData custodianData userQuestion 24 0 / 2.5 pointsWhich of the following is not true of auditors?Question options:Report to the leaders they are auditingAre accountable for assessing the design and effectiveness of security policiesCan be internal or externalOffer opinions on how well the policies are being followed and how effective they areQuestion 25 0 / 2.5 pointsIn an organization, which of the following roles is responsible for the day-to-day maintenance of data?Question options:Data ownerInformation security office (ISO)Compliance officerData custodianQuestion 26 2.5 / 2.5 pointsWhich of the following include details of how an IT security program runs, who is responsible for day-to-day work, how training and awareness are conducted, and how compliance is handled?Question options:ProceduresGuidelinesStandardsPoliciesQuestion 27 0 / 2.5 pointsWhich of the following are used as benchmarks for audit purposes?Question options:PoliciesGuidelinesStandardsProceduresQuestion 28 2.5 / 2.5 pointsWhat does an IT security policy framework resemble?Question options:Narrative documentCycle diagramListHierarchy or treeQuestion 29 0 / 2.5 pointsWhich of the following is not a control area of ISO/IEC 27002, “Information Technology–Security Techniques–Code of Practice for Information Security Management”?Question options:Security policyRisk assessment and treatmentAsset managementAudit and accountabilityQuestion 30 2.5 / 2.5 pointsWhat is included in an IT policy framework?Question options:ProceduresGuidelinesStandardsAll of the aboveQuestion 31 0 / 2.5 pointsWhich of the following is generally not an objective of a security policy change board?Question options:Review requested changes to the policy frameworkCoordinate requests for changesMake and publish approved changes to policiesAssess policies and recommend changesQuestion 32 2.5 / 2.5 pointsWhen publishing an internal security policy or standard, which role or department usually gives final approval?Question options:Audit and Compliance ManagerSenior ExecutiveLegalHuman ResourcesQuestion 33 0 / 2.5 pointsVirus removal and closing a firewall port are examples of which type of security control?Question options:CorrectiveRecoveryDetective or responsePreventiveQuestion 34 0 / 2.5 pointsFences, security guards, and locked doors are examples of which type of security control?Question options:Technical securityNone of the aboveAdministrativePhysical securityQuestion 35 0 / 2.5 pointsWhich principle for developing policies, standards, baselines, procedures, and guidelines discusses a series of overlapping layers of controls and countermeasures?Question options:Multidisciplinary principleAccountability principleProportionality principleDefense-in-depth principleQuestion 36 0 / 2.5 pointsWho is responsible for data quality within an enterprise?Question options:Data stewardData custodianCISACISOQuestion 37 0 / 2.5 pointsThe core requirement of an automated IT security control library is that the information is:Question options:alphabetized.in a numerical sequence.in PDF formatsearchable.Question 38 2.5 / 2.5 pointsWhich security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?Question options:ITILCOBITCOSOOCTAVEQuestion 39 2.5 / 2.5 points__________ refers to the degree of risk an organization is willing to accept.Question options:ProbabilityRisk aversionRisk toleranceRisk appetiteQuestion 40 0 / 2.5 pointsA fundamental component of internal control for high-risk transactions is:Question options:a defense in depth.a separation of duties.data duplication.following best practices.
- @
- 177 orders completed
- ANSWER
-
Tutor has posted answer for $28.00. See answer's preview
******** * ** * 25 ********* *** ** ********** *** ******* ********** helps ****** **** **** *** transmitted ** the same as what *** received ***** ** *** ********* is **************** ****************************************************************** * 25 / ** ********* ******* of ******* ** ******* ** most ******* ********** **** ***** ** the ****************** ****************************************************************** 3 25 * ** ********** is *** primary goal of business ******* ********************** options:To develop *** ******** ********** ******* business *********** implement ** ********** resource ******** determine management *************** * 25 / ** ******** ************ **** ******** ********* ******* ******* *** ****** personnel ******* What *** **** lost?Question options:ConfidentialityNonrepudiationIntegrityAvailabilityQuestion * ** * ** ********** **** COBIT stand ************ *************** ********** *** *********** and Related **************** Objects *** Information *** **************** ********** for *********** *** ***************** Objects for *********** ****************** * ** / ** ********** **** “tone ** *** ****** ***** *********** options:Policies in ******** ** ********* procedures and ************************* ** *** ***** triadRegulatory ****** in ******** ** ******** ******** *** *************** *************** 7 ** * ** *********** of *** ********* ***** ** ******** controls stops ********* ** ******** ******************** options:PreventiveCorrectiveDetectiveNone ** the ************* * ** * ** ******** ********** ****** is ** ******* ** which type ** security **************** ********************************************************* * 25 / ** ************** ******** **** into three ****** ****** ********** ********* ************ ********************************************************** ** 25 * ** *********** ** *** ********* ** not * ********* ******** ********* for ************ * ******** ********* **************** ****************** ****** be measuredRemind ********* ** ************ should ******* ******* *********** of *** ************* ** ** * 25 ******** the ********* ********** laws ***** focuses **** ******* on ******** **************** ********************************* 12 ** * ** pointsTo ***** sector **** ***** ***** primarily?Question ********************* ** *** ********************************** ** ** * 25 *********** law *** ********** ** *** American Library *********** *** the ******** Civil Liberties ***** ******** it ******** **** ****** ****** ** *************** ********************************** ** 25 / 25 pointsTo ***** sector **** *** ************** *** ***** ****************** options:MedicalPublically ****** companiesFinancialCommunicationsQuestion 15 ** / ** *********** ********** *** ******* states **** only *** data needed for a transaction should be collected?Question options:Public *************** use ** ******** ******** ******************************** ** 25 * ** pointsYou *** ** the West ***** but **** ** connect ** **** *********** ******** ** *** **** ***** You use a program ** ************ ******* *** Internet ** ***** *** ******** ***** ********** *** *** ************** ****************** ****** *************** ***************** private ****************** as * *************** ** 25 * ** pointsWhich ** *** ********* is *** **** ** ********* ***************** ********** limiting ******* ***** of ******* ** * group ** ********* *** *** *********** * number of threatsSwitches ******* ******** ********* *** ***** ******* ******** segmented ******* trafficA **** ******* *** **** controls **** * ********* ******* for ******** ************** segmentation ****** **** and how computers *** **** ** **** ** **** otherQuestion ** ** * 25 ******** ***** ****** ** ******* private networking * ******** **************** *********** ************ ****** ********** * *** ******** A *** ********* 19 * ** ******* security ****** **** ********* data **** ********** ** **** ******* ********** ** an ***** ********* ** ***** ** *************** **************************************************** ** / ** pointsA ***** **** * wireless ******** **** * *********** room to ****** real-time ******* *********** **** the hospital ****** ***** ****** **** **** wireless ********** **** ************** ******************************************** 21 ** / ** pointsRegarding security ******** **** ** * ******************** options:An ********** *** has ** ******** in the ******* of *** security ********* ********* ** ***** ******** ******** *** formedA placeholder ** the ********* ***** *** ******** *** ** ************ **** *** * ****** requestQuestion ** * ** *********** *********** **** ***** to ** **** ****** for ********** ******** ********* ***************** *************************************************** ** ** / 25 *********** of *** ********* is ********* ******* ** *** *** **** of ** application?Question ************ ********* *********** custodianData userQuestion 24 * ** *********** of *** ********* is not **** ** ***************** ************** ** *** ******* they *** *********** accountable for ********* *** design *** ************* ** ******** *********** ** internal ** ************* opinions ** *** well the ******** are ***** ******** *** *** effective **** *********** ** / ** ******** an organization which ** the ********* ***** ** *********** for *** ********** maintenance ** data?Question ************ **************** ******** office *************** *********** ***************** ** ** * ** *********** of *** ********* include ******* ** *** ** ** ******** ******* **** *** ** responsible *** ********** **** *** ******** *** ********* *** conducted *** *** ********** ** handled?Question ***************************************************** 27 * ** *********** ** the following *** **** ** benchmarks *** ***** ***************** ***************************************************** ** ** / ** ********** **** an IT ******** ****** framework resemble?Question ***************** ************* ******************** ** treeQuestion ** * ** pointsWhich of *** ********* is *** a ******* **** ** ISO/IEC ***** “Information ********************* ***************** ** ******** for Information Security ********************** **************** ********** ********** and ************** managementAudit *** ********************** ** ** * ** ********** ** included in an ** policy ****************** **************************************** ** *** ************* ** * 25 *********** ** *** ********* ** ********* *** an objective ** * security ****** change board?Question ************** requested ******* ** *** policy ******************* ******** *** changesMake *** publish ******** ******* to policiesAssess ******** *** ********* *************** ** ** / 25 ********** ********** ** ******** ******** ****** or ******** which **** or ********** ******* ***** ***** approval?Question ************* *** ********** ************* ******************* ***************** ** * 25 *********** removal and ******* * ******** **** *** ******** ** ***** **** of security control?Question options:CorrectiveRecoveryDetective ** ************************** ** * ** ************ security guards *** ****** ***** are examples ** ***** type ** ******** control?Question ***************** ************ ** the aboveAdministrativePhysical **************** ** / ** *********** principle *** ********** ******** standards baselines ********** *** ********** discusses * ****** ** overlapping ****** ** ******** and countermeasures?Question ************************* *********************** ************************ ************************* ***************** ** * ** ********* ** responsible *** data ******* ****** an ******************* ************ stewardData custodianCISACISOQuestion ** * ** ********* **** requirement of ** automated ** security ******* ******* ** **** *** information *********** ********************** a ********* sequencein PDF formatsearchableQuestion 38 ** * ** *********** security ****** framework ******* ** concepts ********* *** processes *** managing *** delivering IT ***************** options:ITILCOBITCOSOOCTAVEQuestion ** ** / 25 **************** refers ** the ****** ** risk an ************ is ******* to ************** options:ProbabilityRisk ************ toleranceRisk appetiteQuestion 40 / ** ******* *********** component ** ******** control for ********* ************ is:Question options:a ******* ** ****** separation ** ********** ******************** best ***********