• Question 1
0.25 out of 0.25 points
When would someone ask, “Would a reasonable person be expected to manage this risk?”
Selected
... [Show More] Answer:
when applying a reasonableness test
Answers: when performing a risk assessment
when applying a reasonableness test
when applying the reasonable person standard
when performing a cost/benefit analysis
• Question 2
When a threat exploits a vulnerability, it results in a(n) .
0.25 out of 0.25 points
Selected Answer:
loss
Answers: impac t
loss crime
liabilit y
• Question 3
0.25 out of 0.25 points
As a top-level executive at your own company, you are worried that your employees may steal confidential data too easily by downloading and taking home data onto thumb drives. What is the best way to prevent this from happening?
Selected Answer:
Create and enforce a written company policy against the use of thumb drives, and install a technical controls on the computers that will prevent the use of thumb drives.
Answers: Install a technical control to prevent the use of thumb drives.
Instruct higher level employees to inform their employees that the use of a thumb drive is a fireable offense.
Hold a seminar that explains to employees why the use of thumb drives in the workplace is a security hazard.
Create and enforce a written company policy against the use of
thumb drives, and install a technical controls on the computers that will prevent the use of thumb drives.
• Question 4
0.25 out of 0.25 points
Risk is the practice of identifying, assessing, controlling, and mitigating risks.
Selected Answer:
managem ent
Answers: assessme nt
mitigation
managem ent
evaluatio n
• Question 5
What is NOT an example of an intangible value?
0 out of 0.25 points
Selected Answer:
cost of gaining a consumer
Answers: future lost revenue
cost of gaining a consumer
customer influence data
• Question 6
What is the primary reason to avoid risk?
0.25 out of 0.25 points
Selected Answer:
The impact of the risk outweighs the benefit of the asset.
Answers: Risks create vulnerabilities and threats.
The impact of the risk outweighs the benefit of the asset.
Risks are easily exploited. Risks can destroy a business.
• Question 7
Identify the true statement.
0 out of 0.25 points
Selected Answer:
Vulnerability is a synonym for loss.
Answers: Exploited vulnerabilities result in losses.
All vulnerabilities result in losses. Vulnerability is a synonym for loss.
The method used to take advantage of a vulnerability is known as a threat.
• Question 8
A is the likelihood that a loss will occur.
0.25 out of 0.25 points
Selected Answer:
risk
Answers: threat
risk
vulnerabil ity
assessme nt
• Question 9
Another term for risk mitigation is .
0 out of 0.25 points
Selected Answer:
risk management
Answers: risk reduction
risk assessment
risk management
risk evaluation
• Question 10
What are often the weakest links in IT security?
0.25 out of 0.25 points
Selected Answer:
people
Answers: environmental
threats people
passwords physical security
• Question 11
0.25 out of 0.25 points
When risk is reduced to an acceptable level, the remaining risk is referred to as .
Selected Answer:
residual risk
Answers: acceptable risk
remaining risk
residual risk
low-impact risk
• Question 12
What is NOT an example of unintentional threat?
0 out of 0.25 points
Selected Answer:
An employee enters important data incorrectly on a day when he accidentally leaves his glasses at home.
Answers: The server for an Internet-based business crashes.
An employee enters important data incorrectly on a day when he accidentally leaves his glasses at home.
A swine flu epidemic causes a massive reduction in the labor force that maintains a company’s systems.
Malware written and run by a “script kiddie” just to see what he could do destroys a company’s information database.
• Question 13
0.25 out of 0.25 points
Identify the acronym that does NOT refer to an initiative taken by the government to help companies manage IT risks.
Selected Answer:
IIS
Answers: IIS NIST DHS
US- CERT
• Question 14
A(n) is a computer joined to a botnet.
0.25 out of 0.25 points
Selected Answer:
zombie
Answers: robot
virus
access control
zombie
• Question 15
0 out of 0.25 points
damage for the sake of doing damage, and they often choose targets of opportunity.
Selected Answer:
Hackers
Answers: Vandals
Saboteurs
Disgruntled employees
Hackers
• Question 16
Hardening the server refers to .
0 out of 0.25 points
Selected Answer:
a type of attack that removes the authorization to access a company’s systems from high-level employees in a corporation
Answers: a mitigation technique that is a step towards protecting a vulnerable system
a type of attack that removes the authorization to access a company’s systems from high-level employees in a corporation
the combination of all the steps that it takes to protect a vulnerable system and make it more secure than the default installation
a type of attack that deletes vital data from a server
• Question 17
0 out of 0.25 points
A policy governs how patches are understood, tested, and rolled out to systems and clients.
Selected configuration
Answer: management
Answers: patch mitigation
patch management version control
configuration management
• Question 18
What is a security policy?
0.25 out of 0.25 points
Selected Answer:
a high-level overview of security goals
Answers: a principle of least privilege
an access control
a high-level overview of security goals
a principle of need to know
• Question 19
What is the most commonly seen attack?
0.25 out of 0.25 points
Selected Answer:
malware infections
Answers: zombies
access controls
environmental threats
malware infections
• Question 20
0.25 out of 0.25 points
You are a disgruntled employee with a master’s degree in computer sciences who was recently laid off from a major technology company, and you want to launch an attack on the company. Where might you go to learn about vulnerabilities that you can exploit for your plan?
Selected Answer:
a blog
Answers: the website of a competitor’s company
a coffee shop near your old
office
the company’s website a blog
• Question 21
What is the function of job rotation?
0 out of 0.25 points
Selected Answer:
to define acceptable use for IT systems and data
Answers: to prevent embezzlement
to prevent or reduce fraudulent activity
to ensure no person controls an entire process
to define acceptable use for IT systems and data
• Question 22
CIPA is .
0.25 out of 0.25 points
Selected Answer:
designed to limit offensive content from school and library computers
Answers: an E-rate program
a subsection of FERPA
designed to limit offensive content from school and library computers
designed to protect the health information of minors
• Question 23
What is NOT one of the three primary bureaus of the FTC?
0.25 out of 0.25 points
Selected Answer:
Bureau of Finances
Answers: Bureau of Consumer
Protection
Bureau of Competition Bureau of Economics Bureau of Finances
• Question 24
FERPA applies to all of the following, EXCEPT .
0.25 out of 0.25 points
Selected Answer:
Saint Mary’s Private Elementary School for Girls
Answers: Washington State Community College Arizona State University
Saint Mary’s Private Elementary School for Girls
Public School 119 of New York City
• Question 25
What are the six principles of PCI DSS?
0.25 out of 0.25 points
Selected Answer:
build and maintain a secure network; protect cardholder data; maintain a vulnerability management program; implement strong access control measures; regularly monitor and test networks; and maintain an information security policy
Answers: build and maintain a secure network; install a firewall; maintain a firewall; implement strong access control measures; regularly monitor and test networks; and maintain an information security policy
build and maintain a secure network; protect cardholder data; maintain a vulnerability management program; implement strong access control measures; regularly monitor and test networks; and maintain an information security policy
build and maintain a secure network; protect cardholder data; use and update antivirus software; encrypt transmissions; regularly monitor and test networks; and maintain an information security policy
build and maintain a secure network; develop and maintain secure systems; restrict access to data; restrict physical access; regularly monitor and test networks; and maintain an information security policy
• Question 26
0.25 out of 0.25 points
When a fiduciary does not exercise due diligence, it can be considered
.
Selected Answer:
negligence
Answers: reasonable doubt
attorney-client privilege
power of attorney
negligence
• Question 27
What are the seven COBIT enablers?
0 out of 0.25 points
Selected Answer:
meeting stakeholder needs; covering the enterprise end-to-end; applying a single integrated framework; enabling a holistic approach; information; separating governance from management; and people, skills, and competencies
Answers: meeting stakeholder needs; processes; enabling a holistic approach; culture, ethics, and behavior; information; services, infrastructure, and applications; and people, skills, and competencies
principles, policies, and frameworks; processes; organizational structures; culture, ethics, and behavior; information; services, infrastructure, and applications; and people, skills, and competencies
covering the enterprise end-to-end; processes; organizational structures; culture, ethics, and behavior; information; services, infrastructure, and applications; and applying a single integrated framework
meeting stakeholder needs; covering the enterprise end-to-end; applying a single integrated framework; enabling a holistic approach; information; separating governance from management; and people, skills, and competencies
• Question 28
0 out of 0.25 points
What is NOT a standard or guideline for compliance that exists to assess and improve security?
Selected Answer:
NIS T
Answers: FTC
NIS T
ISO
DoD
• Question 29
In relation to risk management, IP stands for .
0.25 out of 0.25 points
Selected Answer:
intellectual property
Answers: intellectual property
intangible property
Internet property
Internet protocol
• Question 30
0.25 out of 0.25 points
What ensures that federal agencies protect their data and assigns specific responsibilities for federal agencies?
Selected Answer:
FISMA
Answers: FERP A
FISMA HIPAA CIPA
• Question 31
POAM stands for .
0.25 out of 0.25 points
Selected Answer:
plan of action and milestones
Answers: processes of accountable management
plan of accurate mitigation
procedures of accident management
plan of action and milestones
• Question 32
0 out of 0.25 points
After you present your recommendations, the managers can ,
, or your recommendations.
Selected Answer:
select, reject, pass
Answers: accept, modify, defer
select, reject, pass
implement, ignore, question
buy, sell, hold
• Question 33
What are the four major categories of reporting requirements?
0.25 out of 0.25 points [Show Less]