What are often the weakest links in IT security?
0.25 out of 0.25 points
Selected Answer:
people
Answers: environmental
threats people
... [Show More] passwords
physical security
• Question 2
0 out of 0.25 points
A new company starts up but does not have a lot of revenue for the first year. Installing anti-virus software for all the company’s computers would be very costly, so the owners decide to forgo purchasing anti-virus software for the first year of the business. In what domain of typical IT infrastructure is vulnerability created?
Selected Answer:
LAN domain
Answers: workstation domain
malware domain
LAN domain WAN domain
• Question 3
What is the primary reason to avoid risk?
0.25 out of 0.25 points
Selected Answer:
The impact of the risk outweighs the benefit of the asset.
Answers: Risks create vulnerabilities and threats.
The impact of the risk outweighs the benefit of the asset.
Risks are easily exploited. Risks can destroy a business.
• Question 4
Another term for risk mitigation is .
0.25 out of 0.25 points
Selected Answer:
risk reduction
Answers: risk reduction
risk assessment
risk management
risk evaluation
• Question 5
What is a major type of vulnerability for the user domain?
0.25 out of 0.25 points
Selected Answer:
social engineering
Answers: zombies
malware
social engineering
natural disasters
• Question 6
What is NOT a step in risk management?
0 out of 0.25 points
Selected Answer:
taking steps to reduce risk to an accepted level
Answers: taking steps to reduce risk to an accepted level
identifying risks assessing risks eliminating all risks
• Question 7
What is the best example of warez?
0.25 out of 0.25 points
Selected Answer:
a file on your computer of tonight’s new Game of Thrones episode you downloaded for free
Answers: software
hardware
a file on your computer of tonight’s new Game of Thrones episode you downloaded for free
an MP3 file of a new Cage the Elephant single you bought with iTunes money
• Question 8
Total risk =
0.25 out of 0.25 points
Selected Answer:
threat x vulnerability x asset value
Answers: threat x vulnerability
threat x vulnerability x asset value
benefit - cost
(benefit – cost) x asset value
• Question 9
What is compared in a threat-likelihood-impact matrix?
0 out of 0.25 points
Selected Answer:
weakness and threat
Answers: costs to implement safeguard and vulnerability
tangibility of a risk and intangible value
cost to manage a risk and impact value
weakness and threat
• Question 10
A(n) is the process of creating a list of threats.
0.25 out of 0.25 points
Selected Answer:
threat identification
Answers: threat identification
threat
assessment
risk assessment
risk identification
• Question 11
When does a threat/vulnerability pair occur?
0.25 out of 0.25 points
Selected Answer:
when a threat exploits a vulnerability
Answers: when a threat exploits a vulnerability when a vulnerability exploits a threat
when an attacker exploits an unintentional threat
when a threat creates a loss
• Question 12
0.25 out of 0.25 points
damage for the sake of doing damage, and they often choose targets of opportunity.
Selected Answer:
Vandals
Answers: Vandals
Saboteurs
Disgruntled employees
Hackers
• Question 13
What is NOT an example of unintentional threat?
0.25 out of 0.25 points
Selected Answer:
Malware written and run by a “script kiddie” just to see what he could do destroys a company’s information database.
Answers: The server for an Internet-based business crashes.
An employee enters important data incorrectly on a day when he accidentally leaves his glasses at home.
A swine flu epidemic causes a massive reduction in the labor force that maintains a company’s systems.
Malware written and run by a “script kiddie” just to see what he could do destroys a company’s information database.
• Question 14
0.25 out of 0.25 points
A policy governs how patches are understood, tested, and rolled out to systems and clients.
Selected Answer:
patch management
Answers: patch mitigation
patch management version control
configuration management
• Question 15
What is NOT true about Operation Aurora?
0.25 out of 0.25 points
Selected Answer:
It attacked several private citizens.
Answers: It attacked several private
citizens.
It originated in China.
It attacked several private companies.
It is an example of an APT attack.
• Question 16
are acts that are hostile to an organization.
0.25 out of 0.25 points
Selected Answer:
Intentional threats
Answers: All threats
Intentional threats
Human threats
Unintentional threats
• Question 17
0 out of 0.25 points
All of the following terms have the same meaning, EXCEPT .
Selected Answer:
perimeter zone
Answers: buffer zone firewall zone
demilitarized zone
perimeter zone
• Question 18
A(n) is a computer joined to a botnet.
0.25 out of 0.25 points
Selected Answer:
zombie
Answers: robot
virus
access control
zombie
• Question 19
0.25 out of 0.25 points
What is NOT a program overseen by the National Cybersecurity and Communications Integration Center?
Selected Answer:
DHS
Answers: DHS
National Cyber Awareness System
US-CERT ICS-CERT
• Question 20
0.25 out of 0.25 points
When risk is reduced to an acceptable level, the remaining risk is referred to as .
Selected Answer:
residual risk
Answers: acceptable risk
remaining risk
residual risk
low-impact risk
• Question 21
0.25 out of 0.25 points
When a fiduciary does not exercise due diligence, it can be considered
.
Selected Answer:
negligence
Answers: reasonable doubt
attorney-client privilege
power of attorney negligence
• Question 22
CIPA is .
0.25 out of 0.25 points
Selected Answer:
designed to limit offensive content from school and library computers
Answers: an E-rate program
a subsection of FERPA
designed to limit offensive content from school and library computers
designed to protect the health information of minors
• Question 23
0.25 out of 0.25 points
When the FTC was created in 1914, its primary goal was to .
Selected Answer:
prevent unfair methods of competition
Answers: stop the illegal sale of alcohol
prevent unfair methods of competition promote consumer protection
protect fair trade and ensure ethical treatment of workers
• Question 24
What is the function of job rotation?
0.25 out of 0.25 points
Selected Answer:
to prevent or reduce fraudulent activity
Answers: to prevent embezzlement
to prevent or reduce fraudulent activity
to ensure no person controls an entire process
to define acceptable use for IT systems and data
• Question 25
When companies are expected to adhere to the laws that they are affected by, this is commonly known as .
0.25 out of 0.25 points
Selected Answer:
compliance
Answers: SOX
compliance
risk management
regulation
• Question 26
What are the seven COBIT enablers?
0.25 out of 0.25 points
Selected Answer:
principles, policies, and frameworks; processes; organizational structures; culture, ethics, and behavior; information; services, infrastructure, and applications; and people, skills, and competencies
Answers: meeting stakeholder needs; processes; enabling a holistic approach; culture, ethics, and behavior; information; services, infrastructure, and applications; and people, skills, and
competencies
principles, policies, and frameworks; processes; organizational structures; culture, ethics, and behavior; information; services, infrastructure, and applications; and people, skills, and competencies
covering the enterprise end-to-end; processes; organizational structures; culture, ethics, and behavior; information; services, infrastructure, and applications; and applying a single integrated framework
meeting stakeholder needs; covering the enterprise end-to-end; applying a single integrated framework; enabling a holistic approach; information; separating governance from management; and people, skills, and competencies
• Question 27
You recently changed jobs. HIPAA helps you .
0.25 out of 0.25 points
Selected Answer:
protect your health information
Answers: protect your health information control medical costs
share your medical history with your new employer
sign up for Medicaid
• Question 28
What is NOT one of the three primary bureaus of the FTC?
0.25 out of 0.25 points
Selected Answer:
Bureau of Finances
Answers: Bureau of Consumer
Protection
Bureau of Competition Bureau of Economics Bureau of Finances
• Question 29
In relation to risk management, IP stands for .
0.25 out of 0.25 points
Selected Answer:
intellectual property
Answers: intellectual property
intangible property
Internet property
Internet protocol
• Question 30
0.25 out of 0.25 points
When your bank or credit card company sends you a notification of changes in how it collects or shares data, it is sending that notification in compliance with .
Selected Answer:
the Financial Privacy Rule
Answers: HIPAA
the Safeguards Rule FERPA
the Financial Privacy Rule
• Question 31
All of the following terms have the same meaning EXCEPT:
0.25 out of 0.25 points
Selected Answer:
affinity diagram
Answers: cause and effect
diagram
Ishikawa diagram
What are the four major categories of reporting requirements?
0.25 out of 0.25 points
Selected Answer:
present recommendations; document management response to
recommendations; document and track implementation of accepted recommendations; and create a POAM
Answers: present recommendations; document management response to recommendations; document and track implementation of accepted recommendations; and create a POAM
present recommendations; present justifications; present procedures; and present timelines
affinity diagrams, threat-likelihood-impact matrices, CBAs, and key stakeholders
risk management, risk evaluation, risk assessment, and risk mitigation
• Question 33
What is NOT a vulnerability that may affect a website for an online company?
0.25 out of 0.25 points
Selected Answer:
loss of Internet connectivity
Answers: no firewall
lack of protection from an intrusion detection system
loss of Internet connectivity out of date antivirus software
• Question 34
In a risk management plan, how should you complete the step of describing the procedures and schedules for accomplishment?
0 out of 0.25 points
Selected Answer:
Answers
:
Create an affinity diagram and a threat-likelihood-impact matrix; assign the task to a stakeholder; and submit the official schedule to management.
Create an affinity diagram and a threat-likelihood-impact matrix; assign the task to a stakeholder; and submit the official schedule to management.
Present stakeholders with a list of vulnerabilities that need addressing and the steps involved with fixing each vulnerability; ask them to asses how long it will take them to address each of those vulnerabilities; and create an official schedule for the stakeholders based on their estimated timetable.
Recommend a [Show Less]