Liberty University CSIS 340 Final Exam. Questions & Answers.
Liberty University CSIS 340 Final Exam.
CSIS 340
Liberty University CSIS 340 Final
... [Show More] Exam. Questions & Answers.
Attempt Score 90 out of 100 points
Question 1
2 out of 2 points
The _____ domain connects an organizations private network to the Internet?
Selected Answer: LAN-to-WAN
Question 2
0 out of 2 points
To promote cultural change, the goal should be to make security policies _____?
Selected Answer: Be reviewed every two years
Question 3
2 out of 2 points
Without _____ sponsorship, users will be less likely to eagerly participate in awareness training.
Selected Answer: Executive management
Question 4
2 out of 2 points
What needs do organizations have to classify data?
Selected Answer: To protect and recover information
Question 5
2 out of 2 points
The Security Compliance Committee _____?
Selected Answer: Approves controls for compliance
Question 6
2 out of 2 points
Web Services policies would be an example of _____ domain.
Selected Answer: WAN
Question 7
2 out of 2 points
Production data should be _____ before being used in a test environment?
Selected Answer: Sanitized
Question 8
2 out of 2 points
Which of the following includes guidelines under the LAN domain policies?
Selected Answer: IDS and IPS architecture and management
Question 9
2 out of 2 points
Which of the following is a common cause of security breaches?
Selected Answer: Inadequate management and user decisions
Question 10
2 out of 2 points
What is a strong indicator that awareness training is not effective?
Selected Answer: Sharing your password with a supervisor
Question 11
2 out of 2 points
Baseline standards for the LAN domain would include _____.
Selected Answer: Wi-Fi access points
Question 12
2 out of 2 points
Which of the following is not an organizational challenge when implementing security policies?
Selected Answer: Fiscal surplus
Question 13
2 out of 2 points
The ______________ model was the first model developed to address the concerns of integrity. Originally published in 1977
Selected Answer: Biba
Question 14
2 out of 2 points
_____ occurs when you manipulate or trick a person into weakening the security of an organization?
Selected Answer: Social engineering
Question 15
2 out of 2 points
Data in transit refers to what type of data?
Selected Answer: Data traversing a network
Question 16
2 out of 2 points
Simple security policy awareness requires that _____ report suspicious activity?
Selected Answer: All of the above
Question 17
2 out of 2 points
A business impact analysis requires an impact report, component reliance, and a _____.
Selected Answer: component priority
Question 18
2 out of 2 points
_____ techniques can provide a security baseline for full operating systems and applications?
Selected Answer: Imaging
Question 19
2 out of 2 points
A _____ standard describes the requirements for obtaining a domain name for use by external parties?
Selected Answer: DNS control
Question 20
2 out of 2 points
A(n) _____ has an easier time bypassing security controls and hiding his or her tracks by deleting or altering logs and time stamps.
Selected Answer: Insider
Question 21
2 out of 2 points
_____ typically have the technical skills to make critical recommendation on how to stop an attack.
Selected Answer: Information technology subject matter experts
Question 22
2 out of 2 points
Why should a security policy implementation be flexible to allow for updates?
Selected Answer: B and C only
Question 23
2 out of 2 points
Two-factor authentication is a typical control used by employees to remotely access which of the following?
Selected Answer: LAN
Question 24
2 out of 2 points
It is necessary to retain data for what major reasons?
Selected Answer: Legal obligation and needs of the business
Question 25
0 out of 2 points
A _____ is the first step in building a business continuity plan (BCP) to minimize losses.
Selected Answer: Control framework
Question 26
2 out of 2 points
Security policy enforcement can include _____?
Selected Answer: Access control
Question 27
0 out of 2 points
_____ protects data at rest from all type of breaches.
Selected Answer: Encryption
Question 28
0 out of 2 points
Once security policies are established, line management must _____ ?
Selected Answer: B and C only
Question 29
2 out of 2 points
Outdated application controls place a greater reliance on _____?
Selected Answer: Operating system controls
Question 30
2 out of 2 points
The following documents help capture domain security control requirements?
Selected Answer: Control, baseline
Question 31
2 out of 2 points
The ________________ model uses mandatory access control to enforce the DoD multilevel security policy.
Selected Answer: Bell-LaPadula
Question 32
0 out of 2 points
Generally, an Acceptable Use Policy should outline _____?
Selected Answer: An employer’s ability to digitally sign
Question 33
2 out of 2 points
A _____ is a specialized group of people whose purpose is to respond to major incidents.
Selected Answer: Incident Response Team
Question 34
2 out of 2 points
Which of the following should be in an information response team charter?
Selected Answer: Mission and organizational structure
Question 35
2 out of 2 points
A(n) ______ ensures workers are conscious of security risks and how to deal with unexpected risk.
Selected Answer: Security Awareness Policy
Question 36
2 out of 2 points
Without a policy that leads to controls that restrict employees from installing their own software on a company workstation, a company could suffer which of the following consequences?
Selected Answer: A and B only
Question 37
2 out of 2 points
Good reasons to monitor worker’s computer activities are when ______?
Selected Answer: Highly sensitive data is present
Question 38
2 out of 2 points
A _____ is a common control that is used across a significant population of systems?
Selected Answer: Pervasive control
Question 39
2 out of 2 points
Employer response to an employee posting company passwords on their social network site should include _____?
Selected Answer: B and C only
Question 40
2 out of 2 points
Security experts consider _____ the weakest link in security.
Selected Answer: People
Question 41
2 out of 2 points
A malicious _____ attack uses viruses, worms, Trojan horses, and scripts to gain access to systems, applications, and data.
Selected Answer: Code
Question 42
2 out of 2 points
You can use a _____ process to grant temporary elevated rights.
Selected Answer: Firecall-ID
Question 43
0 out of 2 points
The following organization has offered reliable security policies in the past to help organizations develop proper infrastructure policies.
Selected Answer: All of the above
Question 44
2 out of 2 points
_____ are especially useful for identifying unauthorized changes.
Selected Answer: Audit trails
Question 45
2 out of 2 points
The Risk Management Continuous Improvement Model includes _____?
Selected Answer: A and C only
Question 46
2 out of 2 points
The signs of an incident can be _____?
Selected Answer: All of the above
Question 47
2 out of 2 points
_____ determines how quickly a business process should be recovered.
Selected Answer: Recovery time objective
Question 48
2 out of 2 points
A privileged-level access agreement (PAA) is designed to heighten the awareness and accountability of?
Selected Answer: Users with administrator rights
Question 49
2 out of 2 points
______ software is capable of capturing usernames, passwords, and websites visited on a local workstation?
Selected Answer: Keylogger
Question 50
2 out of 2 points
A _____ can identify hosts on a network and determine services running on the hosts.
Selected Answer: Network scanner
Friday, July 5, 2019 1:18:30 AM EDT
OK [Show Less]