question archive QUESTION 1) In order to move data from an unsecure WAN to a secure LAN, you begin by segmenting a piece of your LAN into a demilitarized zone (DMZ)
QUESTION 1) In order to move data from an unsecure WAN to a secure LAN, you begin by segmenting a piece of your LAN into a demilitarized zone (DMZ)
Subject:Computer SciencePrice: Bought3
QUESTION 1) In order to move data from an unsecure WAN to a secure LAN, you begin by segmenting a piece of your LAN into a demilitarized zone (DMZ).
True
False
3 points
QUESTION 2
1. The term critical infrastructure refers to key elements of the country’s transportation, energy, communications, and banking systems. Which of the following is not an example of critical infrastructure?
|
|
|
power companies |
|
|
|
oil and gas pipelines |
|
|
|
large banks |
|
|
|
public universities |
3 points
QUESTION 3
1. When it comes to information, an organization has one main concern about how that information is collected, stored, and processed: Is the information safe?
True
False
3 points
QUESTION 4
1. In recent years, ___________________ has emerged as major technology. It provides a way of buying software, infrastructure, and platform services on someone else’s network.
|
|
|
remote access domain |
|
|
|
social networking |
|
|
|
cloud computing |
|
|
|
web graffiti |
3 points
QUESTION 5
1. Most employees will:
|
|
|
look for the easiest way to do their jobs. |
|
|
|
unnecessarily complicate tasks with extra steps. |
|
|
|
unintentionally skip valuable steps and tasks. |
|
|
|
find less efficient and less economical ways to work. |
3 points
QUESTION 6
1. Implementing content filtering and intrusion detection/intrusion prevention systems at the Internet ingress/egress as well as disabling system administration rights on user workstations are strategies that can be used for preventing users from:
|
|
|
downloading and installing unauthorized applications and software onto organization-owned IT assets. |
|
|
|
inserting CDs, DVDs, and USB drives with personal data onto organization-owned IT assets. |
|
|
|
accessing the Internet and surfing the Web. |
|
|
|
clicking on unknown e-mail attachments and files. |
3 points
QUESTION 7
1. In order to be compliant with the NIST publications, policies must include key security control requirements. One of these key requirements includes certification and accreditation, which is a process that occurs after the system is documented, controls tested, and risk assessment completed. It is required before going live with a major system. Once a system is certified and accredited, responsibility shifts to the owner to operate the system.
True
False
3 points
QUESTION 8
1. Employing separation of duties can be used to avoid:
|
|
|
responsibility. |
|
|
|
conflict of integrity. |
|
|
|
conflict of interest. |
|
|
|
conflict of authority. |
3 points
QUESTION 9
1. The Health Insurance Portability and Accountability Act (HIPAA) is a(n) __________ that applies to all U.S. healthcare organizations.
|
|
|
compliance law |
|
|
|
|
|
|
|
industry standard |
|
|
|
general guideline |
3 points
QUESTION 10
1. In which portion of the acceptable use policy (AUP) you created in the lab did you include how you intend to implement the policy throughout the organization?
|
|
|
Guidelines |
|
|
|
Scope |
|
|
|
Standards |
|
|
|
Procedures |
3 points
QUESTION 11
1. Security awareness training policies should be written in such a way that they:
|
|
|
never need to be reviewed. |
|
|
|
never need to be updated. |
|
|
|
need regular review and updates. |
|
|
|
won’t need frequent updates. |
3 points
QUESTION 12
1. Depending on the violation’s severity, repeat or continued violations of organization-wide policies might be grounds for:
|
|
|
refusing to pay earned wages. |
|
|
|
denying overtime assignments. |
|
|
|
termination of employment. |
|
|
|
limiting an employee’s Internet access. |
3 points
QUESTION 13
1. Hierarchical organizations are more likely than flat organizations to have a:
|
|
|
security policy. |
|
|
|
formal chain of command. |
|
|
|
profitable business model. |
|
|
|
chief executive officer. |
3 points
QUESTION 14
1. When developing policy to secure PII data, the following guidelines should be considered: examine, collaborate, align, educate, retain, limit, disclose, and encrypt.
True
False
3 points
QUESTION 15
1. Federal and state governments in the United States establish laws that define how to control, handle, share, and process the sensitive information that the new economy relies on. ___________________ are then added to these laws, which are typically written by civil servants to implement the authority of the law.
|
|
|
Risk assessments |
|
|
|
Stakeholder reports |
|
|
|
Regulations |
|
|
|
Data privacy reports |
3 points
QUESTION 16
1. The most senior leader responsible for managing an organization’s risks is the chief privacy officer (CPO). Which of the following is not one of the responsibilities of the CPO?
|
|
|
The CPO is responsible for keeping up with privacy laws. |
|
|
|
The CPO also needs to understand how the laws impact business. |
|
|
|
The CPO must be a lawyer. |
|
|
|
The CPO must work closely with a technology team to create strong security policies. |
3 points
QUESTION 17
1. Security awareness training is designed to mitigate the risks and threats identified in:
|
|
|
all seven domains of a typical IT infrastructure. |
|
|
|
the System/Application Domain. |
|
|
|
the LAN Domain and the LAN-to-WAN Domain. |
|
|
|
the User Domain and the Workstation Domain. |
3 points
QUESTION 18
1. Executive management, IT security policy enforcement monitoring, and human resources, all must have a unified front regarding the:
|
|
|
size and structure of the organization. |
|
|
|
management structure and advancement opportunities. |
|
|
|
issuance of executive orders within the organization. |
|
|
|
disciplinary treatment of policy violations. |
3 points
QUESTION 19
1. In general, it is good practice to make your security policies relevant to business needs because they stand a better chance of being followed.
True
False
3 points
QUESTION 20
1. When there is a security control in place to ensure there is a way to measure compliance, the benefit is a clear definition of what business goals are to be achieved.
True
False
3 points
QUESTION 21
1. Acceptable use policies help an organization __________ by establishing what can and cannot take place.
|
|
|
take advantage of opportunities |
|
|
|
mitigate risks and threats |
|
|
|
use fewer resources |
|
|
|
make better decisions |
3 points
QUESTION 22
1. Which of the following risks is typically found in the User Domain?
|
|
|
Software vulnerabilities |
|
|
|
Humans and human nature |
|
|
|
Network vulnerabilities |
|
|
|
Unauthorized access to equipment |
3 points
QUESTION 23
1. In the Standards section of the remote access policy document you created in the lab, you referenced standards such as:
|
|
|
employee screening standards and hiring standards. |
|
|
|
encryption standards and SSL VPN standards. |
|
|
|
User standards and Workstation standards. |
|
|
|
security awareness training standards. |
3 points
QUESTION 24
1. The purpose of an acceptable use policy (AUP) is to establish the rules for:
|
|
|
an individual user who poses a threat. |
|
|
|
making an executive decision. |
|
|
|
a specific group of employees. |
|
|
|
a specific system, network, or Web site. |
3 points
QUESTION 25
1. When trying to achieve operational consistency, which of following oversight phases performs the function of periodically assessing to ensure desired results are achieved?
|
|
|
improve |
|
|
|
measure |
|
|
|
review |
|
|
|
manage |
3 points
QUESTION 26
1. Which of the following security control design types does not prevent incidents or breaches immediately and relies on a human to decide what action to take?
|
|
|
detective control |
|
|
|
automated control |
|
|
|
corrective control |
|
|
|
preventative control |
3 points
QUESTION 27
1. There are many factors one must consider to ensure security policies and controls align with regulations. Which of the following is not one of the factors?
|
|
|
inventory |
|
|
|
business requirements |
|
|
|
security framework |
|
|
|
risk assessment |
3 points
QUESTION 28
1. Opening e-mails and unknown e-mail attachments, which can lead to malicious software and codes, is a risk that is typically found in the:
|
|
|
LAN Domain. |
|
|
|
LAN-to-WAN Domain. |
|
|
|
User Domain. |
|
|
|
Workstation Domain. |
3 points
QUESTION 29
1. The Gramm-Leach-Bliley Act (GLBA) is enforced through regulators who are members of the Federal Financial Institutions Examination Council (FFIEC). The FFIEC publishes booklets of what type of computer security policies and controls must be in place for an institution or company to be compliant with GLBA.
True
False
3 points
QUESTION 30
1. When trying to achieve operational consistency, which of following oversight phases performs the function of periodically assessing to ensure desired results are achieved?
|
|
|
improve |
|
|
|
measure |
|
|
|
review |
|
|
|
manage |
3 points
QUESTION 31
1. According to the SANS Institute, a __________ is typically a document that outlines specific requirements or rules that must be met and are usually point-specific, covering a single area?
|
|
|
regulation |
|
|
|
guideline |
|
|
|
standard |
|
|
|
policy |
3 points
QUESTION 32
1. There are many distinct benefits to control measurement. Which of the following benefits is the result of determining which security controls to measure?
|
|
|
defines the effectiveness of the controls being measured |
|
|
|
defines the scope of the compliance being measured |
|
|
|
defines the impact to the business if the goals are not achieved |
|
|
|
defines how the policy will be enforced |
3 points
QUESTION 33
1. Which of the following statements best captures the reason why U.S. compliance laws came about?
|
|
|
These laws recognize the power of information. |
|
|
|
When everyone has to follow the same rules, the playing field is level. |
|
|
|
These laws holds an organization accountable when breaches occur. |
|
|
|
The misuse and abuse of information is has major impact on the lives of individuals and their privacy. |
3 points
QUESTION 34
1. How many domains are in the typical IT infrastructure?
|
|
|
Three |
|
|
|
Five |
|
|
|
Seven |
|
|
|
Ten |
3 points
QUESTION 35
1. Separation of duties is a security control whereby the same person:
|
|
|
is responsible for assigning the roles and responsibilities of staff members. |
|
|
|
may interact across the organization to confirm the actions of the organization. |
|
|
|
cannot define, approve, and implement an action of the organization. |
|
|
|
is trained and capable of defining, approving, and implementing all actions of the organization. |
3 points
QUESTION 36
1. In a central management system that typically manages workstations, one of the key functions is discovery management; discovery management systems extract logs from a device and typically move logs to a central repository
True
False
3 points
QUESTION 37
1. In U.S. compliance laws affecting information security policies, there exists a number of concepts with matching objectives. What is the matching objective for the concept of full disclosure?
|
|
|
The practice of asking permission on how personal information can be used beyond its original purpose. For example, a real estate company might ask permission of someone who sold their home if their information can be shared with a moving company. |
|
|
|
The concept that an organization has an obligation to the general public beyond its self-interest. It’s not unusual for regulators to look at the impact an organization has on the industry or the economy in general. |
|
|
|
The key idea is that the company can use information collected only for the immediate service provided, or transaction made, such as a purchase. For example, assume a bank just approved your credit card purchase of ski equipment. In most states the bank could not then share that information with someone who will try to sell you a ski vacation. |
|
|
|
The concept that individuals should know what information about them is being collected. A company must give written notice on how it plans to use your information. |
3 points
QUESTION 38
1. The most senior leader responsible for managing an organization’s risks is the chief privacy officer (CPO). Which of the following is not one of the responsibilities of the CPO?
|
|
|
The CPO is responsible for keeping up with privacy laws. |
|
|
|
The CPO also needs to understand how the laws impact business. |
|
|
|
The CPO must be a lawyer. |
|
|
|
The CPO must work closely with a technology team to create strong security policies. |
3 points
QUESTION 39
1. Which government agency provides a portion of the funding to support the CVE database?
|
|
|
U.S. Department of Homeland Security |
|
|
|
Information Resources Center |
|
|
|
Central Intelligence Agency |
|
|
|
National Institute of Standards and Technology |
3 points
QUESTION 40
1. Granting remote access introduces not only the same risks inherent with authenticated users on the local network but additional risks by granting local access to users from the:
|
|
|
Local Area Network (LAN). |
|
|
|
Internet’s open network. |
|
|
|
User Domain. |
|
|
|
Workstation Domain. |
3 points
QUESTION 41
1. There are several types of domains in the IT infrastructure. Which of the following is not one of these domains?
|
|
|
user |
|
|
|
workstation |
|
|
|
remote access |
|
|
|
VPN |
3 points
QUESTION 42
1. Of the types of U.S. compliance laws, there are a number of laws that are designed to provide confidence in the markets. _______________ are the beneficiaries of these laws.
|
|
|
Individuals |
|
|
|
Shareholders |
|
|
|
Public interest groups |
|
|
|
National security organizations |
3 points
QUESTION 43
1. In Information Technology Infrastructure Library (ITIL), the volume service strategy relates to ongoing support of the service, and the volume service operation relates to how to define the governance and portfolio of services, which includes aligning to the business and IT finance requirements.
True
False
3 points
QUESTION 44
1. In U.S. compliance laws affecting information security policies, there exists a number of concepts with matching objectives. What is the matching objective for the concept of full disclosure?
|
|
|
The practice of asking permission on how personal information can be used beyond its original purpose. For example, a real estate company might ask permission of someone who sold their home if their information can be shared with a moving company. |
|
|
|
The concept that an organization has an obligation to the general public beyond its self-interest. It’s not unusual for regulators to look at the impact an organization has on the industry or the economy in general. |
|
|
|
The key idea is that the company can use information collected only for the immediate service provided, or transaction made, such as a purchase. For example, assume a bank just approved your credit card purchase of ski equipment. In most states the bank could not then share that information with someone who will try to sell you a ski vacation. |
|
|
|
The concept that individuals should know what information about them is being collected. A company must give written notice on how it plans to use your information. |
3 points
QUESTION 45
1. Employees lacking security awareness training tend to:
|
|
|
create a hazardous work environment for their co-workers. |
|
|
|
introduce risks and vulnerabilities into an organization. |
|
|
|
use the Internet more frequently and send more e-mail. |
|
|
|
make more mistakes and work inefficiently. |
3 points
QUESTION 46
1. In hierarchical organizational structures, communication between employees tends to:
|
|
|
be very difficult to achieve at all. |
|
|
|
occur across organizational functions. |
|
|
|
be more “top-down.” |
|
|
|
be more “bottom-up.” |
3 points
QUESTION 47
1. Which of the following statement states the difference between business liability and a business’s legal obligation?
|
|
|
Business liability occurs when a company fails to meet its obligation to its employees and community. A business’s legal obligation is an action that it is required to take in compliance with the law. |
|
|
|
Business obligation occurs when an organization cannot meet its business liability. |
|
|
|
A business’s liability is an action the business is required to take in compliance with the law, whereas a business obligation occurs when a company fails to meet the standards established by its employees and community. |
|
|
|
Business liability is a legal commitment, whereas business obligation is a subset of an organization’s overall risk exposure. |
3 points
QUESTION 48
1. When using a layered security approach to system administration, who would have the highest access privileges?
|
|
|
A Superuser or the owner of the system, application, and data |
|
|
|
All users of the system, application, and data |
|
|
|
All members of the organization’s IT department |
|
|
|
The organization’s chief executive officer |
3 points
QUESTION 49
1. The only difference between a remote access domain and a user domain is that in a user domain, you are traveling from a public unsecure network into the private secure company network.
True
False
3 points
QUESTION 50
1. In flat organizational structures, employees tend to be:
|
|
|
more open and communicative. |
|
|
|
more interested in financial rewards. |
|
|
|
constrained within their role or function. |
|
|
|
less likely to interact across the organization. |
