Saintleo COM590 Midterm Exam Latest 2019 JUNE

COM590 Strategic Planning Cybersecurity

MIDTERM EXAM

Question 1 Which
set of security tenets best represents the information assurance framework?

Question 1
options:

C-I-A triad

None of the
above

Confidentiality
and integrity

The five
pillars

Question 2 During
which phase of the COBIT ISS management life cycle do you review how you are
going to manage your IT investment such as contracts, service level agreements
(SLAs), and new policy ideas?

Question 2
options:

Deliver and
Support

Monitor and
Evaluate

Acquire and
Implement

Plan and
Organize

Question 3 Which
of the following is considered a how-to document?

Question 3
options:

Guideline

Policy

Standard

Procedure

Question 4 During
which phase of the COBIT ISS management life cycle do internal and external
audits occur?

Question 4
options:

Acquire and
Implement

Monitor and
Evaluate

Deliver and
Support

Plan and
Organize

Question 5
What does COBIT stand for?

Question 5
options:

Common
Objects for Information and Technology

Control
Objectives for Information and Related Technology

Common
Objectives for Information and Technology

Control Objects
for Information Technology

Question 6 A business __________ emerges when an
organization cannot meet its obligation or duty.

Question 6
options:

driver

None of the
above

liability

culture

Question 7 Security
controls fall into three design types: preventive, detective, and:

Question 7
options:

qualitative.

quantitative.

effective.

corrective.

Question 8 An
organization’s security awareness program is an example of which type of
security control?

Question 8
options:

Administrative

Detective

Technical

Physical

Question 9 Which
of the following is not a generally accepted principle for implementing a
security awareness program?

Question 9
options:

Competency
should be measured.

Remind
employees of risks.

Leaders should
provide visible support.

None of the
above.

Question 10
The key to __________ is being able to measure compliance against a set of
controls.

Question 10
options:

nonrepudiation

security
policy

business
management

risk
exposure

Question 11
Which compliance law concept states that a person of legal age, capable, with
the needed facts, and without undue pressure can make an informed judgment?

Question 11
options:

Full
disclosure

Limited use
of personal data

Informed
consent

Public
interest

Question 12
Which compliance law concept states that only the data needed for a transaction
should be collected?

Question 12
options:

Public
interest

Limited use
of personal data

Opt-in/opt-out

Full
disclosure

Question 13
Of the following compliance laws, which focuses most heavily on personal
privacy?

Question 13
options:

HIPAA

GLBA

SOX

FISMA

Question 14
To which sector does the Gramm-Leach-Bliley Act apply primarily?

Question 14
options:

Medical

None of the
above

Financial

Communications

Question 15
To which sector does HIPAA apply primarily?

Question 15
options:

Medical

Financial

None of the
above

Communications

Question 16
Within the User Domain, some of the ways in which risk can be mitigated include
awareness, enforcement, and:

Question 16
options:

people.

user
access.

reward.

process.

Question 17
In which domain is virtual private networking a security control?

Question 17
options:

Remote
Access Domain

WAN Domain

Both A and
B

Neither A
nor B

Question 18
Which of the following is not true of segmented networks?

Question 18
options:

A flat
network has more controls than a segmented network for limiting traffic.

Switches,
routers, internal firewalls, and other devices restrict segmented network traffic.

Network
segmentation limits what and how computers are able to talk to each other.

By limiting
certain types of traffic to a group of computers, you are eliminating a number
of threats.

Question 19
Web graffiti as a result of Web site defacement is an issue primarily in which
IT domain?

Question 19
options:

LAN-to-WAN

Workstation

LAN

User

Question 20
How is risk reduced in the LAN-to-WAN Domain?

Question 20
options:

Setting up
a DMZ

Both A and
B

Neither A
nor B

Reviewing
logs

Question 21
In an organization, which of the following roles is accountable for approving security
policy implementation?

Question 21
options:

Compliance
officer

Executive
management

Auditor

Information
security office (ISO)

Question 22
Successful security policy implementation depends on the correct alignment of
people, processes, and __________.

Question 22
options:

time

motivation

money

technology

Question 23
In an organization, which of the following roles is accountable for monitoring
adherence to laws and regulations?

Question 23
options:

Information
security office (ISO)

Compliance
officer

Data owner

Data
custodian

Question 24
A primary reason why security policies often fail is __________.

Question 24
options:

poor
planning

lack of
complexity

insufficient
leadership support

not enough
money

Question 25
Which personality type tends to be associated with good leaders?

Question 25
options:

Attacker

Achiever

Pleaser

Analytical

Question 26
Which of the following is not a control area of ISO/IEC 27002, “Information
Technology–Security Techniques–Code of Practice for Information Security
Management”?

Question 26
options:

Risk
assessment and treatment

Asset
management

Audit and
accountability

Security
policy

Question 27
Your organization was awarded a U.S. government contract. You need to ensure
your organization adheres to an acceptable IT security framework. Which of the
following is the best choice?

Question 27
options:

None of the
above

COBIT

COSO

NIST SP
800-53

Question 28
Which of the following is one of the prime objectives of an information
security program?

Question 28
options:

Keep
policies updated

Protect
information

None of the
above

Learn about
compliance

Question 29
What does an IT security policy framework resemble?

Question 29
options:

List

Narrative
document

Cycle
diagram

Hierarchy
or tree

Question 30
Which act was passed in the wake of the collapse of Enron, Arthur Andersen,
WorldCom, and several other large firms?

Question 30
options:

SOX

FISMA

CIPA

FERPA

Question 31
Which of the following is generally not an objective of a security policy
change board?

Question 31
options:

Make and
publish approved changes to policies

Assess
policies and recommend changes

Review
requested changes to the policy framework

Coordinate
requests for changes

Question 32
Virus removal and closing a firewall port are examples of which type of
security control?

Question 32
options:

Preventive

Recovery

Detective
or response

Corrective

Question 33
When publishing an internal security policy or standard, which role or
department usually gives final approval?

Question 33
options:

Legal

Human
Resources

Audit and
Compliance Manager

Senior
Executive

Question 34
Pre-employment screening of personnel and a change management process are
examples of which type of security control?

Question 34
options:

Administrative

Physical
security

None of the
above

Technical
security

Question 35
What is the primary role of a security policy evangelist?

Question 35
options:

Monitor
user adherence to security policies

Conduct security
policy awareness training

Review
student participation in security policy awareness training

Promote
security policy awareness and address user questions

Question 36
Who has a highly restricted role and grants access rights?

Question 36
options:

None of the
above

Data security
administrator

Data
administrator

CISO

Question 37
Which security policy framework, developed by CERT, focuses on information security
assessment and planning?

Question 37
options:

COSO

COBIT

ITIL

OCTAVE

Question 38
Which IT framework extends the COBIT framework and is a comprehensive risk
management approach?

Question 38
options:

ISO 27002

ISACA Risk
IT framework

COSO

ITIL

Question 39
Who is responsible for executing policies and procedures, such as backup and
versioning?

Question 39
options:

Data
administrator

CISO

Data
custodian

Data
steward

Question 40
A fundamental component of internal control for high-risk transactions is:

Question 40
options:

following
best practices.

data
duplication.

a defense
in depth.

a
separation of duties.