CIS 349 Week 11 Final Exam - Answers

CIS 349 Final Exam - Question and Answers

1. Many organizations use a RACI matrix to document tasks and the personnel responsible for the assignments. RACI stands for ___________, ___________, consulted, and informed.

2. Regarding user security clearances, in addition to possessing a clearance level that matches or exceeds the classification label of an object, a subject must have the ___________ for the object as well.

3. Company A has a project plan for a new product under development. The product will be one of many released in the coming year. The plan, if disclosed, might give Company A's competition a market advantage. Which ISO 27002 classification level is most likely assigned to this document?

4. What is meant by business drivers?

5. Of the following, what is the best method of reducing the success of fingerprinting attacks on computers?

6. What is meant by Type II authentication?

7. I. General object access permissions

II. Shared object access permissions

III. Private object access permissions

IV. Printer permissions

V. Audit logging settings

VI. Authentication requirements

VII. User rights

All of the above are:

8. Which of the following is NOT a form of authentication?

9. The hardware devices that connect other devices and computers using connection media are known as:

10. What is meant by networking services software?

11. This network device gives you the ability to aggressively control how users and applications use your local area networks.

12. The hardware that provides one or more services to users, such as server computers, printers, and network storage devices, are known as:

13. In a penetration test, after the testers have all of the available information on operating systems and running software and services, the next step is to explore known vulnerabilities in the target's environment. This is:

14. Which of the following best describes footprinting?

15. Which of the following best describes a single point of failure?

16. What is meant by wide area network (WAN) optimizer?

17. Although __________ are not optimal for high bandwidth, large-volume network transfers, they work very well in most environments where you need to maintain connections between several other networks.

18. Which of the following WAN-related items is NOT under the control of a typical WAN customer?

19. You want to configure devices to send an alert to the network manager when remote users connect to your network. Which protocol is the best choice for monitoring network devices?

20. Why should you verify that all data flowing through your virtual private network (VPN) is encrypted?

21. Which of the following is primarily a corrective control in the Remote Access Domain?

22. Because much of an organization's sensitive data resides in one or more databases in the System/Application Domain, it is important to place barriers between sensitive data and other entities.  This control would be:

23. Which of the following best describes a subnet?

24. Software that can measure end-user response time for application software server requests as well as end-user traffic volume is:

25. Which of the following best describes Common Body of Knowledge (CBK)?