CIS 349 Week 5 Midterm Exam with Answers

CIS 349 Midterm Exam Answers

1. This is an assessment method that attempts to bypass controls and gain access to a specific system by simulating the actions of a would-be attacker.

2. ________ seeks to better run an organization using complete and accurate information and management processes or controls.

3. What term is given to the practice of mitigating risks through controls?

4. What is the Public Company Accounting Oversight Board (PCAOB)?

5. What is the name of the process, based on Department of Defense (DoD) methodologies, for auditing federal systems before putting them in a production environment?

6. Which law requires technology in place that blocks or filters Internet access that is either obscene, harmful to minors, or represents child pornography?

7. Who or what is usually the weakest link in a security "chain"?

8. Regarding privacy, what is a common characteristic of "personal information"?

9. What term describes the identification, control, logging, and auditing of all changes made across the infrastructure?

10. Which of the following best describes a prescriptive IT control?

11. Of the following frameworks available from ISACA, which one governs IT investments?

12. The COSO framework identifies eight interrelated parts in connection with the management processes of an organization. These include Internal Environment, which is:

13. ISO/IEC 27000 is a series of standards and related terms that provides guidance on matters of information security. This includes implementing, designing, and auditing an Information Security Management System (ISMS). These standards were established by the International Organization for Standardization (ISO) in conjunction with:

14. The _____________ includes all the auditable resources or auditable components within an organization.

15. Whereas COBIT provides a framework of controls to minimize risk, ___________ provides a framework for assessing risk.

16. When analyzing threats, which of the following would be classified a low threat?

17. I. Aligning risk appetite and strategy, II. Enhancing risk response decisions, III. Reducing operational surprises and losses, IV. Identifying and managing multiple and cross-enterprise risks

The above are all key components of:

18. A large data intelligence company has storage technology at multiple sites that store redundant data from its servers at the main office. Which of the following risk management strategies has primarily been implemented?

19. ______ are alternative measures put in place to mitigate a risk in lieu of implementing a control requirement or best practice.

20. There are different approaches to identifying security weaknesses within an organization. A __________ provides an automated method for discovering host systems on a network. Although it doesn't necessarily discover all weaknesses, it does determine which systems are active on the network and what services they offer or what ports are available.

21. NIST breaks a security assessment down across three different types of primary techniques.  _________ passively examine components across the domains of an IT infrastructure, which has minimal impact to the systems.

22. During an IT audit, the auditor finds that unused personal information is being held in archives past its scheduled destruction date. Which privacy principle is most affected?

23. During an IT audit, the auditor finds that individuals cannot obtain the company's privacy policies. Which privacy principle is most affected?

24. Company A sells legitimately collected customer profile information but transmits it to clients over an unencrypted connection. Which privacy principle is most affected?

25. The criteria, circumstance, cause, and impact are all included in a(n) ______________.