CSIS 340 Final Exam LUO

CSIS 340 Final Exam

1. The _____ domain connects an organizations private network to the Internet?

2. To promote cultural change, the goal should be to make security policies _____?

3. Without _____ sponsorship, users will be less likely to eagerly participate in awareness training.

4. What needs do organizations have to classify data?

5. The Security Compliance Committee _____?

6. Web Services policies would be an example of _____ domain.

7. Production data should be _____ before being used in a test environment?

8. Which of the following includes guidelines under the LAN domain policies?

9. Which of the following is a common cause of security breaches?

10. What is a strong indicator that awareness training is not effective?

11. Baseline standards for the LAN domain would include _____.

12. Which of the following is not an organizational challenge when implementing security policies?

13. The ______________  model was the first model developed to address the concerns of integrity. Originally published in 1977

14. _____ occurs when you manipulate or trick a person into weakening the security of an organization?

15. Data in transit refers to what type of data?

16. Simple security policy awareness requires that _____ report suspicious activity?

17. A business impact analysis requires an impact report, component reliance, and a _____.

18. _____ techniques can provide a security baseline for full operating systems and applications?

19. A _____ standard describes the requirements for obtaining a domain name for use by external parties?

20. A(n) _____ has an easier time bypassing security controls and hiding his or her tracks by deleting or altering logs and time stamps.

21. _____ typically have the technical skills to make critical recommendation on how to stop an attack.

22. Why should a security policy implementation be flexible to allow for updates?

23. Two-factor authentication is a typical control used by employees to remotely access which of the following?

24. It is necessary to retain data for what major reasons?

25. A _____ is the first step in building a business continuity plan (BCP) to minimize losses.

26. Security policy enforcement can include _____?

27. _____ protects data at rest from all type of breaches.

28. Once security policies are established, line management must _____ ?

29. Outdated application controls place a greater reliance on _____?

30. The following documents help capture domain security control requirements?

31. The  ________________ model uses mandatory access control to enforce the DoD multilevel security policy.

32. Generally, an Acceptable Use Policy should outline _____?

33. A _____ is a specialized group of people whose purpose is to respond to major incidents.

34. Which of the following should be in an information response team charter?

35. A(n) ______ ensures workers are conscious of security risks and how to deal with unexpected risk.

36. Without a policy that leads to controls that restrict employees from installing their own software on a company workstation, a company could suffer which of the following consequences?

37. Good reasons to monitor worker’s computer activities are when ______?

38. A _____ is a common control that is used across a significant population of systems?

39. Employer response to an employee posting company passwords on their social network site should include _____?

40. Security experts consider _____ the weakest link in security.

41. A malicious _____ attack uses viruses, worms, Trojan horses, and scripts to gain access to systems, applications, and data.

42. You can use a _____ process to grant temporary elevated rights.

43. The following organization has offered reliable security policies in the past to help organizations develop proper infrastructure policies.

44. _____ are especially useful for identifying unauthorized changes.

45. The Risk Management Continuous Improvement Model includes _____?

46. The signs of an incident can be _____?

47. _____ determines how quickly a business process should be recovered.

48. A privileged-level access agreement (PAA) is designed to heighten the awareness and accountability of?

49. ______ software is capable of capturing usernames, passwords, and websites visited on a local workstation?

50. A _____ can identify hosts on a network and determine services running on the hosts.