saint leo com590 midterm exam

Why are formation security policies important to an organization?

They add complexity to employee functions, so it’s hard for employees to change anythg.

They make it hard to attack the organization with viruses.

They strengthen the company’s ability to protect its formation resources.

They allow controls to be relaxed or reduced.

Comments:

Question 2. Question :

Which of the followg is considered a how-to document?

Policy

Standard

Guidele

Procedure

Comments:

Question 3. Question :

The concept of “need to know” is most closely associated with which of the followg?

Confidentiality

tegrity

Availability

Authentication

Comments:

Question 4. Question :

What does COBIT stand for?

Common Objectives for formation and Technology

Common Objects for formation and Technology

Control Objects for formation Technology

Control Objectives for formation and Related Technology

Comments:

Question 5. Question :

Which of the followg is not one of the four domas of the COBIT framework for ISS management?

Plan and Organize

Support and Monitor

Acquire and Implement

Deliver and Support

Comments:

Question 6. Question :

Which of the followg types of security controls stops cidents or breaches immediately?

Preventive

Detective

ive

None of the above

Comments:

Question 7. Question :

A(n) __________ is a confirmed event that compromises the confidentiality, tegrity, or availability of formation.

risk

threat

breach

impact

Comments:

Question 8. Question :

Security controls fall to three design types: preventive, detective, and:

ive.

quantitative.

qualitative.

effective.

Comments:

Question 9. Question :

A busess __________ emerges when an organization cannot meet its obligation or duty.

liability

driver

culture

None of the above

Comments:

Question 10. Question :

A backup generator is an example of which type of security control?

Physical

Admistrative

Technical

Detective

Comments:

Question 11. Question :

Which compliance law concept states that dividuals should know what formation about them is beg collected and should be told how that formation is beg used?

Full disclosure

Limited use of personal data

formed consent

Public terest

Comments:

Question 12. Question :

A popular social networkg site recently changed its privacy policy regardg personal profiles. To prevent your profile formation from beg shared with anyone on the ternet, you must check a box requestg privacy. What is this an example of?

Opt

Opt out

Least privilege

Defense depth

Comments:

Question 13. Question :

Which law applies to educational stitutions and protects students’ records?

CIPA

FERPA

GLBA

HIPAA

Comments:

Question 14. Question :

To which sector does HIPAA apply primarily?

Communications

Fancial

Medical

None of the above

Comments:

Question 15. Question :

To which sector does the Gramm-Leach-Bliley Act apply primarily?

Communications

Fancial

Medical

None of the above

Comments:

Question 16. Question :

A policy that addresses the use of personal mobile devices, such as a smartphone, to access an ternal busess network is an issue of which IT doma?

User

Workstation

Remote Access

WAN

Comments:

Question 17. Question :

A nurse uses a wireless computer from a patient’s room to access real-time patient formation from the hospital server. Which doma does this wireless connection fall under?

User

LAN

WAN

System/Application

Comments:

Question 18. Question :

Authentication and encryption of tranet traffic is a __________ Doma issue.

System/Application

User

Workstation

LAN

Comments:

Question 19. Question :

You swipe your fger over your laptop’s fgerprt reader to unlock the computer. Which type of authentication method are you usg?

Somethg you know

Somethg you are

Somethg you have

None of the above

Comments:

Question 20. Question :

With the User Doma, some of the ways which risk can be mitigated clude awareness, enforcement, and:

people.

reward.

process.

user access.

Comments:

Question 21. Question :

Which personality type tends to be associated with good leaders?

Achiever

Pleaser

Attacker

Analytical

Comments:

Question 22. Question :

Which of the followg is not true of auditors?

Are accountable for assessg the design and effectiveness of security policies

Can be ternal or external

Report to the leaders they are auditg

Offer opions on how well the policies are beg followed and how effective they are

Comments:

Question 23. Question :

A primary reason why security policies often fail is __________.

lack of complexity

sufficient leadership support

not enough money

poor planng

Comments:

Question 24. Question :

an organization, which of the followg roles is responsible for the day-to-day matenance of data?

formation security office (ISO)

Compliance officer

Data owner

Data custodian

Comments:

Question 25. Question :

Which of the followg is not true of a hierarchical organization?

More layers than a flat organization

Centralized authorities

A necessity many large organizations

Wide span of control

Comments:

Question 26. Question :

Which part of an IT policy framework cludes the program’s purpose and mission, and the program’s scope with the organization?

Charter

Standards

Guideles

Procedures

Comments:

Question 27. Question :

The program framework policy or formation security program charter is the __________ document.

policy

capstone

project

compliance

Comments:

Question 28. Question :

__________ is the ability to reasonably ensure conformity and adherence to both ternal and external policies, standards, procedures, laws, and regulations.

Availability

Nonrepudiation

Awareness

Compliance

Comments:

Question 29. Question :

Which act was passed the wake of the collapse of Enron, Arthur Andersen, WorldCom, and several other large firms?

SOX

FERPA

CIPA

FISMA

Comments:

Question 30. Question :

Your organization was awarded a U.S. government contract. You need to ensure your organization adheres to an acceptable IT security framework. Which of the followg is the best choice?

COBIT

COSO

NIST SP 800-53

None of the above

Comments:

Question 31. Question :

Which of the followg is generally not an objective of a security policy change board?

Assess policies and recommend changes

Make and publish approved changes to policies

Coordate requests for changes

Review requested changes to the policy framework

Comments:

Question 32. Question :

Antivirus systems, cryptographic systems, and firewalls are examples of which type of security control?

Admistrative

Technical security

Physical security

None of the above

Comments:

Question 33. Question :

Before you beg security policy awareness trag, what is the first step you should take to help ensure success?

Purchase a Governance, Risk, and Compliance tool

Publish the security policy documents to a wiki

Seek management buy-

Write an article about the trag the company newsletter

Comments:

Question 34. Question :

What is the primary role of a security policy evangelist?

Promote security policy awareness and address user questions

Monitor user adherence to security policies

Conduct security policy awareness trag

Review student participation security policy awareness trag

Comments:

Question 35. Question :

Which of the followg is not a valid reason for usg a taxonomy to organize an IT policy library?

Organizes policy library

Makes it easy to see how standards, procedures, and guideles are related

Is required by all compliance laws

The name of a document dicates where it’s located the library

Comments:

Question 36. Question :

Which IT framework extends the COBIT framework and is a comprehensiverisk management approach?

ISACA Risk IT framework

COSO

ITIL

ISO 27002

Comments:

Question 37. Question :

Which security policy framework, developed by CERT, focuses on formation security assessment and planng?

COSO

COBIT

ITIL

OCTAVE

Comments:

Question 38. Question :

The core requirement of an automated IT security control library is that the formation is:

alphabetized.

searchable.

a numerical sequence.

PDF format.

?

Comments:

Question 39. Question :

the fancial services sector, the use of the “three les of defense” cludes the busess unit (BU), a risk management program, and:

separation of duties.

an AUP.

an dependent auditor.

Both B and C.

Comments:

Question 40. Question :

Your organization is adoptg several security policy frameworks. Which of the followg is best suited for processg credit cards?

COSO

PCI DSS

COBIT

ITIL

Comments:

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.