CSIS 340 Midterm Exam - Questions and Answers- Graded A

CSIS 340 Midterm Exam • Question 1 Many of the business benefits of Internet access over mobile devices include which of the following? • Question 2 Which of the following attempts to identify where sensitive data is currently stored? • Question 3 is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT • Question 4 • Question 5 Where is a DMZ usually located? • Question 6 Monitoring should detect which of the following? • Question 7 Which type of control is associated with responding to and fixing a security incident? • Question 8 PCI DSS provides highly specific technology requirements for handling data. • Question 9 When should a wireless security policy be initially written? • Question 10 How is risk reduced in the LAN-to-WAN domain? • Question 11 The key to determining if a business will implement any policy is? • Question 12 conduct periodic risk-based reviews of information resources security policies and procedures. • Question 13 Which of the following are control objectives for PCI DSS? • Question 14 is the concept that only the data needed for the transaction should be collected. • Question 15 Security personnel need to be aware of policy and standards change requirements. Business drivers for policy and standards changes may include ? • Question 16 A is a term that refers to a network that limits what and how computers are able to talk to each other. • Question 17 Within the user domain, some of the ways in which risk can be mitigated include: awareness, enforcement, and . • Question 18 The basic elements of motivation include pride, success, and . • Question 19 Security are the technical implementations of the policies defined by the organization. • Question 20 Devices and objects with built in are connected to an Internet of Things platform, which integrates data from the different devices and applies analytics to share the most valuable information with applications built to address specific needs. • Question 21 What term relates to the number of layers and number of direct reports found in an organization? • Question 22 The Risk IT framework process model is built on which three domains? • Question 23 Overcoming the effects of apathy on security policies includes . • Question 24 Policies are the key to repeatable behavior. To achieve repeatable behavior, you must measure both and . • Question 25 Which of the following is not a key area of improvement noted after COBIT implementation? • Question 26 Which of the following is the best measure of success for a security policy? • Question 27 Generally, remote authentication provides which of the following? • Question 28 Which of the following is a generally accepted and widely used policy framework? • Question 29 Policies and procedures differ, because policies are and procedures are . • Question 30 What is an information security policy? • Question 31 When building a policy framework, which of the following information systems factors should be considered? • Question 32 The Seven Domains of a typical IT infrastructure include? • Question 33 Which of the following is not a type of security control? • Question 34 The shifts responsibility to the owner to operate a system when certification and accreditation is achieved. • Question 35 In a workstation domain, you can reduce risk by . • Question 36 Which personality type often breaks through barriers that previously prevented success? • Question 37 To achieve repeatable behavior of policies, you must measure both and . • Question 38 Which of the following laws require proper security controls for handling privacy data? • Question 39 The Sarbanes-Oxley Act was passed by the U.S. Senate in 2002 to require that companies maintain ? • Question 40 is a promise not to disclose to any third party information covered by the agreement. • Question 41 Using the steps in Kotter’s Eight-Step Change Model, what are the roles and responsibilities involved in the change process? • Question 42 Implementation and enforcement of policies is a challenge. The biggest hindrance to implementation of policies is the factor. • Question 43 The principle recommended for industry best practice, is written in order to consider everyone affected, including technical, administrative, organizational, operational, commercial, educational, and legal personnel. • Question 44 is the ability to reasonably ensure conformity and adherence to both internal and external policies, standards, procedures, laws, and regulations? • Question 45 What is policy compliance? • Question 46 Among other things, security awareness programs must emphasize value, culture, and • Question 47 The principle recommended for industry best practice, is written in order to inform owners, providers, and users of information systems, and other parties of the existence and general context of policies, responsibilities, practices, procedures, and organization for security of information systems. • Question 48 Which of the following is the first step in establishing an information security program? • Question 49 Information used to open or access a bank account is generally considered? • Question 50 Good security policies mitigate risk through?