MISY 5325 MIDTERM EXAM- CYBERSECURITY MANAGEMENT QUESTIONS AND ANSWERS

MISY 5325 MIDTERM LATEST
EXAM- CYBERSECURITY
MANAGEMENT
Which of the following is not something to consider when determining
the value of an asset?


A. Departmental ownership
B. System functions
C. Personnel assets
D. Facilities and supplies - ANSWERS-Departmental ownership


Which of the following is not true of a qualitative risk assessment? -
ANSWERS-It provides a cost-benefit analysis (CBA)


Which of the following is not true of a quantitative risk assessment? -
ANSWERS-It uses relative terms such as high, medium, and low.


Which of the following is not true of big Data? - ANSWERS-Data in a
warehouse is frequently modified.




END OF
PAGE
1

, MISY 5325 MIDTERM LATEST
EXAM- CYBERSECURITY
MANAGEMENT
Which of the following is not true of data and information assets? -
ANSWERS-Data classified at different levels, such as public and
private, receives the same levels of protection.


Which of the following is not true of state attorneys general (AGs)? -
ANSWERS-They are appointed by the Department of Homeland
Security.


Which of the following is often the weakest link in IT security? -
ANSWERS-People


Which of the following is the most accurate statement with respect to
creating a risk management plan? - ANSWERS-A risk management plan
can help ensure your business is in compliance with important
regulations.


Which of the following statement is true? - ANSWERS-Exploited
vulnerabilities result in loses.




END OF
PAGE
2

, MISY 5325 MIDTERM LATEST
EXAM- CYBERSECURITY
MANAGEMENT
Which of the following statements is not true of cost-benefit analysis? -
ANSWERS-A control always eliminates the loss.


Which of the following vulberabilites result in losses - ANSWERS-
Exploited vulnerabilities result in loses.


Why should the people on the risk assessment team be different from the
people responsible for correcting deficiencies? - ANSWERS-To avoid
conflicts of interest


You are a top-level executive at your own company. You are worried
that your employees may steal confidential data by downloading data
onto thumb drives. What is the best way to prevent this from happening?
- ANSWERS-Create and enforce a written company policy against the
use of thumb drives and install a technical control on the computers to
prevent the use of thumb drives.


You are creating objectives for your risk management plan. What do you
not include at this stage? - ANSWERS-Plan of Actions and Milestones
(POAM)

END OF
PAGE
3

, MISY 5325 MIDTERM LATEST
EXAM- CYBERSECURITY
MANAGEMENT

You book a hotel online, and the registration process is clear and
streamlined. This is an example of a(n) ______________ process that
has _______________. - ANSWERS-automated, high value to
customers


_______ are acts that are hostile to an organization. - ANSWERS-
Intentional threats


________ help(s) prevent a hard drive from being a single point of
failure.
__________ help(s) prevent a server from being a single point of failure.
_________ help(s) prevent a person from being a single point of failure.
- ANSWERS-RAID, Failover clusters, Cross-training


_________ is the process of creating a list of threats. - ANSWERS-
Threat identification


__________ damage for the sake of doing damage, and they often
choose targets of opportunity.
END OF
PAGE
4