Test Bank for
Systems Analysis and Design 13th
Edition By Scott Tilley
(All Chapters 1-13, 100% Original
Verified, A+ Grade)
All Chapters Arranged Reverse: 13-1
This is the Original Test bank for 13th
Edition, All Other Files in the Market
are Wrong/Old Questions.
,Ch 13 Managing Systems Security
1. Vulnerability assessment tools and techniques are crucial for identifying security threats and vulnerabilities. It
is equally important to establish a vulnerability management program. What are some of the security measures
in that program? Choose all that apply.
a. conflict resolution
b. regular assessments
c. timely patching
d. continuous monitoring
ANSWER: b, c, d
RATIONALE: Establishing a vulnerability management program includes regular
assessments, timely patching of software vulnerabilities, and continuous
monitoring for suspicious activities.
POINTS: 1
QUESTION T Multiple Response
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Remember/Understand
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
2. Which of the following guidelines are blueprints that organizations can adopt and adapt to fit their specific
security needs and objectives? Choose all that apply.
a. ISO/IEC 27000 series
b. ISO/IEC 28000 series
c. NIST Cybersecurity Framework
d. PCI DSS
ANSWER: a, c, d
RATIONALE: Guidelines, such as the ISO/IEC 27000 series, NIST Cybersecurity
Framework, and PCI DSS, are blueprints that organizations can adopt and
adapt to fit their specific security needs and objectives. By adhering to these
established frameworks and standards, organizations can ensure that their
system security is aligned with best practices and industry benchmarks,
facilitating a more systematic and successful approach to security
management.
POINTS: 1
QUESTION T Multiple Response
YPE:
HAS VARIAB False
LES:
. Page 1
,Ch 13 Managing Systems Security
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Remember/Understand
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
3. The legal implications of system security are vast, encompassing a range of obligations that organizations
must fulfill to protect sensitive data and ensure privacy. Which regulations mandate strict controls over handling
personal and sensitive information? Choose all that apply.
a. FTC
b. GDPR
c. Sarbanes-Oxley (SOX)
d. HIPAA
ANSWER: b, d
RATIONALE: Regulations such as General Data Protection Regulation (GDPR) in the
European Union, the Health Insurance Portability and Accountability Act
(HIPAA) in the United States, and various other data protection laws
mandate strict controls over the handling of personal and sensitive
information. Noncompliance with these legal requirements can result in
hefty fines, legal actions, and other sanctions that can impact an
organization's financial health and viability.
POINTS: 1
QUESTION T Multiple Response
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Apply
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
4. Jonathan is an employee at a major aerospace company. Due to the nature of the company's work, they have
very strict security policies and procedures in place. When Jonathan started, he was given an employee
handbook that described workplace conduct, employee benefits, and disciplinary procedures; an IT Security
Policy Manual that covers the guidelines and procedures for safeguarding the company's information
technology infrastructure and data; and finally, an acceptable use policy that outlined how an employee can use
company resources. Jonathan was caught shopping online at his workstation using a company computer during
business hours. This action was considered a violation. What policy was probably violated?
. Page 2
, Ch 13 Managing Systems Security
a. acceptable use policy
b. IT security policy
c. employee handbook
policy
d. compliance policy
ANSWER: a
RATIONALE: Jonathan violated the acceptable use policy. He was shopping online at his
workstation during business hours, and an acceptable use policy outlines
how an employee may use company resources. Internet access is a company
resource.
POINTS: 1
QUESTION T Multiple Choice
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Analyze/Create/Evaluate
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
5. Which type of attack floods a server with excessive requests to overload and incapacitate it?
a. SQL injection
b. ransomware attack
c. denial-of-service attack
(DoS)
d. mail bombing
ANSWER: c
RATIONALE: A DoS attack floods a server with excessive requests to overload and
incapacitate it. The goal of a DoS attack is to exhaust the resources of the
target, such as bandwidth, processing power, or memory, making it
unavailable to legitimate users.
POINTS: 1
QUESTION T Multiple Choice
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.2 - Identify different attacker profiles and their motivations.
BJECTIVES:
TOPICS: Understanding and Mitigating Attacks
KEYWORDS: Bloom's: Remember/Understand
. Page 3
Systems Analysis and Design 13th
Edition By Scott Tilley
(All Chapters 1-13, 100% Original
Verified, A+ Grade)
All Chapters Arranged Reverse: 13-1
This is the Original Test bank for 13th
Edition, All Other Files in the Market
are Wrong/Old Questions.
,Ch 13 Managing Systems Security
1. Vulnerability assessment tools and techniques are crucial for identifying security threats and vulnerabilities. It
is equally important to establish a vulnerability management program. What are some of the security measures
in that program? Choose all that apply.
a. conflict resolution
b. regular assessments
c. timely patching
d. continuous monitoring
ANSWER: b, c, d
RATIONALE: Establishing a vulnerability management program includes regular
assessments, timely patching of software vulnerabilities, and continuous
monitoring for suspicious activities.
POINTS: 1
QUESTION T Multiple Response
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Remember/Understand
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
2. Which of the following guidelines are blueprints that organizations can adopt and adapt to fit their specific
security needs and objectives? Choose all that apply.
a. ISO/IEC 27000 series
b. ISO/IEC 28000 series
c. NIST Cybersecurity Framework
d. PCI DSS
ANSWER: a, c, d
RATIONALE: Guidelines, such as the ISO/IEC 27000 series, NIST Cybersecurity
Framework, and PCI DSS, are blueprints that organizations can adopt and
adapt to fit their specific security needs and objectives. By adhering to these
established frameworks and standards, organizations can ensure that their
system security is aligned with best practices and industry benchmarks,
facilitating a more systematic and successful approach to security
management.
POINTS: 1
QUESTION T Multiple Response
YPE:
HAS VARIAB False
LES:
. Page 1
,Ch 13 Managing Systems Security
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Remember/Understand
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
3. The legal implications of system security are vast, encompassing a range of obligations that organizations
must fulfill to protect sensitive data and ensure privacy. Which regulations mandate strict controls over handling
personal and sensitive information? Choose all that apply.
a. FTC
b. GDPR
c. Sarbanes-Oxley (SOX)
d. HIPAA
ANSWER: b, d
RATIONALE: Regulations such as General Data Protection Regulation (GDPR) in the
European Union, the Health Insurance Portability and Accountability Act
(HIPAA) in the United States, and various other data protection laws
mandate strict controls over the handling of personal and sensitive
information. Noncompliance with these legal requirements can result in
hefty fines, legal actions, and other sanctions that can impact an
organization's financial health and viability.
POINTS: 1
QUESTION T Multiple Response
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Apply
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
4. Jonathan is an employee at a major aerospace company. Due to the nature of the company's work, they have
very strict security policies and procedures in place. When Jonathan started, he was given an employee
handbook that described workplace conduct, employee benefits, and disciplinary procedures; an IT Security
Policy Manual that covers the guidelines and procedures for safeguarding the company's information
technology infrastructure and data; and finally, an acceptable use policy that outlined how an employee can use
company resources. Jonathan was caught shopping online at his workstation using a company computer during
business hours. This action was considered a violation. What policy was probably violated?
. Page 2
, Ch 13 Managing Systems Security
a. acceptable use policy
b. IT security policy
c. employee handbook
policy
d. compliance policy
ANSWER: a
RATIONALE: Jonathan violated the acceptable use policy. He was shopping online at his
workstation during business hours, and an acceptable use policy outlines
how an employee may use company resources. Internet access is a company
resource.
POINTS: 1
QUESTION T Multiple Choice
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.1 - Define key system security concepts.
BJECTIVES:
TOPICS: System Security
KEYWORDS: Bloom's: Analyze/Create/Evaluate
DATE CREAT 6/18/2024 1:10 PM
ED:
DATE MODI 6/18/2024 1:10 PM
FIED:
5. Which type of attack floods a server with excessive requests to overload and incapacitate it?
a. SQL injection
b. ransomware attack
c. denial-of-service attack
(DoS)
d. mail bombing
ANSWER: c
RATIONALE: A DoS attack floods a server with excessive requests to overload and
incapacitate it. The goal of a DoS attack is to exhaust the resources of the
target, such as bandwidth, processing power, or memory, making it
unavailable to legitimate users.
POINTS: 1
QUESTION T Multiple Choice
YPE:
HAS VARIAB False
LES:
LEARNING O Tilley.SAD13e.25.13.2 - Identify different attacker profiles and their motivations.
BJECTIVES:
TOPICS: Understanding and Mitigating Attacks
KEYWORDS: Bloom's: Remember/Understand
. Page 3
