Policy & Procedure CSIS 340 Test Questions with Correct Answers Latest Update 2025-2026
When writing a ____________________ one could state how often a supplier will provide a service
or how quickly a firm will respond. For managed services, this document often covers system
availability and acceptable performance measures. - Answers service level agreement
In order to move data from an unsecure WAN to a secure LAN, you typically begin by
segmenting a piece of your LAN into a _________________________, which sits on the outside of
your private network facing the public Internet. Servers in this area provide public-facing access
to the organization, such as public Web sites. - Answers demilitarized zone (DMZ)
A(n) ___________________is a confirmed event that compromises the confidentiality, integrity, or
availability of information. - Answers breach
The key to security policy is being able to measure compliance against a set of controls.
Security controls define ___________you protect the information. The security policies should
define ___________you set the goal. - Answers how, why
___________________________are formal written policies describing employee behavior when using
company computer and network systems. - Answers Acceptable use policies
Which of the following is not one of the "five pillars of the IA model" - Answers Assurance
Federal and state governments in the United States establish laws that define how to control,
handle, share, and process the sensitive information that the new economy relies on.
___________________are then added to these laws, which are typically written by civil servants to
implement the authority of the law. - Answers Regulations
As a result of a U.S. Supreme Court ruling challenging the restriction of access to information in
libraries, the ________________ was declared constitutional. However, the courts do require
schools and libraries to unblock sites when requested by an adult. - Answers Children's Internet
Protection Act (CIPA)
Privacy regulations involve two important principles. _____________________ gives the consumer
an understanding of what and how data is collected and used. ________________________ provides
a standard for handling consumer information. - Answers Full disclosure, Data encryption
______________________ can run on a workstation or server and is at the heart of all business
applications. - Answers Application software
Generally, regardless of threat or vulnerability, there will ____________ be a chance a threat can
exploit a vulnerability. - Answers always
The SOX act created the ______________________, which sets accounting and auditing standards. -
Answers Public Company Accounting Oversight Board (PCAOB)
, Of the types of U.S. compliance laws, there are a number of laws that are designed to provide
confidence in the markets. _______________ are the beneficiaries of these laws. - Answers
Shareholders
A security awareness program gains credibility when the business sees a reduction of risk, and
there are multiple benefits that come with a security awareness program that emphasizes the
business risk. Which of the following is not one of the benefits? - Answers relevance
If human action is required, the control is considered _______________. - Answers manual
_______________refers to an attempt to cause fear or major disruptions in a society through
hacking computers. Such attacks target government computers, major companies, or key areas
of the economy. - Answers Cyberterrorism
In recent years, ___________________ has emerged as major technology. It provides a way of
buying software, infrastructure, and platform services on someone else's network. - Answers
cloud computing
In 1999, the ___________________ is a law that came into being to repeal existing laws so that
banks, investment companies, and other financial services companies could merge. - Answers
The Gramm-Leach-Bliley Act (GLBA)
___________________ is the act of protecting information and the systems that store and process
it. - Answers Information systems security
Using switches, routers, internal firewalls, and other devices, you can restrict network traffic
with a ____________________, which limits what and how computers are able to talk to each other.
- Answers segmented network
In the ______________ principle adopted by many organizations, you gain access only to the
systems and data you need to perform your job. - Answers need to know
ISS policies ensure the consistent protection of information flowing through the entire system.
Which of the following is not one of the foundational reasons for using and enforcing security
policies? - Answers compliance controls for legal mandates
In 2013 the national retailer Target Corporation suffered a major data breach that put at risk the
financial information of an estimated 40 million customers. In 2009, the health care provider
BlueCross BlueShield of Tennessee suffered a theft of hard drives when it reported 57 hard
drives stolen. Both these cases resulted from a (n) ________________ failure. - Answers security
policy
The____________________ domain refers to any endpoint device used by end users, which is
including but not limited to mean any smart device in the end user's physical possession and
any device accessed by the end user, such as a smartphone, laptop, workstation, or mobile
When writing a ____________________ one could state how often a supplier will provide a service
or how quickly a firm will respond. For managed services, this document often covers system
availability and acceptable performance measures. - Answers service level agreement
In order to move data from an unsecure WAN to a secure LAN, you typically begin by
segmenting a piece of your LAN into a _________________________, which sits on the outside of
your private network facing the public Internet. Servers in this area provide public-facing access
to the organization, such as public Web sites. - Answers demilitarized zone (DMZ)
A(n) ___________________is a confirmed event that compromises the confidentiality, integrity, or
availability of information. - Answers breach
The key to security policy is being able to measure compliance against a set of controls.
Security controls define ___________you protect the information. The security policies should
define ___________you set the goal. - Answers how, why
___________________________are formal written policies describing employee behavior when using
company computer and network systems. - Answers Acceptable use policies
Which of the following is not one of the "five pillars of the IA model" - Answers Assurance
Federal and state governments in the United States establish laws that define how to control,
handle, share, and process the sensitive information that the new economy relies on.
___________________are then added to these laws, which are typically written by civil servants to
implement the authority of the law. - Answers Regulations
As a result of a U.S. Supreme Court ruling challenging the restriction of access to information in
libraries, the ________________ was declared constitutional. However, the courts do require
schools and libraries to unblock sites when requested by an adult. - Answers Children's Internet
Protection Act (CIPA)
Privacy regulations involve two important principles. _____________________ gives the consumer
an understanding of what and how data is collected and used. ________________________ provides
a standard for handling consumer information. - Answers Full disclosure, Data encryption
______________________ can run on a workstation or server and is at the heart of all business
applications. - Answers Application software
Generally, regardless of threat or vulnerability, there will ____________ be a chance a threat can
exploit a vulnerability. - Answers always
The SOX act created the ______________________, which sets accounting and auditing standards. -
Answers Public Company Accounting Oversight Board (PCAOB)
, Of the types of U.S. compliance laws, there are a number of laws that are designed to provide
confidence in the markets. _______________ are the beneficiaries of these laws. - Answers
Shareholders
A security awareness program gains credibility when the business sees a reduction of risk, and
there are multiple benefits that come with a security awareness program that emphasizes the
business risk. Which of the following is not one of the benefits? - Answers relevance
If human action is required, the control is considered _______________. - Answers manual
_______________refers to an attempt to cause fear or major disruptions in a society through
hacking computers. Such attacks target government computers, major companies, or key areas
of the economy. - Answers Cyberterrorism
In recent years, ___________________ has emerged as major technology. It provides a way of
buying software, infrastructure, and platform services on someone else's network. - Answers
cloud computing
In 1999, the ___________________ is a law that came into being to repeal existing laws so that
banks, investment companies, and other financial services companies could merge. - Answers
The Gramm-Leach-Bliley Act (GLBA)
___________________ is the act of protecting information and the systems that store and process
it. - Answers Information systems security
Using switches, routers, internal firewalls, and other devices, you can restrict network traffic
with a ____________________, which limits what and how computers are able to talk to each other.
- Answers segmented network
In the ______________ principle adopted by many organizations, you gain access only to the
systems and data you need to perform your job. - Answers need to know
ISS policies ensure the consistent protection of information flowing through the entire system.
Which of the following is not one of the foundational reasons for using and enforcing security
policies? - Answers compliance controls for legal mandates
In 2013 the national retailer Target Corporation suffered a major data breach that put at risk the
financial information of an estimated 40 million customers. In 2009, the health care provider
BlueCross BlueShield of Tennessee suffered a theft of hard drives when it reported 57 hard
drives stolen. Both these cases resulted from a (n) ________________ failure. - Answers security
policy
The____________________ domain refers to any endpoint device used by end users, which is
including but not limited to mean any smart device in the end user's physical possession and
any device accessed by the end user, such as a smartphone, laptop, workstation, or mobile
