MISY 5325 CYBERSECURITY MANAGEMENT MIDTERM EXAM NEWEST EXAM QUESTIONS AND CORRECT DETAILED ANSWERS LATEST UPDATES (VERIFIED ANSWERS) ALREADY GRADED A+

MISY 5325 CYBERSECURITY MANAGEMENT MIDTERM
EXAM NEWEST EXAM QUESTIONS AND CORRECT
DETAILED ANSWERS LATEST UPDATES 2025-2026
(VERIFIED ANSWERS) ALREADY GRADED A+



When compliance is mandated by law, companies often participate in _______,
which provide third-party verification that requirements are being met.
ANSWER-external audits


Carl is a security professional preparing to perform a risk assessment on database
servers. He is reviewing the findings of a previous risk assessment. He is trying to
determine which controls should be in place but were not implemented. Which of
the following is typically found in a risk assessment report and would address
Carl's needs? ANSWER-Current status of accepted recommendations


Carl is a security specialist. He is updating the organization's hardware inventory
in the asset management system. Which of the following would be least helpful to
record? ANSWER-A competitor's product


Companies use risk assessment strategies to differentiate ___________ from
_________. ANSWER-severe risks, minor risks


Email addresses or domains ______________ are automatically marked as spam.
ANSWER-on a blacklist

,_______ are acts that are hostile to an organization.
ANSWER-Intentional threats


________ help(s) prevent a hard drive from being a single point of failure.
__________ help(s) prevent a server from being a single point of failure.
_________ help(s) prevent a person from being a single point of failure.
ANSWER-RAID, Failover clusters, Cross-training



_________ is the process of creating a list of threats.
ANSWER-Threat identification


__________ damage for the sake of doing damage, and they often choose targets
of opportunity.

A. Vandals
B. Saboteurs
C. Advanced persistent threats (APTs)
D. Disgruntled employees
Vandals


____________ assessments are objective, while ___________ assessments are
subjective.
ANSWER-Quantitative, qualitative


_____________ is the likelihood that a threat will exploit a vulnerability.
ANSWER-Probability


A __________ is a computer joined to a botnet.
ANSWER-zombie

, A ___________ plan can help ensure that mission-critical systems continue to
function after a disaster. ANSWER-business continuity


A ___________ plan can help you identify steps needed to restore a failed
system. ANSWER-disaster recovery


A _____________ policy governs how patches are understood, tested, and rolled
out to systems and clients. ANSWER-patch management


A business impact analysis (BIA) is an important part of a _____________, and it
can also be part of a __________.
ANSWER-business continuity plan, disaster recovery plan


A new company does not have a lot of revenue for the first year. Installing
antivirus software for all the company's computers would be very costly, so the
owners decide to forgo purchasing antivirus software for the first year of the
business. In what domain of a typical IT infrastructure is a vulnerability created?
ANSWER-Workstation Domain



A technician in a large corporation fixes a printer that was not receiving an IP
address automatically by manually assigning it an address. The address was
assigned to a server that was offline and being upgraded. When the server was
brought online, it was no longer accessible. How could this problem have been
avoided?
ANSWER-Through change management


A warm site is:
ANSWER-a compromise between a hot site and a cold site.