MISY 5325 MIDTERM EXAM QUESTIONS WITH 100% CORRECT
ANSWERS | VERIFIED | LATEST UPDATE
True or False? The Payment Card Industry Data Security Standard (PCI DSS) is a process that must be
completed by the time a creditor issues a card to a consumer. - CORRECT ANSWERS-FALSE
True or False? The potential impact of any risk can be calculated precisely. - CORRECT ANSWERS-FALSE
True or False? The primary devices in the LAN-to-WAN Domain of a typical IT infrastructure are firewalls.
- CORRECT ANSWERS-TRUE
True or False? The primary mission of the United States Computer Emergency Readiness Team (US-CERT)
is to provide response support and defense against cyberattacks. - CORRECT ANSWERS-TRUE
True or False? The principle of proportionality ensures that no single person controls all the functions of
a critical process. - CORRECT ANSWERS-FALSE
True or False? The project manager is responsible for the overall success of the risk management plan. -
CORRECT ANSWERS-TRUE
True or False? The purpose of the Payment Card Industry Data Security Standard (PCI DSS) is to regulate
creditors. - CORRECT ANSWERS-FALSE
_________ is the process of creating a list of threats. - CORRECT ANSWERS-Threat identification
__________ damage for the sake of doing damage, and they often choose targets of opportunity. -
CORRECT ANSWERS-Vandals
____________ assessments are objective, while ___________ assessments are subjective. - CORRECT
ANSWERS-Quantitative, qualitative
,_____________ is the likelihood that a threat will exploit a vulnerability. - CORRECT ANSWERS-
Probability
A __________ is a computer joined to a botnet. - CORRECT ANSWERS-zombie
A ___________ plan can help ensure that mission-critical systems continue to function after a disaster. -
CORRECT ANSWERS-business continuity
A ___________ plan can help you identify steps needed to restore a failed system. - CORRECT
ANSWERS-disaster recovery
A _____________ policy governs how patches are understood, tested, and rolled out to systems and
clients. - CORRECT ANSWERS-patch management
A business impact analysis (BIA) is an important part of a _____________, and it can also be part of a
__________. - CORRECT ANSWERS-business continuity plan, disaster recovery plan
A new company does not have a lot of revenue for the first year. Installing antivirus software for all the
company's computers would be very costly, so the owners decide to forgo purchasing antivirus software
for the first year of the business. In what domain of a typical IT infrastructure is a vulnerability created? -
CORRECT ANSWERS-Workstation Domain
A technician in a large corporation fixes a printer that was not receiving an IP address automatically by
manually assigning it an address. The address was assigned to a server that was offline and being
upgraded. When the server was brought online, it was no longer accessible. How could this problem
have been avoided? - CORRECT ANSWERS-Through change management
A warm site is: - CORRECT ANSWERS-a compromise between a hot site and a cold site.
A_____ is a computer joined to a botnet - CORRECT ANSWERS-zombie
, A______policy governs how patches are understood ,tested ,and rolled out to systems and clients. -
CORRECT ANSWERS-patch management
A(n) _________ is the likelihood that something unexpected is going to occur. - CORRECT ANSWERS-
risk
A(n) _________ provides secure access to a private network over a public network such as the Internet. -
CORRECT ANSWERS-virtual private network (VPN)
A(n) _____________ is a process used to determine how to manage risk. - CORRECT ANSWERS-cost-
benefit analysis (CBA)
A(n) ___________________ is performed to identify and evaluate risks. - CORRECT ANSWERS-risk
assessment
According to the World Intellectual Property Organization (WIPO), the two categories of intellectual
property (IP) are _______________ and _______________. - CORRECT ANSWERS-industrial property,
copyright
Aditya is assessing the value of IT systems. His company sells sporting goods online. One factor of his
evaluation is the required availability of each system. Some systems must be available 24/7, while others
must be available during regular business hours Monday through Friday. Which of the following would
have the highest availability requirements? - CORRECT ANSWERS-E-commerce website server
Alice is an aspiring hacker. She wants to get information on computer and network vulnerabilities and
ways to exploit applications. Which of the following is the best source? - CORRECT ANSWERS-Dark
web
All of following are examples of hardware assets, except: - CORRECT ANSWERS-operating system.
All of the following are reasons why configuration management is an important risk management
process, except: - CORRECT ANSWERS-it reduces unintended outages.
ANSWERS | VERIFIED | LATEST UPDATE
True or False? The Payment Card Industry Data Security Standard (PCI DSS) is a process that must be
completed by the time a creditor issues a card to a consumer. - CORRECT ANSWERS-FALSE
True or False? The potential impact of any risk can be calculated precisely. - CORRECT ANSWERS-FALSE
True or False? The primary devices in the LAN-to-WAN Domain of a typical IT infrastructure are firewalls.
- CORRECT ANSWERS-TRUE
True or False? The primary mission of the United States Computer Emergency Readiness Team (US-CERT)
is to provide response support and defense against cyberattacks. - CORRECT ANSWERS-TRUE
True or False? The principle of proportionality ensures that no single person controls all the functions of
a critical process. - CORRECT ANSWERS-FALSE
True or False? The project manager is responsible for the overall success of the risk management plan. -
CORRECT ANSWERS-TRUE
True or False? The purpose of the Payment Card Industry Data Security Standard (PCI DSS) is to regulate
creditors. - CORRECT ANSWERS-FALSE
_________ is the process of creating a list of threats. - CORRECT ANSWERS-Threat identification
__________ damage for the sake of doing damage, and they often choose targets of opportunity. -
CORRECT ANSWERS-Vandals
____________ assessments are objective, while ___________ assessments are subjective. - CORRECT
ANSWERS-Quantitative, qualitative
,_____________ is the likelihood that a threat will exploit a vulnerability. - CORRECT ANSWERS-
Probability
A __________ is a computer joined to a botnet. - CORRECT ANSWERS-zombie
A ___________ plan can help ensure that mission-critical systems continue to function after a disaster. -
CORRECT ANSWERS-business continuity
A ___________ plan can help you identify steps needed to restore a failed system. - CORRECT
ANSWERS-disaster recovery
A _____________ policy governs how patches are understood, tested, and rolled out to systems and
clients. - CORRECT ANSWERS-patch management
A business impact analysis (BIA) is an important part of a _____________, and it can also be part of a
__________. - CORRECT ANSWERS-business continuity plan, disaster recovery plan
A new company does not have a lot of revenue for the first year. Installing antivirus software for all the
company's computers would be very costly, so the owners decide to forgo purchasing antivirus software
for the first year of the business. In what domain of a typical IT infrastructure is a vulnerability created? -
CORRECT ANSWERS-Workstation Domain
A technician in a large corporation fixes a printer that was not receiving an IP address automatically by
manually assigning it an address. The address was assigned to a server that was offline and being
upgraded. When the server was brought online, it was no longer accessible. How could this problem
have been avoided? - CORRECT ANSWERS-Through change management
A warm site is: - CORRECT ANSWERS-a compromise between a hot site and a cold site.
A_____ is a computer joined to a botnet - CORRECT ANSWERS-zombie
, A______policy governs how patches are understood ,tested ,and rolled out to systems and clients. -
CORRECT ANSWERS-patch management
A(n) _________ is the likelihood that something unexpected is going to occur. - CORRECT ANSWERS-
risk
A(n) _________ provides secure access to a private network over a public network such as the Internet. -
CORRECT ANSWERS-virtual private network (VPN)
A(n) _____________ is a process used to determine how to manage risk. - CORRECT ANSWERS-cost-
benefit analysis (CBA)
A(n) ___________________ is performed to identify and evaluate risks. - CORRECT ANSWERS-risk
assessment
According to the World Intellectual Property Organization (WIPO), the two categories of intellectual
property (IP) are _______________ and _______________. - CORRECT ANSWERS-industrial property,
copyright
Aditya is assessing the value of IT systems. His company sells sporting goods online. One factor of his
evaluation is the required availability of each system. Some systems must be available 24/7, while others
must be available during regular business hours Monday through Friday. Which of the following would
have the highest availability requirements? - CORRECT ANSWERS-E-commerce website server
Alice is an aspiring hacker. She wants to get information on computer and network vulnerabilities and
ways to exploit applications. Which of the following is the best source? - CORRECT ANSWERS-Dark
web
All of following are examples of hardware assets, except: - CORRECT ANSWERS-operating system.
All of the following are reasons why configuration management is an important risk management
process, except: - CORRECT ANSWERS-it reduces unintended outages.
