MISY 5325 FINAL EXAM QUESTIONS
WITH 100% CORRECT ANSWERS L
LATEST VERSION 2025/2026.
Procedures, policies - ANS __________ provide the detailed steps needed to carry out
___________.
right, permission - ANS A __________ grants the authority to perform an action on a system.
A __________ grants access to a resource.
security plan - ANS A business continuity plan (BCP) is an example of a(n):
a packet analyzer - ANS A hacker wants to launch an attack on an organization. The hacker
uses a tool to capture data sent over the network in cleartext, hoping to gather information that
will help make the attack successful. What tool is the hacker using?
assessments - ANS A threat is any activity that represents a possible danger, which includes
any circumstances or events with the potential to cause an adverse impact on all of the
following, except:
exploit - ANS A(n) ____________ assessment attempts to identify vulnerabilities that can be
exploited.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Social engineering - ANS An access control such as a firewall or intrusion prevention system
cannot protect against which of the following?
input validation - ANS Another term for data range and reasonableness checks is:
procedural controls. - ANS Background checks, software testing, and awareness training are
all categories of:
Public key infrastructure (PKI) - ANS Bill is a security professional. He is in a meeting with co-
workers and describes a system that will make web sessions more secure. He says when a user
connects to the web server and starts a secure session, the server sends a certificate to the user.
The certificate includes a public key. The user can encrypt data with the public key and send it to
the server. Because the server holds the private key, it can decrypt the data. Because no other
entity has the private key, no one else can decrypt the data. What is Bill describing?
Insurance - ANS Bonding is a type of __________ that covers against losses by theft, fraud, or
dishonesty.
Vulnerability × Threat . - ANS Complete the equation for the relationship between risk,
vulnerabilities, and threats: Risk equals:
Software Development - ANS Functionality testing is primarily used with:
Before writing an application or deploying a system - ANS Ideally, when should you perform
threat modeling?
read sections of a database or a whole database without authorization. - ANS In a SQL
injection attack, an attacker can:
Tailgating - ANS Piggybacking is also known as:
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Weather Conditions; Natural Disasters - ANS Primary considerations for assessing threats
based on historical data in your local area are __________ and ___________.
share, transfer - ANS Purchasing insurance is the primary way for an organization to
__________ or ___________ risk.
Preventative, detective, corrective - ANS Some controls are identified based on the function
they perform. What are the broad classes of controls based on function?
technical - ANS System logs and audit trails are a type of ________ control.
technical, procedural - ANS The actual methods used to protect against data loss are
__________ controls, but the program that identifies which data to protect is a ___________
control.
Contingency Planning(CP) - ANS The National Institute of Standards and Technology (NIST)
publishes SP 800-53. This document describes a variety of IT security controls, such as access
control, incident response, and configuration management. Controls are grouped into families.
Which NIST control family helps an organization recover from failures and disasters?
Mitigate - ANS To _________ risk means to reduce or neutralize threats or vulnerabilities to
an acceptable level.
encryption - ANS What changes plaintext data to ciphered data?
They are both performed for a specific time. - ANS What characteristic is common to risk
assessments and threat assessments?
They both specify that users be granted access only to what they need to perform their jobs. -
ANS What does the principle of least privilege have in common with the principle of need to
know?
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
WITH 100% CORRECT ANSWERS L
LATEST VERSION 2025/2026.
Procedures, policies - ANS __________ provide the detailed steps needed to carry out
___________.
right, permission - ANS A __________ grants the authority to perform an action on a system.
A __________ grants access to a resource.
security plan - ANS A business continuity plan (BCP) is an example of a(n):
a packet analyzer - ANS A hacker wants to launch an attack on an organization. The hacker
uses a tool to capture data sent over the network in cleartext, hoping to gather information that
will help make the attack successful. What tool is the hacker using?
assessments - ANS A threat is any activity that represents a possible danger, which includes
any circumstances or events with the potential to cause an adverse impact on all of the
following, except:
exploit - ANS A(n) ____________ assessment attempts to identify vulnerabilities that can be
exploited.
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Social engineering - ANS An access control such as a firewall or intrusion prevention system
cannot protect against which of the following?
input validation - ANS Another term for data range and reasonableness checks is:
procedural controls. - ANS Background checks, software testing, and awareness training are
all categories of:
Public key infrastructure (PKI) - ANS Bill is a security professional. He is in a meeting with co-
workers and describes a system that will make web sessions more secure. He says when a user
connects to the web server and starts a secure session, the server sends a certificate to the user.
The certificate includes a public key. The user can encrypt data with the public key and send it to
the server. Because the server holds the private key, it can decrypt the data. Because no other
entity has the private key, no one else can decrypt the data. What is Bill describing?
Insurance - ANS Bonding is a type of __________ that covers against losses by theft, fraud, or
dishonesty.
Vulnerability × Threat . - ANS Complete the equation for the relationship between risk,
vulnerabilities, and threats: Risk equals:
Software Development - ANS Functionality testing is primarily used with:
Before writing an application or deploying a system - ANS Ideally, when should you perform
threat modeling?
read sections of a database or a whole database without authorization. - ANS In a SQL
injection attack, an attacker can:
Tailgating - ANS Piggybacking is also known as:
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Weather Conditions; Natural Disasters - ANS Primary considerations for assessing threats
based on historical data in your local area are __________ and ___________.
share, transfer - ANS Purchasing insurance is the primary way for an organization to
__________ or ___________ risk.
Preventative, detective, corrective - ANS Some controls are identified based on the function
they perform. What are the broad classes of controls based on function?
technical - ANS System logs and audit trails are a type of ________ control.
technical, procedural - ANS The actual methods used to protect against data loss are
__________ controls, but the program that identifies which data to protect is a ___________
control.
Contingency Planning(CP) - ANS The National Institute of Standards and Technology (NIST)
publishes SP 800-53. This document describes a variety of IT security controls, such as access
control, incident response, and configuration management. Controls are grouped into families.
Which NIST control family helps an organization recover from failures and disasters?
Mitigate - ANS To _________ risk means to reduce or neutralize threats or vulnerabilities to
an acceptable level.
encryption - ANS What changes plaintext data to ciphered data?
They are both performed for a specific time. - ANS What characteristic is common to risk
assessments and threat assessments?
They both specify that users be granted access only to what they need to perform their jobs. -
ANS What does the principle of least privilege have in common with the principle of need to
know?
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.