Misy 5325 Final Actual Exam
MISY 5325 FINAL ACTUAL EXAM NEWEST 2025/2026
COMPLETE QUESTIONS AND CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS) |BRAND NEW VERSION!!
A hacker wants to launch an attack on an organization. The hacker uses a tool to
capture data sent over the network in cleartext, hoping to gather information that
will help make the attack successful. What tool is the hacker using?
A packet analyzer
Primary considerations for assessing threats based on historical data in your local
area are __________ and ___________.
weather conditions, natural disasters
In a SQL injection attack, an attacker can:
read sections of a database or a whole database without authorization.
What does the principle of least privilege have in common with the principle of
need to know?
They both specify that users be granted access only to what they need to perform
their jobs.
An access control such as a firewall or intrusion prevention system cannot protect
against which of the following?
Social engineering
What is the purpose of nonrepudiation techniques?
To prevent people from denying they took actions
Background checks, software testing, and awareness training are all categories of:
1|Page
, Misy 5325 Final Actual Exam
procedural controls.
Ideally, when should you perform threat modeling?
Before writing an application or deploying a system
You receive an email from someone named Bob in the IT department who needs
to access your login information for a scheduled internal vulnerability assessment.
You know an assessment is taking place because your manager notified your
group last week. Normally, you wouldn't give your password or other login
information to anybody, but doing so seems appropriate in this situation. Which of
the following could be taking place?
Social engineering attack
What is a transaction in a database?
A group of statements that either succeed or fail as a whole
Why is system testing performed?
To test individual systems for vulnerabilities
What is the primary determination as to whether an incident is included in a
business continuity plan (BCP)?
Probability of occurrence and impact
A business continuity plan (BCP) program manager within a large organization:
Usually manages multiple BCP projects.
What step of a business continuity plan (BCP) comes after providing training?
Testing and exercising plans
Having supplies on hand for continued production:
2|Page
, Misy 5325 Final Actual Exam
may conflict with other organizational planning principles.
Which term is defined as "an element necessary to perform the mission of an
organization"?
CSF
What is the primary purpose of identifying critical resources in the business
impact analysis (BIA) process?
Identify all IT assets that support critical business functions (CBFs).
Lower recovery time objectives (RTOs) are __________ but __________.
achievable, costly
What are critical resources?
Those that are required to support critical business functions (CBFs)
Functionality testing is primarily used with:
Software development
A(n) ____________ assessment attempts to identify vulnerabilities that can be
exploited.
Exploit
A business continuity plan (BCP) is an example of a(n):
Security Plan
Which of the following is most likely to describe how to perform test restores?
A backup plan
Which of the following is not a common category of control implementation?
3|Page
, Misy 5325 Final Actual Exam
Functional
What characteristic is common to risk assessments and threat assessments?
They are both performed for a specific time.
Complete the equation for the relationship between risk, vulnerabilities, and
threats: Risk equals:
Vulnerability × Threat
Which of the following is a physical control that is most likely to be used with a
proximity card?
A locked door
The National Institute of Standards and Technology (NIST) publishes SP 800-53.
This document describes a variety of IT security controls, such as access control,
incident response, and configuration management. Controls are grouped into
families. Which NIST control family helps an organization recover from failures and
disasters?
Contingency Plan (CP)
_________ provide the detailed steps needed to carry out ___________.
Procedures, policies
Why are audits performed?
To check compliance with rules and guidelines
Piggybacking is also known as:
Tailgating
Bill is a security professional. He is in a meeting with co-workers and describes a
system that will make web sessions more secure. He says when a user connects to
4|Page
MISY 5325 FINAL ACTUAL EXAM NEWEST 2025/2026
COMPLETE QUESTIONS AND CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS) |BRAND NEW VERSION!!
A hacker wants to launch an attack on an organization. The hacker uses a tool to
capture data sent over the network in cleartext, hoping to gather information that
will help make the attack successful. What tool is the hacker using?
A packet analyzer
Primary considerations for assessing threats based on historical data in your local
area are __________ and ___________.
weather conditions, natural disasters
In a SQL injection attack, an attacker can:
read sections of a database or a whole database without authorization.
What does the principle of least privilege have in common with the principle of
need to know?
They both specify that users be granted access only to what they need to perform
their jobs.
An access control such as a firewall or intrusion prevention system cannot protect
against which of the following?
Social engineering
What is the purpose of nonrepudiation techniques?
To prevent people from denying they took actions
Background checks, software testing, and awareness training are all categories of:
1|Page
, Misy 5325 Final Actual Exam
procedural controls.
Ideally, when should you perform threat modeling?
Before writing an application or deploying a system
You receive an email from someone named Bob in the IT department who needs
to access your login information for a scheduled internal vulnerability assessment.
You know an assessment is taking place because your manager notified your
group last week. Normally, you wouldn't give your password or other login
information to anybody, but doing so seems appropriate in this situation. Which of
the following could be taking place?
Social engineering attack
What is a transaction in a database?
A group of statements that either succeed or fail as a whole
Why is system testing performed?
To test individual systems for vulnerabilities
What is the primary determination as to whether an incident is included in a
business continuity plan (BCP)?
Probability of occurrence and impact
A business continuity plan (BCP) program manager within a large organization:
Usually manages multiple BCP projects.
What step of a business continuity plan (BCP) comes after providing training?
Testing and exercising plans
Having supplies on hand for continued production:
2|Page
, Misy 5325 Final Actual Exam
may conflict with other organizational planning principles.
Which term is defined as "an element necessary to perform the mission of an
organization"?
CSF
What is the primary purpose of identifying critical resources in the business
impact analysis (BIA) process?
Identify all IT assets that support critical business functions (CBFs).
Lower recovery time objectives (RTOs) are __________ but __________.
achievable, costly
What are critical resources?
Those that are required to support critical business functions (CBFs)
Functionality testing is primarily used with:
Software development
A(n) ____________ assessment attempts to identify vulnerabilities that can be
exploited.
Exploit
A business continuity plan (BCP) is an example of a(n):
Security Plan
Which of the following is most likely to describe how to perform test restores?
A backup plan
Which of the following is not a common category of control implementation?
3|Page
, Misy 5325 Final Actual Exam
Functional
What characteristic is common to risk assessments and threat assessments?
They are both performed for a specific time.
Complete the equation for the relationship between risk, vulnerabilities, and
threats: Risk equals:
Vulnerability × Threat
Which of the following is a physical control that is most likely to be used with a
proximity card?
A locked door
The National Institute of Standards and Technology (NIST) publishes SP 800-53.
This document describes a variety of IT security controls, such as access control,
incident response, and configuration management. Controls are grouped into
families. Which NIST control family helps an organization recover from failures and
disasters?
Contingency Plan (CP)
_________ provide the detailed steps needed to carry out ___________.
Procedures, policies
Why are audits performed?
To check compliance with rules and guidelines
Piggybacking is also known as:
Tailgating
Bill is a security professional. He is in a meeting with co-workers and describes a
system that will make web sessions more secure. He says when a user connects to
4|Page
