Question 1

In the ________, a specific, full act should require two or more people to complete.

Accepted Answer

A)  implementation guidance 
B)  weakest link 
C)  segregation of duties 
D)  request/authorization control 
A)  implementation guidance 
B)  weakest link 
C)  segregation of duties 
D)  request/authorization control C

Question 2

Discounted cash flow analysis is also called ________.

Accepted Answer

A)  IRR 
B)  TCI 
C)  NPV 
D)  ROI 
A)  IRR 
B)  TCI 
C)  NPV 
D)  ROI D

Question 3

What does a central logging server of an MSSP on a network do?

Accepted Answer

A)  It calculates the amount of processing ability needed for a system. 
B)  It uploads a firm's event log data. 
C)  It uploads the number of times that employees have logged into-or attempted to log into-questionable sites. 
D)  It automatically creates a firewall when questionable activity is detected. 
A)  It calculates the amount of processing ability needed for a system. 
B)  It uploads a firm's event log data. 
C)  It uploads the number of times that employees have logged into-or attempted to log into-questionable sites. 
D)  It automatically creates a firewall when questionable activity is detected. B

Question 4

________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

Accepted Answer

A)  Standards 
B)  Policies 
C)  Guidelines 
D)  Procedures 
A)  Standards 
B)  Policies 
C)  Guidelines 
D)  Procedures

Question 5

A positive of classic risk analysis is that it imposes general discipline for thinking about risks and countermeasures.

Accepted Answer

A) True 
 B)False

Question 6

________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

Accepted Answer

A)  Standards 
B)  Policies 
C)  Guidelines 
D)  Procedures 
A)  Standards 
B)  Policies 
C)  Guidelines 
D)  Procedures

Question 7

The first stage of FISMA is a certification of a system by an organization.

Accepted Answer

A) True 
 B)False

Question 8

Which of the following is NOT one of the three auditing departments that are part of most corporations?

Accepted Answer

A)  Financial auditing 
B)  Internal auditing 
C)  Outside auditing 
D)  IT auditing 
A)  Financial auditing 
B)  Internal auditing 
C)  Outside auditing 
D)  IT auditing

Question 9

Return on investment analysis requires the computation of either the net present value or the ________.

Accepted Answer

A)  risk transference 
B)  risk avoidance 
C)  internal rate of return 
D)  total cost of incident 
A)  risk transference 
B)  risk avoidance 
C)  internal rate of return 
D)  total cost of incident

Question 10

Why was FISMA enacted?

Accepted Answer

A)  To set standards for companies that accept credit card payments 
B)  To set accreditation standards for members of a particular industry 
C)  To prosecute firms that fail to take reasonable precautions to protect customers' private information 
D)  To bolster computer and network security within the federal government 
A)  To set standards for companies that accept credit card payments 
B)  To set accreditation standards for members of a particular industry 
C)  To prosecute firms that fail to take reasonable precautions to protect customers' private information 
D)  To bolster computer and network security within the federal government

Question 11

The most common type of IT security outsourcing is done for ________.

Accepted Answer

A)  laptops 
B)  e-mail 
C)  all hardware 
D)  all software 
A)  laptops 
B)  e-mail 
C)  all hardware 
D)  all software

Question 12

Most firms have a CSO report direct to the company's CEO.

Accepted Answer

A) True 
 B)False

Question 13

A firm's primary objective is to make a profit.

Accepted Answer

A) True 
 B)False

Question 14

It is common for companies to require users to read and sign a(n) ________.

Accepted Answer

A)  corporate security policy 
B)  personally identifiable information policy 
C)  e-mail policy 
D)  acceptable use policy 
A)  corporate security policy 
B)  personally identifiable information policy 
C)  e-mail policy 
D)  acceptable use policy

Question 15

HIPAA has the power to require firms to pay to be audited annually by an external firm.

Accepted Answer

A) True 
 B)False

Question 16

An advantage to using an MSSP is ________.

Accepted Answer

A)  cost 
B)  control of employees 
C)  constant internal control 
D)  independence 
A)  cost 
B)  control of employees 
C)  constant internal control 
D)  independence

Question 17

Which of the following compares probable losses with the costs of security protections?

Accepted Answer

A)  Weakest-link failure 
B)  Reasonable risk 
C)  Internal audits 
D)  Risk analysis 
A)  Weakest-link failure 
B)  Reasonable risk 
C)  Internal audits 
D)  Risk analysis

Question 18

________ in regard to outside IT security means checking out closely the IT security implications of a potential partnership before beginning the relationship.

Accepted Answer

A)  A hybrid solution 
B)  Internal auditing 
C)  Risk analysis 
D)  Due diligence 
A)  A hybrid solution 
B)  Internal auditing 
C)  Risk analysis 
D)  Due diligence

Question 19

Objective setting and risk assessment are both COSO framework components.

Accepted Answer

A) True 
 B)False

Question 20

COBIT is a general control planning and assessment tool for corporations.

Accepted Answer

A) True 
 B)False

In the ________, a specific, full act should require two or more people to complete.

Discounted cash flow analysis is also called ________.

What does a central logging server of an MSSP on a network do?

________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

A positive of classic risk analysis is that it imposes general discipline for thinking about risks and countermeasures.

________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

The first stage of FISMA is a certification of a system by an organization.

Which of the following is NOT one of the three auditing departments that are part of most corporations?

Return on investment analysis requires the computation of either the net present value or the ________.

Why was FISMA enacted?

The most common type of IT security outsourcing is done for ________.

Most firms have a CSO report direct to the company's CEO.

A firm's primary objective is to make a profit.

It is common for companies to require users to read and sign a(n) ________.

HIPAA has the power to require firms to pay to be audited annually by an external firm.

An advantage to using an MSSP is ________.

Which of the following compares probable losses with the costs of security protections?

________ in regard to outside IT security means checking out closely the IT security implications of a potential partnership before beginning the relationship.

Objective setting and risk assessment are both COSO framework components.

COBIT is a general control planning and assessment tool for corporations.

The Threat Environment

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Application Security

Data Protection

Incident and Disaster Response

Module a Networking Concepts

Filters

Exam 2: Planning and Policy

In the ________, a specific, full act should require two or more people to complete.

Discounted cash flow analysis is also called ________.

What does a central logging server of an MSSP on a network do?

________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

A positive of classic risk analysis is that it imposes general discipline for thinking about risks and countermeasures.

________ are mandatory implementation guidance, meaning that employees are not free to opt out of them.

The first stage of FISMA is a certification of a system by an organization.

Which of the following is NOT one of the three auditing departments that are part of most corporations?

Return on investment analysis requires the computation of either the net present value or the ________.

Why was FISMA enacted?

The most common type of IT security outsourcing is done for ________.

Most firms have a CSO report direct to the company's CEO.

A firm's primary objective is to make a profit.

It is common for companies to require users to read and sign a(n) ________.

HIPAA has the power to require firms to pay to be audited annually by an external firm.

An advantage to using an MSSP is ________.

Which of the following compares probable losses with the costs of security protections?

________ in regard to outside IT security means checking out closely the IT security implications of a potential partnership before beginning the relationship.

Objective setting and risk assessment are both COSO framework components.

COBIT is a general control planning and assessment tool for corporations.

The Threat Environment

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Application Security

Data Protection

Incident and Disaster Response

Module a Networking Concepts

Filters