Question 1

Before doing a vulnerability test, a security employee must ensure that ________.

Accepted Answer

A)  doing a vulnerability test is in his or her job description 
B)  no damage will be done 
C)  he or she has a specific contract to do a specific test 
D)  the test is a surprise to everyone, including the tester's superior, who may be engaged in illicit activities 
A)  doing a vulnerability test is in his or her job description 
B)  no damage will be done 
C)  he or she has a specific contract to do a specific test 
D)  the test is a surprise to everyone, including the tester's superior, who may be engaged in illicit activities C

Question 2

CobiT focuses on ________.

Accepted Answer

A)  corporate governance 
B)  controlling entire IT function 
C)  IT security governance 
D)  All of the above about equally 
A)  corporate governance 
B)  controlling entire IT function 
C)  IT security governance 
D)  All of the above about equally B

Question 3

The factors that require a firm to change its security planning, protection, and response are called driving forces.

Accepted Answer

A) True 
 B)False  True

Question 4

Data breach notification laws typically ________.

Accepted Answer

A)  require companies to notify affected people if sensitive personally identifiable information is stolen or even lost 
B)  have caused companies to think more about security 
C)  Both A and B 
D)  Neither A nor B 
A)  require companies to notify affected people if sensitive personally identifiable information is stolen or even lost 
B)  have caused companies to think more about security 
C)  Both A and B 
D)  Neither A nor B

Question 5

________ specifically addresses data protection requirements at health care institutions.

Accepted Answer

A)  GLBA 
B)  HIPAA 
C)  Sarbanes-Oxley 
D)  The SEC Act 
A)  GLBA 
B)  HIPAA 
C)  Sarbanes-Oxley 
D)  The SEC Act

Question 6

A planned series of actions in a corporation is a(n) ________.

Accepted Answer

A)  strategy 
B)  sequence 
C)  process 
D)  anomaly 
A)  strategy 
B)  sequence 
C)  process 
D)  anomaly

Question 7

In a firm, codes of ethics apply to ________.

Accepted Answer

A)  part-time employees 
B)  senior managers 
C)  Both A and B 
D)  Neither A nor B 
A)  part-time employees 
B)  senior managers 
C)  Both A and B 
D)  Neither A nor B

Question 8

Compliance laws and regulations ________.

Accepted Answer

A)  create requirements to which security must respond 
B)  can be expensive for IT security 
C)  Both A and B 
D)  Neither A nor B 
A)  create requirements to which security must respond 
B)  can be expensive for IT security 
C)  Both A and B 
D)  Neither A nor B

Question 9

Which of the following is a way of responding to risk with active countermeasures?

Accepted Answer

A)  Risk reduction 
B)  Risk acceptance 
C)  Risk avoidance 
D)  All of the above 
A)  Risk reduction 
B)  Risk acceptance 
C)  Risk avoidance 
D)  All of the above

Question 10

Which of the following is not one of the three elements in the fraud and abuse triangle?

Accepted Answer

A)  Opportunity 
B)  Resistance 
C)  Rationalization 
D)  Pressure 
A)  Opportunity 
B)  Resistance 
C)  Rationalization 
D)  Pressure

Question 11

Which of the following are examples of opportunity?

Accepted Answer

A)  Weak security controls 
B)  Insufficient oversight from management 
C)  An unlocked safe 
D)  All of the above 
A)  Weak security controls 
B)  Insufficient oversight from management 
C)  An unlocked safe 
D)  All of the above

Question 12

A technical security architecture should be created ________.

Accepted Answer

A)  annually 
B)  before a firm creates individual countermeasures 
C)  before a firm creates a specific countermeasure 
D)  after each major compromise 
A)  annually 
B)  before a firm creates individual countermeasures 
C)  before a firm creates a specific countermeasure 
D)  after each major compromise

Question 13

In FISMA, ________ is done internally by the organization.

Accepted Answer

A)  certification 
B)  accreditation 
C)  Both A and B 
D)  Neither A nor B 
A)  certification 
B)  accreditation 
C)  Both A and B 
D)  Neither A nor B

Question 14

This book focuses on ________.

Accepted Answer

A)  offense 
B)  defense 
C)  offense and defense about equally 
D)  None of the above 
A)  offense 
B)  defense 
C)  offense and defense about equally 
D)  None of the above

Question 15

When you wish to create a specific firewall, you should create a security policy for that firewall specifically.

Accepted Answer

A) True 
 B)False

Question 16

Closing all routes of attack into an organization's system(s) is called ________.

Accepted Answer

A)  defense in depth 
B)  comprehensive security 
C)  total security 
D)  access control 
A)  defense in depth 
B)  comprehensive security 
C)  total security 
D)  access control

Question 17

A(n) ________ is a statement of what should be done under specific circumstances.

Accepted Answer

A)  implementation control 
B)  policy 
C)  policy guidance document 
D)  procedure 
A)  implementation control 
B)  policy 
C)  policy guidance document 
D)  procedure

Question 18

What security functions typically are outsourced?

Accepted Answer

A)  Policy 
B)  Vulnerability testing 
C)  Both A and B 
D)  Neither A nor B 
A)  Policy 
B)  Vulnerability testing 
C)  Both A and B 
D)  Neither A nor B

Question 19

The purpose(s) of auditing is(are) to ________.

Accepted Answer

A)  develop opinions on the health of controls 
B)  find punishable instances of noncompliance 
C)  Both A and B 
D)  Neither A nor B 
A)  develop opinions on the health of controls 
B)  find punishable instances of noncompliance 
C)  Both A and B 
D)  Neither A nor B

Question 20

Guidelines are appropriate in simple and highly certain circumstances.

Accepted Answer

A) True 
 B)False

Before doing a vulnerability test, a security employee must ensure that ________.

CobiT focuses on ________.

The factors that require a firm to change its security planning, protection, and response are called driving forces.

Data breach notification laws typically ________.

________ specifically addresses data protection requirements at health care institutions.

A planned series of actions in a corporation is a(n) ________.

In a firm, codes of ethics apply to ________.

Compliance laws and regulations ________.

Which of the following is a way of responding to risk with active countermeasures?

Which of the following is not one of the three elements in the fraud and abuse triangle?

Which of the following are examples of opportunity?

A technical security architecture should be created ________.

In FISMA, ________ is done internally by the organization.

This book focuses on ________.

When you wish to create a specific firewall, you should create a security policy for that firewall specifically.

Closing all routes of attack into an organization's system(s) is called ________.

A(n) ________ is a statement of what should be done under specific circumstances.

What security functions typically are outsourced?

The purpose(s) of auditing is(are) to ________.

Guidelines are appropriate in simple and highly certain circumstances.

The Threat Environment

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Application Security

Data Protection

Incident and Disaster Response

Module A: Networking Concepts

Filters

Exam 2: Planning and Policy

Before doing a vulnerability test, a security employee must ensure that ________.

CobiT focuses on ________.

The factors that require a firm to change its security planning, protection, and response are called driving forces.

Data breach notification laws typically ________.

________ specifically addresses data protection requirements at health care institutions.

A planned series of actions in a corporation is a(n) ________.

In a firm, codes of ethics apply to ________.

Compliance laws and regulations ________.

Which of the following is a way of responding to risk with active countermeasures?

Which of the following is not one of the three elements in the fraud and abuse triangle?

Which of the following are examples of opportunity?

A technical security architecture should be created ________.

In FISMA, ________ is done internally by the organization.

This book focuses on ________.

When you wish to create a specific firewall, you should create a security policy for that firewall specifically.

Closing all routes of attack into an organization's system(s) is called ________.

A(n) ________ is a statement of what should be done under specific circumstances.

What security functions typically are outsourced?

The purpose(s) of auditing is(are) to ________.

Guidelines are appropriate in simple and highly certain circumstances.

The Threat Environment

Cryptography

Secure Networks

Access Control

Firewalls

Host Hardening

Application Security

Data Protection

Incident and Disaster Response

Module A: Networking Concepts

Filters