Question 1

______________ are designed to monitor network traffic and identify threats that may have breached the networks initial defenses.

Accepted Answer

Intrusion

Question 2

A business impact analysis estimates the consequences of disruption of a business function and collects data to develop recovery strategies.

Accepted Answer

A) True 
 B)False

Question 3

People who have their social security or credit card numbers stolen and used by thieves are frequently victims of ___________________.

Accepted Answer

A) Insider fraud 
B) Identity theft 
C) Occupational corruption 
D) Document sabotage 
A) Insider fraud 
B) Identity theft 
C) Occupational corruption 
D) Document sabotage

Question 4

In Cybersecurity terminology,a threat is defined as ________.

Accepted Answer

A) A weakness that threatens the confidentiality,integrity,or availability of data. 
B) Something or someone that can damage,disrupt,or destroy an asset. 
C) Estimated cost,loss,or damage that can result from an exploit. 
D) Tools or techniques that take compromise a network. 
A) A weakness that threatens the confidentiality,integrity,or availability of data. 
B) Something or someone that can damage,disrupt,or destroy an asset. 
C) Estimated cost,loss,or damage that can result from an exploit. 
D) Tools or techniques that take compromise a network.

Question 5

An employee can pose an internal threat by entering false or fraudulent data into a computer,or changing or deleting existing data.This called _________.

Accepted Answer

A) data mining 
B) data tampering 
C) ransomware 
D) a remote-access Trojan 
A) data mining 
B) data tampering 
C) ransomware 
D) a remote-access Trojan

Question 6

Botnets are stealth network attacks in which an unauthorized person gains access to a network and remains undetected for a long time to steal data continuously.

Accepted Answer

A) True 
 B)False

Question 7

Intrusion Detection Systems (IDS)are designed to monitor network traffic and identify threats that have breached the networks' initial defenses.IDS identify all of the following except:

Accepted Answer

A) An attacker who is trying to break into the credentials of a legitimate user in order to gain access to an IS,device,or network. 
B) A legitimate user who performs actions he is not authorized to do. 
C) A user who tries to disguise or cover up his actions by deleting audit files or system logs. 
D) Employees who use computing or network resources inefficiently. 
A) An attacker who is trying to break into the credentials of a legitimate user in order to gain access to an IS,device,or network. 
B) A legitimate user who performs actions he is not authorized to do. 
C) A user who tries to disguise or cover up his actions by deleting audit files or system logs. 
D) Employees who use computing or network resources inefficiently.

Question 8

Managers should expect less tolerant regulators and greater fines and negative consequences for data breaches,according to KPMG.

Accepted Answer

A) True 
 B)False

Question 9

__________ are essential to the prevention and detection of occupation frauds

Accepted Answer

A) Anti-malware and firewalls 
B) Internal audits and internal controls 
C) Encryption and IDS 
D) AUPs 
A) Anti-malware and firewalls 
B) Internal audits and internal controls 
C) Encryption and IDS 
D) AUPs

Question 10

The SEC and FTC impose huge fines for __________ in order to deter companies from under-investing in data protection.

Accepted Answer

The answer of The SEC and FTC impose huge fines...

Question 11

When it comes to defending against employee fraud,regulators look favorably on companies that can demonstrate good __________ and best practices in operational risk management.

Accepted Answer

A) Corporate governance 
B) Access to legal counsel 
C) Relationships with security vendors 
D) Awareness of industry standards 
A) Corporate governance 
B) Access to legal counsel 
C) Relationships with security vendors 
D) Awareness of industry standards

Question 12

_____________ is the elapsed time between when vulnerability in a software app or system is discovered and when it's exploited.

Accepted Answer

Time-to-ex

Question 13

Which of the following is not a type of administrative control for information assurance and risk management?

Accepted Answer

A) Fostering company loyalty 
B) Immediately revoking access privileges of dismissed,resigned,or transferred employees 
C) Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible 
D) Performing authorization and authentication 
A) Fostering company loyalty 
B) Immediately revoking access privileges of dismissed,resigned,or transferred employees 
C) Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible 
D) Performing authorization and authentication

Question 14

The smart strategy is to invest more to protect the company's most valuable assets rather than try to protect all assets equally.

Accepted Answer

A) True 
 B)False

Question 15

Robust data security is the responsibility of IT and data managers.

Accepted Answer

A) True 
 B)False

Question 16

Voice and fingerprint _______ can significantly improve the security of physical devices and provide stronger authentication for remote access or cloud services.

Accepted Answer

A) cryptography 
B) biometrics 
C) encryption 
D) visualization 
A) cryptography 
B) biometrics 
C) encryption 
D) visualization

Question 17

The IT security defense-in-depth model ends with ________.

Accepted Answer

A) Senior management commitment and support 
B) IT security procedures and enforcement 
C) Hardware and software selection 
D) Acceptable use policies and IT security training 
A) Senior management commitment and support 
B) IT security procedures and enforcement 
C) Hardware and software selection 
D) Acceptable use policies and IT security training

Question 18

Most viruses,trojans,and worms are activated when an attachment is opened or a link is clicked.

Accepted Answer

A) True 
 B)False

Question 19

Enterprises take risks with BYOD practices that they never would consider taking with conventional computing devices.

Accepted Answer

A) True 
 B)False

Question 20

Which of the following was not an outcome of the Yahoo data breaches in 2013 and 2014?

Accepted Answer

A) Potential target users were informed within a month of the breach 
B) Russian agents were indicted for the crime 
C) Yahoo's value decreased by over $200 million 
D) Users were advised to change their passwords and security questions 
A) Potential target users were informed within a month of the breach 
B) Russian agents were indicted for the crime 
C) Yahoo's value decreased by over $200 million 
D) Users were advised to change their passwords and security questions

______________ are designed to monitor network traffic and identify threats that may have breached the networks initial defenses.

A business impact analysis estimates the consequences of disruption of a business function and collects data to develop recovery strategies.

People who have their social security or credit card numbers stolen and used by thieves are frequently victims of ___________________.

In Cybersecurity terminology,a threat is defined as ________.

An employee can pose an internal threat by entering false or fraudulent data into a computer,or changing or deleting existing data.This called _________.

Botnets are stealth network attacks in which an unauthorized person gains access to a network and remains undetected for a long time to steal data continuously.

Intrusion Detection Systems (IDS)are designed to monitor network traffic and identify threats that have breached the networks' initial defenses.IDS identify all of the following except:

Managers should expect less tolerant regulators and greater fines and negative consequences for data breaches,according to KPMG.

__________ are essential to the prevention and detection of occupation frauds

The SEC and FTC impose huge fines for __________ in order to deter companies from under-investing in data protection.

When it comes to defending against employee fraud,regulators look favorably on companies that can demonstrate good __________ and best practices in operational risk management.

_____________ is the elapsed time between when vulnerability in a software app or system is discovered and when it's exploited.

Which of the following is not a type of administrative control for information assurance and risk management?

The smart strategy is to invest more to protect the company's most valuable assets rather than try to protect all assets equally.

Robust data security is the responsibility of IT and data managers.

Voice and fingerprint _______ can significantly improve the security of physical devices and provide stronger authentication for remote access or cloud services.

The IT security defense-in-depth model ends with ________.

Most viruses,trojans,and worms are activated when an attachment is opened or a link is clicked.

Enterprises take risks with BYOD practices that they never would consider taking with conventional computing devices.

Which of the following was not an outcome of the Yahoo data breaches in 2013 and 2014?

Disruptive IT Impacts Companies, competition, and Careers

Information Systems, IT Architecture, Data Governance, and Cloud Computing

Data Management, Business Intelligence, and Data Analytics

Networks, Collaborative Technology, and the Internet of Things

Search, Semantic, and Recommendation Technology

Web 2.0 and Social Technology

Retail, e-Commerce, and Mobile Commerce Technology

Functional Business Systems

Enterprise Systems

Data Visualization and Geographic Information Systems

IT Strategy, Sourcing, and Strategic Technology Trends

Systems Development and Project Management

IT Ethics, Privacy and Sustainability

Filters

Exam 5: Cybersecurity and Risk Management Technology

______________ are designed to monitor network traffic and identify threats that may have breached the networks initial defenses.

A business impact analysis estimates the consequences of disruption of a business function and collects data to develop recovery strategies.

People who have their social security or credit card numbers stolen and used by thieves are frequently victims of ___________________.

In Cybersecurity terminology,a threat is defined as ________.

An employee can pose an internal threat by entering false or fraudulent data into a computer,or changing or deleting existing data.This called _________.

Botnets are stealth network attacks in which an unauthorized person gains access to a network and remains undetected for a long time to steal data continuously.

Intrusion Detection Systems (IDS)are designed to monitor network traffic and identify threats that have breached the networks' initial defenses.IDS identify all of the following except:

Managers should expect less tolerant regulators and greater fines and negative consequences for data breaches,according to KPMG.

__________ are essential to the prevention and detection of occupation frauds

The SEC and FTC impose huge fines for __________ in order to deter companies from under-investing in data protection.

When it comes to defending against employee fraud,regulators look favorably on companies that can demonstrate good __________ and best practices in operational risk management.

_____________ is the elapsed time between when vulnerability in a software app or system is discovered and when it's exploited.

Which of the following is not a type of administrative control for information assurance and risk management?

The smart strategy is to invest more to protect the company's most valuable assets rather than try to protect all assets equally.

Robust data security is the responsibility of IT and data managers.

Voice and fingerprint _______ can significantly improve the security of physical devices and provide stronger authentication for remote access or cloud services.

The IT security defense-in-depth model ends with ________.

Most viruses,trojans,and worms are activated when an attachment is opened or a link is clicked.

Enterprises take risks with BYOD practices that they never would consider taking with conventional computing devices.

Which of the following was not an outcome of the Yahoo data breaches in 2013 and 2014?

Disruptive IT Impacts Companies, competition, and Careers

Information Systems, IT Architecture, Data Governance, and Cloud Computing

Data Management, Business Intelligence, and Data Analytics

Networks, Collaborative Technology, and the Internet of Things

Search, Semantic, and Recommendation Technology

Web 2.0 and Social Technology

Retail, e-Commerce, and Mobile Commerce Technology

Functional Business Systems

Enterprise Systems

Data Visualization and Geographic Information Systems

IT Strategy, Sourcing, and Strategic Technology Trends

Systems Development and Project Management

IT Ethics, Privacy and Sustainability

Filters