PREVIOUS QUESTION & ANSWER

Q :
A :

 ·         Question 1

2 out of 2 points

   
 

Separation of duties ensures that a single person handles all crucial decisions and activities as part of a management control policy.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 2

2out of 2 points

   
 

In the risk management strategy known as risk ________,you implement controls designed to lessen the probability and/or impact of a risk.

     

Selected Answer:

 transference

Answers:

transference

 

 mitigation

 

avoidance

 

acceptance

     

·         Question 3

2 out of 2 points

   
 

What name is given to systems utilized to monitor and control telecommunications, water and waste control, energy, and transportation among other industries and utilities?

     

Selected Answer:

 supervisory control and data acquisition (SCADA) process control systems

Answers:

 supervisory control and data acquisition (SCADA) process control systems

 

directory information

 

human machine interface

 

critical infrastructure

     

·         Question 4

2 out of 2 points

   
 

________ is the relative value, either in monetary terms or in overall impact, of the resource being protected by the access control system.

     

Selected Answer:

 Asset value (AV)

Answers:

Cost of replacement

 

Probability of occurrence

 

 Asset value (AV)

 

Exposure factor (EF)

     

·         Question 5

2 out of 2 points

   
 

What name is given to the process or mechanism of granting or denying use of a resource typically applied to users or generic network traffic?

     

Selected Answer:

 access control

Answers:

 access control

 

authentication

 

biometrics

 

identification password

     

·         Question 6

2 out of 2 points

   
 

The requester of sensitive information should not receive access just because of his or her clearance, position, or rank. The requester must also establish a valid need to see the information. The term for this is ________.

     

Selected Answer:

 need to know

Answers:

least privilege

 

 need to know

 

confidential information declassification

 

access control

     

·         Question 7

2 out of 2 points

   
 

A common element in a(n) _____________ is “Sending unsolicited junk e-mail or advertisements is prohibited.”

     

Selected Answer:

 acceptable use policy

Answers:

 acceptable use policy

 

organizational culture

 

ethics program

 

security awareness policy

     

·         Question 8

2 out of 2 points

   
 

What is meant by mandatory access control ( MAC)?

     

Selected Answer:

 An access control system where rights are assigned by a central authority.

Answers:

Authentication system in which two conditions must be met in order for access to be granted. If one condition is met but not the other, access is denied.

 

 An access control system where rights are assigned by a central authority.

 

Requires that users commonly log into workstations under limited user accounts.

 

The principle in which a subject—whether a user, an application, or another entity—should be given the minimum level of rights necessary to perform legitimate functions.

     

·         Question 9

2 out of 2 points

   
 

Fundamentally, __________ refers to the ability of a subject and an object to interact.

     

Selected Answer:

 access

Answers:

authorization

 

 access

 

biometrics

 

identification

     

·         Question 10

2 out of 2 points

   
 

____________ refers to give the exact amount of access control to an employee for him to perform his duties.

     

Selected Answer:

 Need to know

Answers:

Collusion

 

 Need to know

 

Discretionary Access Control (DAC)

 

Separation of duties

     

·         Question 11

2 out of 2 points

   
 

Which of the following is not a factor of authentication?

     

Selected Answer:

 Where you are?

Answers:

What you know?

 

What you have?

 

Who you are?

 

 Where you are?

     

·         Question 12

2 out of 2 points

   
 

In order to correctly prioritize efforts at mitigating threats and vulnerabilities, we perform ________ to accurately decide which threats represent the biggest impact to resources and data.

     

Selected Answer:

 risk assessment

Answers:

vulnerability analysis

 

 risk assessment

 

single loss expectancy

 

probability of occurrence

     

·         Question 13

2 out of 2 points

   
 

What term is used to describe a method of organizing sensitive information into various access levels?

     

Selected Answer:

 classification scheme

Answers:

confidential information

 

secret information

 

automatic classification

 

 classification scheme

     

·         Question 14

2 out of 2 points

   
 

What term is used to describe a technical, physical, or administrative process designed to reduce risk?

     

Selected Answer:

 control

Answers:

defense-in-depth strategy

 

qualitative risk assessment

 

infrastructure

 

 control

     

·         Question 15

2 out of 2 points

   
 

In practice, the principle of least privilege is usually implemented as least user access (LUA), which requires that users commonly log onto workstations under limited user accounts.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 16

2 out of 2 points

   
 

According to the national security classification, ________ information, if disclosed, could reasonably be expected to cause damage to national security.

     

Selected Answer:

 confidential

Answers:

secret

 

 confidential

 

unclassified

 

top secret

     

·         Question 17

2 out of 2 points

   
 

Human nature is the sum of qualities and traits shared by all humans.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 18

2 out of 2 points

   
 

A scenario with a high probability but low impact is a lower priority risk than one with a high probability and high impact.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 19

2 out of 2 points

   
 

A threat is any weakness in a system that can be exploited.

     

Selected Answer:

 Social engineering

Answers:

 Social engineering

 

Eavesdropping

 

System exploit

 

Physical attack

     

·         Question 20

2 out of 2 points

   
 

The number of times per year you expect a compromise to occur is the definition of ________.

     

Selected Answer:

 annualized rate of occurrence (ARO)

Answers:

 annualized rate of occurrence (ARO)

 

exposure factor (EF)

 

defense-in-depth strategy

 

qualitative risk assessment

     

·         Question 21

2 out of 2 points

   
 

What is meant by mandatory access control ( MAC)?

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 22

2 out of 2 points

   
 

A(n) ________________ is a high-level document that defines how an organization will assign and enforce access control rights.

     

Selected Answer:

 authorization policy

Answers:

best practice

 

 authorization policy

 

critical infrastructure

 

disclosure

     

·         Question 23

2 out of 2 points

   
 

A _______________ is a person who is angry or dissatisfied, usually with some aspect of his or her employment.

     

Selected Answer:

 disgruntled employee

Answers:

 disgruntled employee

 

social engineer

 

terminated employee

 

loner

     

·         Question 24

2 out of 2 points

   
 

Only a person with the approved level of access is allowed to view the information. This access is called _____________.

     

Selected Answer:

 clearance

Answers:

 clearance

 

classification

 

disclosure

 

policy

     

·         Question 25

2 out of 2 points

   
 

A phishing attack targeted at specific, usually high-level, individuals within an organization is the definition of spear phishing.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 26

2 out of 2 points

   
 

A threat is any weakness in a system that can be exploited.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 27

2 out of 2 points

   
 

According to the typical corporate security classification scheme, ________ information, if disclosed, could cause serious damage to the firm.

     

Selected Answer:

 sensitive

Answers:

 sensitive

 

public

 

internal

 

highly sensitive

     

·         Question 28

2 out of 2 points

   
 

A ________ is a comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information.

     

Selected Answer:

 privacy impact assessment

Answers:

data encryption standard encryption

 

 privacy impact assessment

 

NTLM hash

 

penetration test

     

·         Question 29

2 out of 2 points

   
 

Access control is an application of risk ________.

     

Selected Answer:

 mitigation

Answers:

 mitigation

 

transference

 

acceptance

 

avoidance

     

·         Question 30

2 out of 2 points

   
 

A guideline is a collection of requirements that must be met by anyone who performs a given task or works on a specific system.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 31

2 out of 2 points

   
 

Under the Health Insurance Portability and Accountability Act, the _____________________ includes an administrative safeguard that restricts access to EPHI to only those employees who need the information for their job functions.

     

Selected Answer:

 Security Rule

Answers:

Privacy Rule

 

 Security Rule

 

Transactions and Codes Set Rule

 

Enforcement Rule

     

·         Question 32

2 out of 2 points

   
 

In the risk management strategy known as risk ________, you offload the risk to a third party.

     

Selected Answer:

 transference

Answers:

 transference

 

mitigation

 

avoidance

 

acceptance

     

·         Question 33

2 out of 2 points

   
 

Annualized loss expectancy ( ALE) means the total cost per year of the threat under assessment. ALE is calculated by multiplying the SLE by the ARO.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 34

2 out of 2 points

   
 

________ is a type of security breach that exploits human nature and human error.

     

Selected Answer:

 people

Answers:

institutional

 

 people

 

administrative

 

organizational

     

·         Question 35

2 out of 2 points

   
 

Directory information refers to systems utilized to monitor and control telecommunications, water and waste control, energy, and transportation among other industries and utilities.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 36

2 out of 2 points

   
 

_____________ refers to creating multiple layers of security to force an attacker to defeat multiple controls.

     

Selected Answer:

 access control

Answers:

integrity

 

confidentiality

 

 access control

 

availability

     

·         Question 37

2 out of 2 points

   
 

The ________ allowed banks, investment firms, and insurance companies to consolidate. It also introduced some consumer protections, such as requiring creditagencies to provide consumers with one free credit report per year.

     

Selected Answer:

 Gramm-Leach-Bliley Act (GLBA)

Answers:

Sarbanes-Oxley Act(SOX)

 

 Gramm-Leach-Bliley Act (GLBA)

 

21 CFR Part 11

 

Homeland Security Presidential Directive 12 (HSPD 12)

     

·         Question 38

2 out of 2 points

   
 

Discretionary access control (DAC) is an access control system where rights are assigned by a central authority.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 39

2 out of 2 points

   
 

The process used to move a classified document into the public domain is the definition of declassification.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 40

2 out of 2 points

   
 

The subject in an access control scenario is a person or another application requesting access to a resource such as the network, a file system, or a printer.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 41

2 out of 2 points

   
 

In a mandatory access control (MAC) system, rights are assigned based on a user’s role rather than his or her identity.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 42

2 out of 2 points

   
 

A good risk assessment takes into account both the value of the assets to be protected and their impact on the overall organization.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 43

2 out of 2 points

   
 

Access control systems that address human nature, and the problems human nature can introduce, focus on ___________ attacks.

     

Selected Answer:

 social engineering

Answers:

malware

 

phishing

 

fraud

 

 social engineering

     

·         Question 44

2 out of 2 points

   
 

Educational institutions are required to protect educational records by adhering to the strict guidelines set in the ________.

     

Selected Answer:

 Family Educational Rights and Privacy Act (FERPA)

Answers:

Communications Assistance for Law Enforcement Act (CALEA)

 

 Family Educational Rights and Privacy Act (FERPA)

 

Sarbanes-Oxley Act(SOX)

 

Gramm-Leach-Bliley Act (GLBA)

     

·         Question 45

2 out of 2 points

   
 

A ______________ is a set of specific steps to be taken to achieve a desired result.

     

Selected Answer:

 procedure

Answers:

guideline

 

 procedure

 

standard

 

policy

     

·         Question 46

2 out of 2 points

   
 

_____________ refers to creating multiple layers of security to force an attacker to defeat multiple controls.

     

Selected Answer:

 Defense in depth

Answers:

Physical access control

 

Biometrics

 

Mandatory access control (MAC)

 

 Defense in depth

     

·         Question 47

2 out of 2 points

   
 

The ________ is a law that requires telecommunications carriers and equipmentmakers to take steps to facilitate the electronic surveillance activities of law enforcement agencies.

     

Selected Answer:

 Communications Assistance to Law Enforcement Act (CALEA)

Answers:

 Communications Assistance to Law Enforcement Act (CALEA)

 

Sarbanes-OxleyAct (SOX)

 

Gramm-Leach-Bliley Act (GLBA)

 

Homeland Security Presidential Directive 12 (HSPD 12)

     

·         Question 48

2 out of 2 points

   
 

Identification builds on authentication by requiring that the subject provide proof of its identity.

     

Selected Answer:

False

Answers:

True

 

False

     

·         Question 49

2 out of 2 points

   
 

Authorization is a set of rights defined for a subject and an object. They are based on the subject’s identity.

     

Selected Answer:

True

Answers:

True

 

False

     

·         Question 50

2 out of 2 points

   
 

Which of the following is the definition of authentication factor?

     

Selected Answer:

A way of confirming the identity of a subject. The three authentication factors are something you know, something you have, and something you are.

Answers:

A secret combination of characters known only to the subject.

 

A way of confirming the identity of a subject. The three authentication factors are something you know, something you have, and something you are.

 

The user, network, system, process, or application requesting access to a resource.

 

Something only the subject and the authentication system know.

     

 


Related Questions & Answer

Get Your Solution Free




Get Your Solution Paid




DEMO