Shopping Cart
Your shopping cart is empty!

CIS 462 Final Exam NEW

CIS 462 Final Exam NEW
Model:Recent
Price: $25.00 $15.00
Qty:   Check out
This Tutorial Purchased: 10  Times.  Tutorial Rating: A+

attachments This Tutorial contains following Attachments:

  • CIS 462 Final Exam Guide Set 1.docx
  • CIS 462 Final Exam Guide Set 2.docx

CIS 462 Final Exam NEW

CIS 462 Final Exam Guide Set 1
 
Question 1 A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?
 
Question 2 What entity issues and manages digital certificates?
 
Question 3 A PKI uses public and private ______ for the secure exchange of information.
 
Question 4 A Wi-Fi Access Point Security standard defines secure wireless connectivity to a network. With which IT domain is this standard primarily associated?
 
Question 5 Baseline standards for the LAN Domain would include ____________.
 
Question 6A standard for Web Services from an external provider would be part of which set of policies?
 
Question 7 A control standard that separates the development environment from the production environment would be found in which set of policies?
Question 8 What is a benefit of instructor-led classroom training for security awareness?
Question 9 Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.
 
Question 10 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?
 
Question 11 Which of the following is least likely to be required to attend an organization's formal security awareness training program?
 
Question 12 Implementing IT security policies is as much about __________ as it is about implementing controls.
 
Question 13 What is the best way to measure a specific user's comprehension of security awareness training?
 
Question 14 Conducting __________ can be an effective security awareness program solution.
 
Question 15 The primary objective of a security awareness program is to _________.
 
Question 16Which tool can you use in a Microsoft domain to manage security settings for users and organizational units (OUs)?
 
Question 17 What does a configuration management database (CMDB) hold?
 
Question 18 A(n) __________ can include a computer's full operating system, applications, and system settings, including security and configuration settings.
 
Question 19 You want to manage patches and updates for Windows client computers centrally. Which is the best tool to use?
 
Question 20 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?
 
Question 21 Which of the following methods is used to track compliance?
 
Question 22 What is due care?
 
Question 23 Common IRT members may be IT subject matter experts, IT security reps, HR reps, and ____________ reps.
 
Question 24 When responding to an incident, when does the IRT timeline start?
 
Question 25 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?
 
Question 26 Before an incident can be declared, the IRT must develop an incident ________ for incident response.
 
Question 27 FISMA requires federal agencies to report major incidents to which organization?
 
Question 28 During which phase of incident response do IRT members stop the attack and gather evidence?
 
Question 29 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?
 
Question 30 In a business classification scheme, which classification refers to routine communications within the organization?
 
Question 31 Regarding data classification, what does "declassification" mean?
 
Question 32 What is the general retention period of regulated documents?
 
Question 33 What is considered to be a natural extension of the BIA when conducting a BCP?
 
Question 34 Which of the following is not a primary reason a business classifies data?
 
Question 35 In a business classification scheme, which classification refers to mission-critical data?
 
Question 36 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?
 
Question 37 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?
 
Question 38 ___________ is/are key to security policy enforcement.
 
Question 39 Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee's right to privacy?
 
 
Question 40 Which of the following is least likely to indicate the effectiveness of an organization's security policies?
 
Question 41 What is the name of a common control that is used across a significant population of systems, applications, and operations?
 
Question 42 Which employee role is directly accountable to ensure that employees are implementing security policies consistently?
 
•       Question 43 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?
 
Question 44 An employee used her company-owned computer to e-mail invitations to friends for her upcoming party, which violated the company's acceptable use policy. Who is responsible for correcting the employee's behavior?
 
Question 45 What is a disadvantage of hard-coding a user name and password into an application to simplify guest access?
 
Question 46 What is an example of "hardening"?
 
Question 47 Which type of agreement would you have a contract system administrator (temporary worker) sign?
 
 
Question 48 Which of the following is a policy that prohibits access or storage of offensive content?
 
Question 49 What is pretexting associated with?
Question 50 Who evaluates an organization's technology controls and risks for compliance with internal security policies or regulations?
 
 
CIS 462 Final Exam Guide Set 2
 
 
• Question 1 What is the most reasonable way to deal with outdated technology that cannot conform to an organization's security policies?
• Question 2 To be effective, which of the following must follow security policies?
• Question 3 Conducting __________ can be an effective security awareness program solution.
• Question 4 Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________. 
• Question 5 The primary objective of a security awareness program is to _________.
• Question 6 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?
• Question 7 What is a benefit of instructor-led classroom training for security awareness? 
• Question 8 Which of the following is generally not a part of a security awareness communications plan?
• Question 9 Which of the following methods is used to track compliance?
• Question 10 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list? 
• Question 11 Best practices for IT security policy compliance monitoring includes ___________.
• Question 12 Three major components of the ITIL life cycle are service transition, service operation, and service _________.
• Question 13 You want to identify active hosts on a network, detect open ports, and determine the operating system in use on servers. Which is the best tool to use? 
• Question 14 Nessus® is a type of _______________. 
• Question 15 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?
• Question 16 Which organizational committee ensures that an external service provider is meeting the service level agreement (SLA) in the contract?
• Question 17 ___________ is/are key to security policy enforcement.
• Question 18 In a large organization, what is the name of the entity that reviews technology activity and provides approvals before a project or activity can proceed to the next stage?
• Question 19 When monitoring an employee's Internet use, which of the following can potentially violate an employee's rights?
• Question 20 What is the name of a common control that is used across a significant population of systems, applications, and operations? 
• Question 21 Which of the following is a manual control for enforcing security policies?Before an incident can be declared, the IRT must develop an incident ________ for incident response.
• Question 22 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?  
• Question 23 During which phase of incident response do IRT members recover from the attack and resume operations?  
• Question 24 During which phase of incident response do IRT members stop the attack and gather evidence?
• Question 25 During which phase of incident response do IRT members stop the attack and gather evidence? 
• Question 26 Triage is performed during which phase of incident response?
• Question 27 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?
• Question 28 When analyzing an IT incident, which of the following is not something you need to identify?
• Question 29 When reporting an incident, the IRT team must first classify the _________ of the incident 
• Question 30 A System Use Notification standard describes the on-screen display of system notification messages, such as a legal notice that the user is accessing a protected system. With which IT domain is this standard primarily associated? 
• Question 31 A LAN Domain policy would include guidelines for which of the following? 
• Question 32 A Separation of Environments standard establishes the need to separate the development environment from the production environment. With which IT domain is this standard primarily associated?
• Question 33 A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?
• Question 34 Baseline standards for the LAN Domain would include ____________. 
• Question 35 Which of the following documents describes core control requirements for framework policies?
• Question 36 A PKI uses public and private ______ for the secure exchange of information.
• Question 37 When classifying documents in a business, the data owner must strike a balance between protection and _____________.
• Question 38 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?
• Question 39 In a business classification scheme, which classification refers to routine communications within the organization?
• Question 40 Before a BCP can be completed, a(n) _________ must first be completed and agreed upon by all the key departments within the organization. 
• Question 41 Regarding data classification, what does "declassification" mean? 
• Question 42 Which U.S. government data classification refers to confidential data that's not subject to release under the Freedom of Information Act?  
• Question 43 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?  
• Question 44 Which of the following is not a primary reason a business classifies data? 
• Question 45 Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take? 
• Question 46 Which of the following is generally not true of contractor workers?
• Question 47 What is an example of "hardening"?
• Question 48 Who is most likely to have the least amount of security awareness about your organization? 
• Question 49 Who evaluates an organization's technology controls and risks for compliance with internal security policies or regulations? 
• Question 50 Which type of agreement would you have a contract system administrator (temporary worker) sign?

Write a review

Your Name:


Your Review: Note: HTML is not translated!

A   B   C   D   F  

Enter the code in the box below:



Assignment Cloud © 2020 All Rights Reserved