96%(167)160 out of 167 people found this document helpful
This preview shows page 1 - 4 out of 15 pages.
CIS 462 SECURITY AND STRATEGY FINAL EXAMQuestion 12 out of 2 pointsWhen constructing policies regarding data _______________, it is important that these policies offer particular guidance on separation of duties (SOD),and that there are procedures that verify SOD requirements.Selected Answer:accessCorrect Answer:accessQuestion 22 out of 2 pointsAt Stanford University, data is labeled according to a classification schemethat identifies information in the following way: prohibited, restricted, confidential, and unrestricted. Which of the following schemes has Stanford adopted?Selected Answer:legal classificationCorrect Answer:legal classificationQuestion 32 out of 2 pointsA risk exposure is defined as the impact to the organization when a situation transpires. The widely accepted formula for calculating exposure is as follows: Risk exposure =________________ the event will occur + ____________ if the event occursSelected Answer:
likelihood, impactCorrect Answer:likelihood, impactQuestion 42 out of 2 pointsOne of the most important approaches used to secure personal data is ________________, which is the process used to prove the identity of an individual. ______________, however, is the process used to enable a person’s access privileges.Selected Answer:authentication, authorizationCorrect Answer:authentication, authorizationQuestion 52 out of 2 pointsThe term ________________ denotes data that is being stored on devices likea universal serial bus (USB) thumb drive, laptop, server, DVD, CD, or server. The term ______________ denotes data that exists in a mobile state on the network, such as data on the Internet, wireless networks, or a private network.Selected Answer:data at rest, data in transitCorrect Answer:data at rest, data in transitQuestion 62 out of 2 pointsDespite the fact that there exists no mandatory scheme of data classification for private industry, there are four classifications used most frequently. Which of the following is notone of the four?Selected Answer:moderately sensitiveCorrect Answer:moderately sensitive
Question 72 out of 2 pointsConsider this scenario: A major software company finds that code has been executed on an infected machine in its operating system. As a result,the company begins working to manage the risk and eliminates the vulnerability 12 days later. Which of the following statements best describes the company’s approach?Selected Answer:The company effectively implemented patch management.Correct Answer:The company effectively implemented patch management.Question 82 out of 2 pointsWhich of the following statements does notoffer an explanation of what motivates an insider to pose a security risk?Selected Answer:An individual might think that threatening to disclose security information will earn the attention and recognition from the organization and thus result in promotion.