CIS 462 FINAL EXAM A.docx - CIS 462 SECURITY AND STRATEGY FINAL EXAM Question 1 2 out of 2 points When constructing policies regarding data it is

CIS 462 FINAL EXAM A.docx - CIS 462 SECURITY AND STRATEGY...

This preview shows page 1 - 4 out of 15 pages.

CIS 462 SECURITY AND STRATEGY FINAL EXAM Question 1 2 out of 2 points When constructing policies regarding data _______________, it is important that these policies offer particular guidance on separation of duties (SOD), and that there are procedures that verify SOD requirements. Selected Answer: acce ss Correct Answer: acce ss Question 2 2 out of 2 points At Stanford University, data is labeled according to a classification scheme that identifies information in the following way: prohibited, restricted, confidential, and unrestricted. Which of the following schemes has Stanford adopted? Selected Answer: legal classification Correct Answer: legal classification Question 3 2 out of 2 points A risk exposure is defined as the impact to the organization when a situation transpires. The widely accepted formula for calculating exposure is as follows: Risk exposure =________________ the event will occur + ____________ if the event occurs Selected Answer:
Image of page 1
likelihood, impact Correct Answer: likelihood, impact Question 4 2 out of 2 points One of the most important approaches used to secure personal data is ________________, which is the process used to prove the identity of an individual. ______________, however, is the process used to enable a person’s access privileges. Selected Answer: authentication, authorization Correct Answer: authentication, authorization Question 5 2 out of 2 points The term ________________ denotes data that is being stored on devices like a universal serial bus (USB) thumb drive, laptop, server, DVD, CD, or server. The term ______________ denotes data that exists in a mobile state on the network, such as data on the Internet, wireless networks, or a private network. Selected Answer: data at rest, data in transit Correct Answer: data at rest, data in transit Question 6 2 out of 2 points Despite the fact that there exists no mandatory scheme of data classification for private industry, there are four classifications used most frequently. Which of the following is not one of the four? Selected Answer: moderately sensitive Correct Answer: moderately sensitive
Image of page 2
Question 7 2 out of 2 points Consider this scenario: A major software company finds that code has been executed on an infected machine in its operating system. As a result, the company begins working to manage the risk and eliminates the vulnerability 12 days later. Which of the following statements best describes the company’s approach? Selected Answer: The company effectively implemented patch management. Correct Answer: The company effectively implemented patch management. Question 8 2 out of 2 points Which of the following statements does not offer an explanation of what motivates an insider to pose a security risk? Selected Answer: An individual might think that threatening to disclose security information will earn the attention and recognition from the organization and thus result in promotion.
Image of page 3
Image of page 4

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture