Saint Leo COM590 Final Exam 100% Accurate
Question 1 (4 points)
Saved What is pretexting associated with?
Question 1 options:
Hiring personnel Communication between senior management and general employees Policy dissemination Social engineering
Question 2 (4 points)
Saved Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take?
Question 2 options:
SAP
AUP
None of the above
PAA
Question 3 (4 points)
Saved Which type of agreement would you have a contract system administrator (temporary worker) sign?
Question 3 options:
PAA
Both A and C
AUP
SAP
Question 4 (4 points)
Saved A standard for Web Services from an external provider would be part of which set of policies?
Question 4 options:
WAN Domain policies System/Application Domain policies User Domain policies LAN Domain policies
Question 5 (4 points)
Saved Which of the following would include information on firewalls that handle application traffic?
Question 5 options:
WAN Domain policies System/Application Domain policies LAN Domain policies User Domain policies
Question 6 (4 points)
Saved A LAN Domain policy would include guidelines for which of the following?
Question 6 options:
Telecommunications User access rights IDS and IPS architecture and management Applications
Question 7 (4 points)
Saved Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?
Question 7 options:
Secret Top Secret Confidential Unclassified
Question 8 (4 points)
Saved Which policy outlines the process by which a BCP and DRP plan is activated?
Question 8 options:
Server Policy Disaster Declaration Policy
RTP
Incident Policy
Question 9 (4 points)
Saved In a business classification scheme, which classification refers to routine communications within the organization?
Question 9 options:
Highly sensitive Public Internal Sensitive
Question 10 (4 points)
Saved Triage is performed during which phase of incident response?
Question 10 options:
Discovery Clean-up Containing and Minimizing Reporting Previous PageNext Page
Question 11 (4 points)
Saved Evidence from an incident must be documented and protected from the time it’s obtained to the time it’s presented in court. Which tool is used to document this evidence?
Question 11 options:
Writ of evidence Chain of custody Incident log Real evidence docket
Question 12 (4 points)
Saved According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?
Question 12 options:
An incomplete transaction Loss of a password Denial of Service attack Wi-Fi password loss
Question 13 (4 points)
Saved Before an incident can be declared, the IRT must develop an incident __________ for incident response.
Question 13 options:
procedure budget discovery process control
Question 14 (4 points)
Saved What is a benefit of instructor-led classroom training for security awareness?
Question 14 options:
Low cost Flexibility Both A and B Neither A nor B
Question 15 (4 points)
Saved What is a common consequence of failing to adhere to an acceptable use policy (AUP)?
Question 15 options:
Loss of computer privileges at work E-mail reminder Nothing; an AUP is only a guideline Disciplinary action
Question 16 (4 points)
Saved Implementing IT security policies is as much about __________ as it is about implementing controls.
Question 16 options:
changing attitudes changing personnel disciplinary actions budgeting
Question 17 (4 points)
Saved Which of the following is a common cause of security breaches?
Question 17 options:
Outsourced processing to vendors Improved training and security awareness Increased employee motivation Inadequate management and user decisions
Question 18 (4 points)
Saved What is the name of a common control that is used across a significant population of systems, applications, and operations?
Question 18 options:
Pervasive Enterprise Perpetual Persistent
Question 19 (4 points)
Saved __________ is/are key(s) to security policy enforcement.
Question 19 options:
IT personnel support Executive support Physical controls A communications plan
Question 20 (4 points)
Saved Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee’s right to privacy?
Question 20 options:
Encryption A risk assessment An acceptable use policy A data leakage protection system
Question 21 (4 points)
Saved Which of the following is least likely to indicate the effectiveness of an organization’s security policies?
Question 21 options:
Vulnerability assessments Detective controls Policy compliance reviews An incident response plan
Question 22 (4 points)
Saved Which organization created the Security Content Automation Protocol (SCAP) as part of its responsibilities under FISMA?
Question 22 options:
Microsoft The MITRE Corporation
US-CERT
NIST
Question 23 (4 points)
Saved A(n) __________ can include a computer’s full operating system, applications, and system settings, including security and configuration settings.
Question 23 options:
baseline image group policy patch
Question 24 (4 points)
Saved What does a configuration management database (CMDB) hold?
Question 24 options:
System configuration information Policy change documentation Security policies None of the above
Question 25 (4 points)
Saved What is a vulnerability window?
Question 25 options:
The time between when a new vulnerability is discovered and when software developers start writing a patch. The time required to image a computer. System downtime associated with a successful attack. The period of time during which an attacker may launch a DoS attack.