Computer Science Homework Help

Take Test: Quiz #2

Content

Assistive Technology Tips [opens in new window]

Test Information

Instructions

Description
Instructions
Multiple Attempts	This test allows 2 attempts. This is attempt number 1.
Force Completion	This test can be saved and resumed later.

Question Completion Status:

QUESTION 1

• Awareness programs are separated into two parts: awareness and approval. The purpose of awareness is to provide employees a better understanding of security risks. The goal of approval is to gain the buy-in of all employees on the effectiveness of the program after they have demonstrated awareness.

True 
False 





2.00000 points

QUESTION 2

• The different concepts in the architecture operating model are aligned with how the business chooses to integrate and standardize with an enterprise solution. In the___________________, the technology solution shares data across the enterprise.

• coordinated operating model
• diversified operating model
• replicated operating model
• unified operating model

2.00000 points

QUESTION 3

• Of the principles that can be used to derive control requirements and help make implementation decisions, which principle functions as a deterrent control and helps to ensure that people understand they are solely responsible for actions they take while using organization resources?

• awareness principle
• accountability principle
• ethics principle
• timeliness principle

2.00000 points

QUESTION 4

• Because policies and standards are a collection of comprehensive definitions that describe acceptable and unacceptable human behavior, it is important that they contain a significant level of detail and description and address the six key questions who, what, where, when, why, and how.

True 
False 





2.00000 points

QUESTION 5

• Before publishing major policy changes, it can be beneficial to conduct a _______________ in order to offer employees an explanation of the upcoming changes and create a space for dialogue.

• roadshow
• town-hall meeting
• presentation
• lunch and learn

2.00000 points

QUESTION 6

• The security controls that are categorized based on what the control does are as follows: administrative controls, technical security controls, and physical security controls.

True 
False 





2.00000 points

QUESTION 7

• Policy and standards often change as a result of business drivers. One such driver, known as ___________________, occurs when business shifts and new systems or processes are incorporated; these business shifts and new systems and processes may differ from what a standard or policy requires.

• business-as-usual developments
• business technology innovations
• business innovations
• business exceptions

2.00000 points

QUESTION 8

• Evangelists are exemplary people who often who stand out during awareness sessions or other training opportunities and who can be called upon for their potential to serve as advocates for information security. These people can help their teams, departments, and groups address questions related to compliance requirements.

True 
False 





2.00000 points

QUESTION 9

• The_____________________ principle states that it is important to consider your users or partners when requiring information that could place their privacy rights at risk. Thus, the security of an information system should be balanced against the rights of customers, users, and other people affected by the system versus your rights as the owners and operators of these systems.

• democracy
• least privilege
• separation of duty
• adversary

2.00000 points

QUESTION 10

• When a company is following the proportionality principle in its policy creation, the security levels, costs, practices, and procedures are all appropriate and proportionate to the degree of reliance on the system and the value of the data.

True 
False 





2.00000 points

QUESTION 11

• Research shows that projects dedicated to information security policies fail due to eight common perceived missteps. Which of the following is not one of the missteps?

• Unclear purpose: This refers to the clarity of value the project brings.
• Doubt: This refers to the need for change; it is necessary to explain why what is in place today is not good enough.
• Lack of organizational incentives: This refers to the inability to motivate behaviors
• Lack of complexity: This refers to an oversimplication of policies that sacrifices depth and nuance.

2.00000 points

QUESTION 12

• Business leaders rely on technology roles to be accountable for implementing security policies, monitoring their adherence, and managing day-to-day activities. The role of ______________, for example, is to be accountable for ensuring only the access that is needed to perform day-to-day operations is granted

• data owner
• data manager
• data user
• data custodian

2.00000 points

QUESTION 13

• Motivated employees are far more likely to embrace the implementation security policies, but this does not correlate to more risks being identified and mitigated for the organization. Rather, it creates a more comfortable work environment.

True 
False 





2.00000 points

QUESTION 14

• When an organization implements a division of labor, the depth and quality is higher. The result is the organization grows, along with operating costs. An organization needs to divide labor in such a way that it can create quality, remain competitive, and control operating costs.

True 
False 





2.00000 points

QUESTION 15

• When going through the steps to create a vision for change, it is valuable to find a leader in your organization who can be an agent of change; someone who doesn’t follow the pack, who can think outside the box, and can steer the organization through the politics of creating change.

True 
False 





2.00000 points

QUESTION 16

• Motivation consists of being enthusiastic, energized, and engaged to achieve a goal or objective. The three basic elements of motivation are pride, self-interest, and success.

True 
False 





2.00000 points

QUESTION 17

• The struggle between how to manage a business versus how to “grow” has significant implications for security policies that must reflect the core values of the business. Which of the following statements reflects one of the security policy approaches often taken by entrepreneurs growing a business?

• A company in its early startup stages focuses on stability and seeks to avoid risk.
• A company starts growing its bureaucracy as early in its development as possible.
• A company in its startup stages often hires professional managers and defers to their judgment about how to create the business culture.
• A company in high-growth mode focuses on agility and innovation and tends to have a greater acceptance of risk.

2.00000 points

QUESTION 18

• Although an organization’s list of stakeholders will vary depending on the policy being implemented, there are stakeholders who can be seen commonly across organizations. What is the key focus of stakeholders in information security?

• timely delivery of high-quality products and services at competitive prices
• compliance with laws and regulations
• keeping operations within risk tolerances
• protection of the company and the customer

2.00000 points

QUESTION 19

• In a large organization, the complexity required to keep operations running effectively requires a hierarchy of specialties. Thus, which of following organizational structures is preferred?

• flat organizational structure
• matrix relationship structure
• hierarchical organizational structure
• change agent structure

2.00000 points

QUESTION 20

• In order to build a coalition, it’s the responsibility of the chief information security officer (CISO) to reach out to stakeholders, explain the policy change, and listen to concerns. Many organizations have what are called control partners, who give input before a policy change can be made. Which of the following is not an example of control partners found in many large organizations?

• internal auditors
• operational risk managers
• data custodians
• legal professionals

2.00000 points

QUESTION 21

• In 2010, a major restaurant the chain suffered a network breach when malware was discovered to have collected customer credit card information that was later stolen by an outside party. Such a breach was a PCI DSS framework violation. Which of the following actions is the first step that should have been taken to ensure the PCI DSS framework was safely protecting the credit card information?

• network segregation
• penetration testing
• monitoring
• virus scanning

2.00000 points

QUESTION 22

• The ________________ domain ensures risks are diminished and remediated in the most cost-effective manner. To prevent risk from increasing in severity and scope, this domain coordinates risk responses ensuring that the right people are engaged when appropriate.

• risk response
• risk governance
• risk evaluation
• risk acceptance

2.00000 points

QUESTION 23

• In the financial services sector, some organizations have implemented a three-lines-of defense model. What does the use of this model suggest about an organization’s structure?

• The management has a good understanding of organizational culture.
• The organization has an effective training model in place.
• This organization uses a layered approach that creates a separation of duties.
• The management is out of step with the organizational culture.

2.00000 points

QUESTION 24

• IT security frameworks like COSO, COBIT, and ISO only have one thing in common: they are all risk-based.

True 
False 





2.00000 points

QUESTION 25

• With a framework in place, controls and risk become more measurable. The ability to measure the enterprise against a set of standards and controls assures regulators of compliance and helps reduce uncertainty.

True 
False 





2.00000 points

QUESTION 26

• The members of the _________________ committee help create priorities, remove obstacle, secure funding, and serve as a source of authority. Members of the _______________ committee, however, are leaders across the organization.

• executive, security
• security, executive
• audit, security
• executive, operational risk

2.00000 points

QUESTION 27

• The operational risk committee has the ability to determine which business activities are riskier than others. For example, if a business wants to sell product on the Internet for the first time, then the risk committee would need to understand the wide-ranging risks involved as well as the organization’s security capability.

True 
False 





2.00000 points

QUESTION 28

• An illustration of ________________ would be an organization installing malware software on the network and endpoint, monitoring for suspicious traffic, and responding as needed.

• risk governance
• disposal of risk
• strategic risk
• risk evaluation

2.00000 points

QUESTION 29

• Because regulatory compliance is a significant effort, some organizations engage full-time teams to collect, review, and report in an attempt to demonstrate that regulations are being followed. However, creating these full-time teams redirects business protection resources needlessly. A better strategy is to create an IT policies framework that defines security controls that aligns with policies and regulations.

True 
False 





2.00000 points

QUESTION 30

• Also known as the Federal Information Processing Standards (FIPS), the_______________ framework is a shared set of security standards required by the Federal Information Security Management Act (FISMA).

• NIST
• PCI DSS
• ISO
• COBIT

2.00000 points

QUESTION 31

• ISO/IEC 27002 covers the three aspects of the information security management program: managerial, operational, and technical activities. All three must be present in any IT security program for comprehensive coverage.

True 
False 





2.00000 points

QUESTION 32

• Which of the following topics describes the process of building security into applications?

• asset management
• physical and environmental security
• systems acquisition, development, and maintenance
• information security aspects of business continuity management

2.00000 points

QUESTION 33

• When implementing a framework, the two main considerations for implementation are _____________ and _____________.

• platform, infrastructure
• cost, impact
• cost, infrastructure
• impact, granularity

2.00000 points

QUESTION 34

• It is often the case that a security manager must make tough management decisions when defining the scope of a program. For example, the manager may need to decide how the program applies to contractors who connect to the company’s systems.

True 
False 





2.00000 points

QUESTION 35

• Which of the following statements captures the function of guidelines presented in guidance documents for IT security?

• Guidelines may present conventional thinking on a specific topic and seldom require revision.
• Guidelines are generally mandatory, and failing to follow them explicitly can lead to compliance issues.
• Guidelines assist people in creating unique and distinct procedures or processes that are specific to the needs of a particular company’s IT security needs.
• Guidelines provide those who implement standards/baselines more detailed information such as hints, tips, and processes to ensure compliance.

2.00000 points

QUESTION 36

• One of the components of a useful structure for issue-specific standards is the points of contact section, which lists the areas of the organization responsible for the implementation of policies. Those in these areas are the subject matter experts, or SMEs, who interpret the policy and ensure that there are controls to enforce the policy. This section may also identify other applicable standards or guidelines.

True 
False 





2.00000 points

QUESTION 37

• In an issue-specific standard, the ___________________________section defines a security issue and any relevant terms, distinctions, and conditions.

• definition of roles and responsibilities
• statement of applicability
• statement of the organization’s position
• statement of an issue

2.00000 points

QUESTION 38

• Of the roles commonly found in the development, maintenance, and compliance efforts related to a policy and standards library, which of the following has the responsibilities of directing policies and procedures designed to protect information resources, identifying vulnerabilities, and developing a security awareness program?

• information resources manager
• information resources security officer
• control partners
• CISO

2.00000 points

QUESTION 39

• A procedure is a written instruction on how to comply with a standard. Procedures can be generalized to apply to all employees and can be accessed at any time.

True 
False 





2.00000 points

QUESTION 40

• The security posture of an organization is usually expressed in terms of ___________________, which generally refers to how much risk an organization is willing to accept to achieve its goal, and ____________________, which relates how much variance in the process an organization will accept.

• risk assessment, risk manageability
• risk tolerance, risk appetite
• risk awareness, risk reduction
• risk appetite, risk tolerance

2.00000 points

Click Save and Submit to save and submit. Click Save All Answers to save all answers.