Infosec leadership
QUESTION 1
Which of the following were actions the textbook listed as guides to manage IT security.
Work with users to make everyone more secure.
Avoid the risks.
Get mid-level management buy-in.
Evaluate your environment’s needs, exposures, and defenses.
8 points
QUESTION 2
Which of the following are categories you would be likely to see at a mid-year budget review?
Actual amount spent year to date
Actual amount spent for the month
Variance against budget (an over/under amount indicating how well you are doing compared to the expected amount based on your original budget)
Variance against last year (an over/under amount indicating if you are spending more or less for the same items as last year)
8 points
QUESTION 3
You should always try to get your server and storage environment on a single diagram.
True
False
6 points
QUESTION 4
What are the two things a control mechanism provide?
Audit trail and evidence
Appropriate checks and balances
Best effort and assurance
Policy and procedure
6 points
QUESTION 5
The goal of your audit should be to clearly determine the __________ you are facing.
regulations
level of risk
degree of compliance
level of work
6 points
QUESTION 6
__________ is a solution that allows users to authenticate once to the network and then have access to all applications and resources for which he has been granted permission, without having to enter additional IDs and passwords.
Single Sign-On
Two-Factor Authentication
Challenge-Response
Account Provision
6 points
QUESTION 7
Where were some locations the textbook suggested as potentially good places for physical copies of infrastructure documentation to be located?
Computer Room
Break room
Cubical Walls of the help desk personnel
Your home
6 points
QUESTION 8
How many process areas does CMMI have?
5
6
25
21
6 points
QUESTION 9
What two things need to happen for a policy to help ensure that all employees (both IT and users) are aware of it and that it can be applied consistently?
It must be approved by both the auditors and compliance groups
The business unit and individual owners must be listed
It should be documented and posted
It should be tied to a regulation and indexed
6 points
QUESTION 10
What can be used to “trap” data to and from a particular device or can be used to look for particular content.
A Packet Sniffer
Network Access Controls
A Packet Internet Groper
An IPS Appliance
6 points
QUESTION 11
A(n) __________ is generally used to gather preliminary information about a vendor in order to see if they meet some basic requirements.
RFP
POC
RISC
RFI
6 points
QUESTION 12
Which of the following are issues that IT should care about and standardize on?
Operating systems
Monitor size
Software configuration
Hardware configurations
8 points
QUESTION 13
The textbook referred to a 2011 Ponemon Institute survey. That survey indicated __________ was the most common cause of a security breach.
Negligence
Insider attack
Malicious attack
Criminal attack
6 points
QUESTION 14
In hard times, what are the things you should bring to management to show your leadership?
Be proactive
Adjust your priorities properly
Be willing to react quickly to decisions
Come to the table with ideas
6 points
QUESTION 15
What are the kinds of things a good inventory can help you discover?
Non-functional Resources
New departments
Overutilized Resources
Outdated Technology
8 points
QUESTION 16
One comforting thought with Information Security is that whether you are a virtual company or if you have a traditional office setting, your security priorities and concerns are the same.
True
False
6 points
QUESTION 17
__________ is a technique for gathering confidential or privileged information by simply asking for it.
Phishing
Malware
Hacking
Social engineering
6 points
QUESTION 18
Which of the following are benefits of standardizing your technology?
Eases support burden
Requires fewer kinds of spares
Locks you into a smaller set of vendors
Makes it harder to detect shadow IT
8 points
QUESTION 19
Which of the following is not part of the IT Infrastructure Library?
Control activities
The business perspective
Planning to implement service management
Strategic alignment
8 points
QUESTION 20
Which of the following was not identified as common type of contact you would likely have with a vendor?
Billing
Technical Support
Sales
Development
6 points
QUESTION 21
__________ is usually defined as any data that can be used (either alone or with other data and sources) to identify a person.
Personal Health Information
Protected Health Information
Personally Identifiable Information
Personal Identity Information
6 points
QUESTION 22
What is the commonly used name for the Public Company Accounting Reform and Investor Protection Act of 2002?
Gramm-Leach-Bliley
SEC’s Rule 17a-4
Sarbanes-Oxley
Basel II
6 points
QUESTION 23
Which of the following is not one of the common points for deciding to refresh technology?
The technology is no longer meeting your needs
The technology is holding up other IT projects
The technology presents risks to the environment
Vendor support is available, and not cost prohibitive
6 points
QUESTION 24
In general with leasing situations, you make arrangements to purchase a piece of hardware, but the leasing company makes the actual purchase.
True
False
5 points
QUESTION 25
This is the practice of trying to get information from people by lying to them over the computer.
Fraud
Smishing
Phishing
Social engineering
6 points
QUESTION 26
Match the terms to their descriptions.
– A. B. C. D.
Spyware
– A. B. C. D.
Trojan horses
– A. B. C. D.
Rootkits
– A. B. C. D.
Worms
A.
A set of modifications to the operating system that is designed primarily to hide malicious activity.
B.
Programs that appear to be legitimate, but in fact are malicious.
C.
Self-contained programs that replicate themselves usually via the network or e-mail attachments.
D.
Software that monitors a user’s activity, often to collect account numbers, passwords, etc.
6 points
QUESTION 27
Information regarding your company’s mobile equipment should include which of the following:
Storage Capacity
Model
Carrier
Operating System
6 points
QUESTION 28
According to Financial Accounting Standards Board (FASB) Statement 13, a lease is considered a capital lease if it meets any one of the following criteria, except:
The lease term is equal to or greater than 75 percent of the estimated life of the leased property (e.g., the lease term is six years and the estimated life is eight years).
The lease transfers ownership of the property to the lessee by the end of the lease term.The lease contains an option to purchase the leased property at a bargain price.
The lease contains an option to purchase the leased property at a bargain price.
The present value of rental and other minimum lease payments equals or exceeds 90 percent of the fair value of the leased property regardless of any investment tax credit retained by the lessor.
6 points
QUESTION 29
Outsourcing includes all but which of the following?
The primary company can provide the service
The secondary company chooses not to provide the service
The primary company chooses not to provide the service
The secondary company can provide services in question
6 points
QUESTION 30
During the difficult times, you should be looking all but which of these areas:
Demonstrating leadership
Managing costsLooking for opportunities to leverage IT for increased business value
Improving weak SLAs
Demonstrating leadership
6 points
QUESTION 31
Which of the following is not one of the common weaknesses found after a security assessment?
Misconfigured Devices
Weak Passwords
Weak Internal Controls on People
Outside “Fingerprints”
6 points
QUESTION 32
Which of the following is not usually found in a Wide Area Network schematic?
DMZs
site locations
location of switches
firewalls
6 points
QUESTION 33
Which organization is closely identified with the Control Objectives for Information and Related Technology framework?
(ISC)2
NIST
ISO
ISACA
6 points
QUESTION 34
This method of risk analysis generates an analysis of the risks facing an organization and is based on experience, judgment, and intuition.
Qualitative
Subjective
Quantitative
Rational
6 points
QUESTION 35
The benefit of __________ individual departments is that those departments become more cost conscious of their IT uses and requirements.
underestimating budgets by
budgeting everything at
charging expenses back to
overestimating budgets by
6 points
QUESTION 36
The textbook suggests that IT department provide whatever the user asks for regarding ergonomic devices and ant-glare screens.
True
False
5 points
QUESTION 37
One of the contractual I stressed in the lecture that can cause a contract to be rejected by the legal team, even though the product is exactly what you need to purchase was the:
Absence of an automatic renewal provision
The SLA is too generic
Choice of Law Provision
Limited Indemnity Clause
6 points
QUESTION 38
The textbook mentioned that _____ of people never change their banking password.
41%
32%
14%
23%
6 points
QUESTION 39
Proof that you can provide to anyone who might ask (e.g., lawyers, regulators, auditors) that you are actually operating by the established policies is often considered __________.
A hidden benefit of maintaining evidence
A hidden benefit of educating your employees
A hidden benefit of operational excellence
A hidden benefit of control mechanisms
6 points
QUESTION 40
If your project needs a new piece of hardware for a project that costs $10,000 and has a 5 year depreciation span, the amount of the expense in the year following the purchase is _____.
$2,000
$0
$2,500
$1,500
