QUESTION 1 Which of the following were actions the textbook listed as guides to manage IT security. Work with users to make everyone more secure. Avoid the risks. Get mid-level management buy-in. Evaluate your environment’s needs, exposures, and defenses. 8 points QUESTION 2 Which of the following are categories you would be likely to see at a mid-year budget review? Actual amount spent year to date Actual amount spent for the month Variance against budget (an over/under amount indicating how well you are doing compared to the expected amount based on your original budget) Variance against last year (an over/under amount indicating if you are spending more or less for the same items as last year) 8 points QUESTION 3 You should always try to get your server and storage environment on a single diagram. True False 6 points QUESTION 4 What are the two things a control mechanism provide? Audit trail and evidence Appropriate checks and balances Best effort and assurance Policy and procedure 6 points QUESTION 5 The goal of your audit should be to clearly determine the __________ you are facing. regulations level of risk degree of compliance level of work 6 points QUESTION 6 __________ is a solution that allows users to authenticate once to the network and then have access to all applications and resources for which he has been granted permission, without having to enter additional IDs and passwords. Single Sign-On Two-Factor Authentication Challenge-Response Account Provision 6 points QUESTION 7 Where were some locations the textbook suggested as potentially good places for physical copies of infrastructure documentation to be located? Computer Room Break room Cubical Walls of the help desk personnel Your home 6 points QUESTION 8 How many process areas does CMMI have? 5 6 25 21 6 points QUESTION 9 What two things need to happen for a policy to help ensure that all employees (both IT and users) are aware of it and that it can be applied consistently? It must be approved by both the auditors and compliance groups The business unit and individual owners must be listed It should be documented and posted It should be tied to a regulation and indexed 6 points QUESTION 10 What can be used to “trap” data to and from a particular device or can be used to look for particular content. A Packet Sniffer Network Access Controls A Packet Internet Groper An IPS Appliance 6 points QUESTION 11 A(n) __________ is generally used to gather preliminary information about a vendor in order to see if they meet some basic requirements. RFP POC RISC RFI 6 points QUESTION 12 Which of the following are issues that IT should care about and standardize on? Operating systems Monitor size Software configuration Hardware configurations 8 points QUESTION 13 The textbook referred to a 2011 Ponemon Institute survey. That survey indicated __________ was the most common cause of a security breach. Negligence Insider attack Malicious attack Criminal attack 6 points QUESTION 14 In hard times, what are the things you should bring to management to show your leadership? Be proactive Adjust your priorities properly Be willing to react quickly to decisions Come to the table with ideas 6 points QUESTION 15 What are the kinds of things a good inventory can help you discover? Non-functional Resources New departments Overutilized Resources Outdated Technology 8 points QUESTION 16 One comforting thought with Information Security is that whether you are a virtual company or if you have a traditional office setting, your security priorities and concerns are the same. True False 6 points QUESTION 17 __________ is a technique for gathering confidential or privileged information by simply asking for it. Phishing Malware Hacking Social engineering 6 points QUESTION 18 Which of the following are benefits of standardizing your technology? Eases support burden Requires fewer kinds of spares Locks you into a smaller set of vendors Makes it harder to detect shadow IT 8 points QUESTION 19 Which of the following is not part of the IT Infrastructure Library? Control activities The business perspective Planning to implement service management Strategic alignment 8 points QUESTION 20 Which of the following was not identified as common type of contact you would likely have with a vendor? Billing Technical Support Sales Development 6 points QUESTION 21 __________ is usually defined as any data that can be used (either alone or with other data and sources) to identify a person. Personal Health Information Protected Health Information Personally Identifiable Information Personal Identity Information 6 points QUESTION 22 What is the commonly used name for the Public Company Accounting Reform and Investor Protection Act of 2002? Gramm-Leach-Bliley SEC’s Rule 17a-4 Sarbanes-Oxley Basel II 6 points QUESTION 23 Which of the following is not one of the common points for deciding to refresh technology? The technology is no longer meeting your needs The technology is holding up other IT projects The technology presents risks to the environment Vendor support is available, and not cost prohibitive 6 points QUESTION 24 In general with leasing situations, you make arrangements to purchase a piece of hardware, but the leasing company makes the actual purchase. True False 5 points QUESTION 25 This is the practice of trying to get information from people by lying to them over the computer. Fraud Smishing Phishing Social engineering 6 points QUESTION 26 Match the terms to their descriptions. - A. B. C. D. Spyware - A. B. C. D. Trojan horses - A. B. C. D. Rootkits - A. B. C. D. Worms A. A set of modifications to the operating system that is designed primarily to hide malicious activity. B. Programs that appear to be legitimate, but in fact are malicious. C. Self-contained programs that replicate themselves usually via the network or e-mail attachments. D. Software that monitors a user’s activity, often to collect account numbers, passwords, etc. 6 points QUESTION 27 Information regarding your company’s mobile equipment should include which of the following: Storage Capacity Model Carrier Operating System 6 points QUESTION 28 According to Financial Accounting Standards Board (FASB) Statement 13, a lease is considered a capital lease if it meets any one of the following criteria, except: The lease term is equal to or greater than 75 percent of the estimated life of the leased property (e.g., the lease term is six years and the estimated life is eight years). The lease transfers ownership of the property to the lessee by the end of the lease term.The lease contains an option to purchase the leased property at a bargain price. The lease contains an option to purchase the leased property at a bargain price. The present value of rental and other minimum lease payments equals or exceeds 90 percent of the fair value of the leased property regardless of any investment tax credit retained by the lessor. 6 points QUESTION 29 Outsourcing includes all but which of the following? The primary company can provide the service The secondary company chooses not to provide the service The primary company chooses not to provide the service The secondary company can provide services in question 6 points QUESTION 30 During the difficult times, you should be looking all but which of these areas: Demonstrating leadership Managing costsLooking for opportunities to leverage IT for increased business value Improving weak SLAs Demonstrating leadership 6 points QUESTION 31 Which of the following is not one of the common weaknesses found after a security assessment? Misconfigured Devices Weak Passwords Weak Internal Controls on People Outside “Fingerprints” 6 points QUESTION 32 Which of the following is not usually found in a Wide Area Network schematic? DMZs site locations location of switches firewalls 6 points QUESTION 33 Which organization is closely identified with the Control Objectives for Information and Related Technology framework? (ISC)2 NIST ISO ISACA 6 points QUESTION 34 This method of risk analysis generates an analysis of the risks facing an organization and is based on experience, judgment, and intuition. Qualitative Subjective Quantitative Rational 6 points QUESTION 35 The benefit of __________ individual departments is that those departments become more cost conscious of their IT uses and requirements. underestimating budgets by budgeting everything at charging expenses back to overestimating budgets by 6 points QUESTION 36 The textbook suggests that IT department provide whatever the user asks for regarding ergonomic devices and ant-glare screens. True False 5 points QUESTION 37 One of the contractual I stressed in the lecture that can cause a contract to be rejected by the legal team, even though the product is exactly what you need to purchase was the: Absence of an automatic renewal provision The SLA is too generic Choice of Law Provision Limited Indemnity Clause 6 points QUESTION 38 The textbook mentioned that _____ of people never change their banking password. 41% 32% 14% 23% 6 points QUESTION 39 Proof that you can provide to anyone who might ask (e.g., lawyers, regulators, auditors) that you are actually operating by the established policies is often considered __________. A hidden benefit of maintaining evidence A hidden benefit of educating your employees A hidden benefit of operational excellence A hidden benefit of control mechanisms 6 points QUESTION 40 If your project needs a new piece of hardware for a project that costs $10,000 and has a 5 year depreciation span, the amount of the expense in the year following the purchase is _____. $2,000 $0 $2,500 $1,500