CIS 462 Midterm Exam All Possible Questions

CIS 462 Midterm Exam All Possible Questions



(1) The use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?

(2) Which of the following is not one of the four domains of the COBIT framework for ISS management?

(3) What is the primary goal of business process reengineering?

(4) Passwords and biometrics are most closely associated with which of the following?

(5) What does COBIT stand for?

(6) Which of the following is optional, and sets the parameters within which the others can be used?

(7) Which of the following is not true of segmented networks?

(8) You are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?

(9) A policy that addresses the use of personal mobile devices, such as a smartphone, to access an internal business network is an issue of which IT domain?

(10) After entering your user name and password, you enter a number displayed on a security token to gain access to your company’s network. Which type of authentication method does the security token represent?

(11) In the Workstation Domain, ____________ is the best method of reducing the risk of information leakage.

(12) Authentication and encryption of intranet traffic is a _______ Domain issue.

(13) __________ is the ability to reasonably ensure conformity and adherence to both internal and external policies, standards, procedures, laws, and regulations.

(14) What is included in an IT policy framework?

(15) Incident reporting, incident management, and user ID addition/removal are examples of which of the following?

(16) Which of the following are written instructions on how to comply with standards?

(17) What is something you can measure against to demonstrate value, such as gauging if you’ve reasonably covered risks in your organization?

(18) Which personality type tends to be best suited for delivering security awareness training?

(19) In Kotter’s change model, which step is generally part of informal discussions rather than part of the formal implementation process?

(20) A primary reason why security policies often fail is ___________.

(21) Which of the following is not true of security policy enforcement?

(22) In Kotter’s change model, in which step does the ISO work with line management to collect metrics for assessing the policies’ effectiveness and ensure metrics are meaningful?

(23) Which personality type tends to be associated with good leaders?

(24) The basic elements of motivation include pride, success, and __________.

(25) Disaster recovery and tape backups are examples of which type of security control?

(26) What is the primary role of a security policy evangelist?

(27) Before you begin security policy awareness training, what is the first step you should take to help ensure success?

(28) Which of the following is not a security awareness training best practice?

(29) When publishing an internal security policy or standard, which role or department usually gives final approval?

(30) One of the key factors of a successful implementation of an organization-wide security policy
is _______________.

(31) A business _______ emerges when an organization cannot meet its obligation or duty.

(32) Which of the following is a physical control?

(33) What does “tone at the top” refer to?

(34) Which of the following is not a typical method of protecting intellectual property (IP)?

(35) A procedure for cleaning a virus from a system is an example of which type of security control?

(36) An organization’s security awareness program is an example of which type of security control?

(37) Which of the following is a key measurement of an organization’s risk appetite?

(38) The core requirement of an automated IT security control library is that the information is ________.

(39) Who is responsible for executing policies and procedures, such as backup and versioning?

(40) Which IT framework extends the COBIT framework and is a comprehensive risk management approach?

(41) In the financial services sector, the use of the “three lines of defense” includes the business unit (BU), a risk management program, and ______________.

(42) Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?

(43) ___________ refers to the degree of risk an organization is willing to accept.

(44) To which sector does the Gramm-Leach-Bliley Act apply primarily?

(45) To protect information systems and assess risk, NIST standards describe inventorying hardware and software, categorizing risk levels, and which controls to apply, among others. One standard involves certification and accreditation. What is the purpose of this process?

(46) Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used?

(47) Which law applies to educational institutions and protects students’ records?

(48) Which of the following is not a key component that must be covered in an organization’s security policy for CIPA compliance?

(49) A popular social networking site recently changed its privacy policy regarding personal profiles. To prevent your profile information from being shared with anyone on the Internet, you must check a box requesting privacy. What is this an example of?

(50) Which of the following focuses on the payment card industry?