Chat with us, powered by LiveChat QUIZ 2(TCO 1) Why is it important to prepare written policies? It lets the poli - Writemia

QUIZ 2(TCO 1) Why is it important to prepare written policies? It lets the poli

QUIZ 2(TCO 1) Why is it important to prepare written policies?
It
lets the policies be communicated more easily.
This
helps to ensure consistency.
A
policy is part of the corporate culture.
It
is required by law.
In: Chapter 1, page 11
Points Received: 4 of 4
Comments:
Question 2. Question
:
(TCO 2) Which of the following is NOT a threat to data
confidentiality?
Hackers
Encryption
Improper
access controls
IN Social engineering
In: Chapter 3, page 67
Points Received: 0 of 4
Comments:
Question 3. Question
:
(TCO 1) Which of the following is MOST likely to reflect the
policy audience for a corporate ethics policy at Acme Manufacturing?
All Acme Manufacturg employees
and all vendors and service providers
All
full- and part-time employees of Acme Manufacturg and its subsidiaries
The
Acme Manufacturg board of directors
The
fance, human resources, and marketg departments of Acme Manufacturg
: Chapter
2, page 45
Pots Received: 0 of 4
Comments:
Question 4. Question
:
(TCO 2) Which of the followg are all federal regulations?
Sarbanes-Oxley,
IEEE 802.11, and NIST 800-34
GLBA,
HIPAA, and Sarbanes-Oxley
GLBA,
HIPAA, and IEEE 802.11
GLBA,
NIST 800-34, and Sarbanes-Oxley
: Chapter
2, page 41

Comments:
Question 5. Question
:
(TCO 1) When should formation security policies, procedures,
standards, and guideles be revisited?
As
dicated the policy
Never;
once they are written and published, they must be adhered to
Annually
When
dictated by change drivers
: Chapter
1, page 18
Pots Received: 0 of 4
Comments:
Question 6. Question
:
(TCO 2) What is a valid defition of data tegrity?
Knowg
that the data on the screen have not been tampered with
Data
that are encrypted
Data
that have not been accessed by unauthorized users
The
knowledge that the data are transmitted ciphertext only
: Chapter
3, page 69

Comments:
Question 7. Question
:
(TCO 1) What should be the consequences of formation
security policy violations?
Always
up to, and cludg, termation
Immediate
revocation of all user privileges
Commensurate
with the criticality of formation the policy was written to protect
Violations
cited the persons annual performance
review
: Chapter
1, page 24

Comments:
Question 8. Question
:
(TCO 2) Match the followg terms to their meangs.
: Change driver 2 : Any event that impacts culture,
procedures, and activities with an organization
: Acceptable use agreement 1
: List of actions that employees are not allowed to perform while usg
company-provided equipment
: Statement of authority 3
: troduction to the policy document
: Security policy document policy 4 : Policy about a policy
: Chapter
4, page 95

Comments:
Question 9. Question
:
(TCO 1) Which of the followg best describes how the
penalties defed the Policy Enforcement
Clause should relate to the fractions?
Any
fraction should result suspension or
termation.
The
same penalty should apply each time an fraction occurs.
The
penalty should be proportional to the level of risk curred as a result of the fraction.
Penalties
should be at the discretion of management.
: Chapter
2, page 48

Comments:
Question 10. Question
:
(TCO 2) Data tegrity is
protectg
the data from tentional or accidental disclosure.
makg
sure the data are always available when legitimately needed.
protectg
the data from tentional or accidental modification.
makg
sure the data are always transmitted encrypted format.
: Chapter
3, page 69

Comments:
Question 11. Question
:
(TCO 1) Which is the worst that may happen if formation
security policies are out of date or address technologies no longer used the organization?
People
may take the policies less seriously or dismiss them entirely.
Executive
management may become upset.
The
company may cur unnecessary costs to change them.
People
may not know which policy applies.
: Chapter
1, page 23

Comments:
Question 12. Question
:
(TCO 2) Which of the followg federal regulations pertas to
the medical field?
FERPA
GLBA
HIPAA
SOX
: Chapter
4, page 95

Comments:
Question 13. Question
:
(TCO 1) which of the
followg ways does understandg policy elements help you terpret your
organizations formation security policies?
Awareness
of policy elements helps you determe the strength of the policy and whether you
should take it seriously.
If
you understand policy elements, you will be able to change the policies.
Knowg
the purpose and goal of each section of the policy can help you better
understand the tent of the policy, as well as how the policy applies to you.
You
need to know the policy elements order
to determe which parts of the policy apply to you.

Question 14. Question
:
(TCO 2) Which of the followg federal regulations pertas to
the educational field?
FERPA
GLBA
HIPAA
SOX

Question 15. Question
:
(TCO 1) Which of the followg is an important function of the
statement of authority?
It
provides a bridge between an organizations core values and security
strategies.
It
dicates who to talk to if you want to request a change the policy.
It
describes the penalties for policy fractions.
It
references standards, guideles, and procedures that the reader can consult for
clarification of the policy.WEEK 4(TCO 3) Which section of the ISO 17799 deals with asset
classification?
2
3
4
5

Points Receied: 4 of 4
Comments:
Question 2. Question
:
(TCO 4) The age group most inclined to use an online job
search is
30
to 49.
18
to 29.
50
to 64.
None
of the aboe33% of persons across all age groups use online job searching.
Chapter
6, page 151
Points Receied: 4 of 4
Comments:
Question 3. Question
:
(TCO 5) In ISO 17799, an area where assets are protected
from man-made and natural harm is known as
secure
area.
mantrap.
company
property.
security
perimeter.
Chapter
7, page 186
Points Receied: 4 of 4
Comments:
Question 4. Question
:
(TCO 3) When it comes to information security, what is the
purpose of labeling?
Communicating
the sensitiity leel
Communicating
the access controls
Enforcing the access controls
Auditing
the access controls
Chapter
5, page 129
Points Receied: 0 of 4
Comments:
Question 5. Question
:
(TCO 4) A security clearance inestigation does NOT inole
research into a persons
character.
reliability.
family
connections.
trustworthiness.
Chapter
6, page 154
Points Receied: 4 of 4
Comments:
Question 6. Question
:
(TCO 5) The clear desk and clear screen policy is the way to
aoid which of the following kinds of physical attacks?
Shoulder
surfing
Reprinting
the last document from the fax machine
Looking
at papers on desks
All
of the aboe
Chapter
7, page 201
Points Receied: 4 of 4
Comments:
Question 7. Question
:
(TCO 3) Information needs to be handled according to
its
classification leel.
the
statement of authority.
the
access controls set forth in the asset management policy.
IN the access controls set forth in the
affirmation agreement.
Chapter
5, page 129
Points Receied: 0 of 4
Comments:
Question 8. Question
:
(TCO 4) Which of the following is a component of an
affirmation agreement?
Statement
of authority
Background
check
Job
description
Credit
history
Chapter
6, page 160
Points Receied: 4 of 4
Comments:
Question 9. Question
:
(TCO 5) What is the goal of the physical entry controls
policy?
Restrict
the knowledge of, access to, and actions within secure areas
Require
authorized users to be authenticated and isitors to be identified and labeled
Require
perimeter controls as appropriate
Make
sure the organization pays attention to potential enironmental hazards and
threats
Chapter
7, page 189
Points Receied: 4 of 4
Comments:
Question 10. Question
:
(TCO 3) This is known as the process of downgrading the
classification leel of an information asset.
Declassification
Classification
reiew
Reclassification
Asset
publication
Chapter
5, page 130
Points Receied: 4 of 4
Comments:
Question 11. Question
:
(TCO 4) Match each of the following with its example.
: Security education 3 :
Recertification training for the network administrator
: Security training : A
presentation on creating good passwords
:
Security awareness 1:
Posters reminding users to report security breaches
Chapter
6, page 165
Points Receied: 1.33 of 4
Comments:
Question 12. Question
:
(TCO 5) Which of the following might the working in secure
areas policy restrict from being brought into a facility?
Cameras
Recording
deices
Laptop
computers
All
of the aboe
Chapter
7, page 192
Points Receied: 4 of 4
Comments:
Question 13. Question
:
(TCO 3) When calculating the alue of an asset, which of the
following is NOT a criterion?
Cost
to acquire or deelop asset
Cost
to maintain and protect the asset
Cost
to disclose the asset
Reputation
Chapter 5, page 133
Points Receied: 0 of 4
Comments:
Question 14. Question
:
(TCO 5) According to the equipment siting and protection
policy, smoking, eating, and drinking will not be permitted
except in designated areas.
inside
the security perimeter.
under
any circumstances.
in
areas where equipment is located.

Question 15. Question
:
(TCO 3) A qualitatie approach to an analysis uses
hard
numbers.
statistics.
expert
opinions.
general
population sureys.
Chapter
5, page 137
Points Receied: 4 of 4
Comments:WEEK 6(TCO 6) An employee who fails to report a suspected security
weakness
is
doing his or her job.
will
not be punished.
will
be treated the same as if he or she had initiated a malicious act against the
company.
is
making sure not to aggravate the situation by making a mistake.
: 8, page 230
4
of 4

Question 2. Question
:
(TCO 7) Which of the following is NOT an access control
method?
MAC
RBAC
DAC
PAC
: 9, page 273
4
of 4

Question 3. Question
:
(TCO 8) When is the best time to think about security when
writing a new piece of code?
IN
At the end, once all the modules
have been written
After
the users have had a chance to review the application
At
the beginning of the project
After
the application has been approved and authorized by the ISO
: 10, page 313
0
of 4

Question 4. Question
:
(TCO 9) As it pertains to GLBA, what does NPI stand for?
Nonpublic
information
Nonpublic
personal information
Nonprivate
information
Nonprivate
personal information
: 12, page 390
4
of 4

Question 5. Question
:
(TCO 6) The primary antimalware control is
an
updated antivirus solution.
a
firewall.
a
router.
an
acceptable use policy.
: 8, page 232
4
of 4

Question 6. Question
:
(TCO 7) Which is the first target of a hacker who has gained
access to an organizations network?
Log
files
Sensitive
data
User
accounts
Public
data
: 9, page 276
4
of 4

Question 7. Question
:
(TCO 8) Which formal security-related process should take
place at the beginning of the code creation project?
Risk
assessment
Input
validation
Output
validation
SQL
injection validation
: 10, page 313
4
of 4

Question 8. Question
:
(TCO 9) Who enforces the GLBA?
Eight
different federal agencies and states
The
FDIC
The
FFIEC
The
Secretary of the Treasury
: 12, page 392
4
of 4

Question 9. Question
:
(TCO 6) The part of the antivirus solution that needs to be
updated daily is
the
DAT files.
central
command.
the
control panel.
the
engine.
: 8, page 232
4
of 4

Question 10. Question
:
(TCO 7) All users are expected to keep their password
secret, unless
IN
a member of the IT group asks
for it.
another
employee needs to log on as them.
d. someone identifying themselves as the ISO asks for it.
There
is no unless.
: 9, page 281
0
of 4

Question 11. Question
:
(TCO 8) If an employee uses a company-provided application
system and finds what he or she thinks is a loophole that allows access to
confidential data, that employee should
alert
his or her manager and the ISO immediately.
verify
and test the alleged loophole before alerting anyone.
not
say anything unless he or she is a member of the incident response team.
alert
his or her manager whenever he or she happens to have a chance to do so.
: 10, page 317
4
of 4

Question 12. Question
:
(TCO 9) What do the Interagency Guidelines require every
covered institution to implement?
Quarterly
risk assessments
A
biannual review of the disaster recovery plan
A
comprehensive written information security program
A
monthly inventory of all information assets
: 12, page 394
4
of 4

Question 13. Question
:
(TCO 6) Grandfather-father-son is a model used for
antivirus
updates.
antispyware
updates.
backup
strategies.
change
control management strategies.
: 8, page 236
4
of 4

Question 14. Question
:
(TCO 7) Which of the following is the most popular single
factor authentication method?
Cameras
IN Biometric devices
Tokens
Passwords
: 9, page 281
0
of 4

Question 15. Question
:
(TCO 8) Input validation is
verifying that a piece of code
does not have any inherent vulnerabilities.
making
sure that employees know what information to enter in a new system.
testing
an application system by entering all kinds of character strings in the
provided fields.
testing
what information an application system returns when information is entered.
: 10, page 318(TCO 1) Why is it important to prepare written policies? It
lets the policies be communicated more easily. This
helps to ensure consistency. A
policy is part of the corporate culture. It
is required by law. In: Chapter 1, page 11 Points Received: 4 of 4 Comments: Question 2. Question
: (TCO 2) Which of the following is NOT a threat to data
confidentiality? Hackers Encryption Improper
access controls IN Social engineering In: Chapter 3, page 67 Points Received: 0 of 4 Comments: Question 3. Question
: (TCO 1) Which of the following is MOST likely to reflect the
policy audience for a corporate ethics policy at Acme Manufacturing? All Acme Manufacturg employees
and all vendors and service providers All
full- and part-time employees of Acme Manufacturg and its subsidiaries The
Acme Manufacturg board of directors The
fance, human resources, and marketg departments of Acme Manufacturg : Chapter
2, page 45 Pots Received: 0 of 4 Comments: Question 4. Question
: (TCO 2) Which of the followg are all federal regulations? Sarbanes-Oxley,
IEEE 802.11, and NIST 800-34 GLBA,
HIPAA, and Sarbanes-Oxley GLBA,
HIPAA, and IEEE 802.11 GLBA,
NIST 800-34, and Sarbanes-Oxley : Chapter
2, page 41 Comments: Question 5. Question
: (TCO 1) When should formation security policies, procedures,
standards, and guideles be revisited? As
dicated the policy Never;
once they are written and published, they must be adhered to Annually When
dictated by change drivers : Chapter
1, page 18 Pots Received: 0 of 4 Comments: Question 6. Question
: (TCO 2) What is a valid defition of data tegrity? Knowg
that the data on the screen have not been tampered with Data
that are encrypted Data
that have not been accessed by unauthorized users The
knowledge that the data are transmitted ciphertext only : Chapter
3, page 69 Comments: Question 7. Question
: (TCO 1) What should be the consequences of formation
security policy violations? Always
up to, and cludg, termation Immediate
revocation of all user privileges Commensurate
with the criticality of formation the policy was written to protect Violations
cited the persons annual performance
review : Chapter
1, page 24 Comments: Question 8. Question
: (TCO 2) Match the followg terms to their meangs. : Change driver 2 : Any event that impacts culture,
procedures, and activities with an organization : Acceptable use agreement 1
: List of actions that employees are not allowed to perform while usg
company-provided equipment : Statement of authority 3
: troduction to the policy document : Security policy document policy 4 : Policy about a policy : Chapter
4, page 95 Comments: Question 9. Question
: (TCO 1) Which of the followg best describes how the
penalties defed the Policy Enforcement
Clause should relate to the fractions? Any
fraction should result suspension or
termation. The
same penalty should apply each time an fraction occurs. The
penalty should be proportional to the level of risk curred as a result of the fraction. Penalties
should be at the discretion of management. : Chapter
2, page 48 Comments: Question 10. Question
: (TCO 2) Data tegrity is protectg
the data from tentional or accidental disclosure. makg
sure the data are always available when legitimately needed. protectg
the data from tentional or accidental modification. makg
sure the data are always transmitted encrypted format. : Chapter
3, page 69 Comments: Question 11. Question
: (TCO 1) Which is the worst that may happen if formation
security policies are out of date or address technologies no longer used the organization? People
may take the policies less seriously or dismiss them entirely. Executive
management may become upset. The
company may cur unnecessary costs to change them. People
may not know which policy applies. : Chapter
1, page 23 Comments: Question 12. Question
: (TCO 2) Which of the followg federal regulations pertas to
the medical field? FERPA GLBA HIPAA SOX : Chapter
4, page 95 Comments: Question 13. Question
: (TCO 1) which of the
followg ways does understandg policy elements help you terpret your
organizations formation security policies? Awareness
of policy elements helps you determe the strength of the policy and whether you
should take it seriously. If
you understand policy elements, you will be able to change the policies. Knowg
the purpose and goal of each section of the policy can help you better
understand the tent of the policy, as well as how the policy applies to you. You
need to know the policy elements order
to determe which parts of the policy apply to you. Question 14. Question
: (TCO 2) Which of the followg federal regulations pertas to
the educational field? FERPA GLBA HIPAA SOXQuestion 15. Question
: (TCO 1) Which of the followg is an important function of the
statement of authority? It
provides a bridge between an organizations core values and security
strategies. It
dicates who to talk to if you want to request a change the policy. It
describes the penalties for policy fractions. It
references standards, guideles, and procedures that the reader can consult for
clarification of the policy.WEEK 4(TCO 3) Which section of the ISO 17799 deals with asset
classification? 2 3 4 5 Points Receied: 4 of 4 Comments: Question 2. Question
: (TCO 4) The age group most inclined to use an online job
search is 30
to 49. 18
to 29. 50
to 64. None
of the aboe33% of persons across all age groups use online job searching. Chapter
6, page 151 Points Receied: 4 of 4 Comments: Question 3. Question
: (TCO 5) In ISO 17799, an area where assets are protected
from man-made and natural harm is known as secure
area. mantrap. company
property. security
perimeter. Chapter
7, page 186 Points Receied: 4 of 4 Comments: Question 4. Question
: (TCO 3) When it comes to information security, what is the
purpose of labeling? Communicating
the sensitiity leel Communicating
the access controls Enforcing the access controls Auditing
the access controls Chapter
5, page 129 Points Receied: 0 of 4 Comments: Question 5. Question
: (TCO 4) A security clearance inestigation does NOT inole
research into a persons character. reliability. family
connections. trustworthiness. Chapter
6, page 154 Points Receied: 4 of 4 Comments: Question 6. Question
: (TCO 5) The clear desk and clear screen policy is the way to
aoid which of the following kinds of physical attacks? Shoulder
surfing Reprinting
the last document from the fax machine Looking
at papers on desks All
of the aboe Chapter
7, page 201 Points Receied: 4 of 4 Comments: Question 7. Question
: (TCO 3) Information needs to be handled according to its
classification leel. the
statement of authority. the
access controls set forth in the asset management policy. IN the access controls set forth in the
affirmation agreement. Chapter
5, page 129 Points Receied: 0 of 4 Comments: Question 8. Question
: (TCO 4) Which of the following is a component of an
affirmation agreement? Statement
of authority Background
check Job
description Credit
history Chapter
6, page 160 Points Receied: 4 of 4 Comments: Question 9. Question
: (TCO 5) What is the goal of the physical entry controls
policy? Restrict
the knowledge of, access to, and actions within secure areas Require
authorized users to be authenticated and isitors to be identified and labeled Require
perimeter controls as appropriate Make
sure the organization pays attention to potential enironmental hazards and
threats Chapter
7, page 189 Points Receied: 4 of 4 Comments: Question 10. Question
: (TCO 3) This is known as the process of downgrading the
classification leel of an information asset. Declassification Classification
reiew Reclassification Asset
publication Chapter
5, page 130 Points Receied: 4 of 4 Comments: Question 11. Question
: (TCO 4) Match each of the following with its example. : Security education 3 :
Recertification training for the network administrator : Security training : A
presentation on creating good passwords :
Security awareness 1:
Posters reminding users to report security breaches Chapter
6, page 165 Points Receied: 1.33 of 4 Comments: Question 12. Question
: (TCO 5) Which of the following might the working in secure
areas policy restrict from being brought into a facility? Cameras Recording
deices Laptop
computers All
of the aboe Chapter
7, page 192 Points Receied: 4 of 4 Comments: Question 13. Question
: (TCO 3) When calculating the alue of an asset, which of the
following is NOT a criterion? Cost
to acquire or deelop asset Cost
to maintain and protect the asset Cost
to disclose the asset Reputation Chapter 5, page 133 Points Receied: 0 of 4 Comments: Question 14. Question
: (TCO 5) According to the equipment siting and protection
policy, smoking, eating, and drinking will not be permitted except in designated areas. inside
the security perimeter. under
any circumstances. in
areas where equipment is located. Question 15. Question
: (TCO 3) A qualitatie approach to an analysis uses hard
numbers. statistics. expert
opinions. general
population sureys. Chapter
5, page 137 Points Receied: 4 of 4 Comments:WEEK 6(TCO 6) An employee who fails to report a suspected security
weakness is
doing his or her job. will
not be punished. will
be treated the same as if he or she had initiated a malicious act against the
company. is
making sure not to aggravate the situation by making a mistake. : 8, page 230 4
of 4 Question 2. Question
: (TCO 7) Which of the following is NOT an access control
method? MAC RBAC DAC PAC : 9, page 273 4
of 4 Question 3. Question
: (TCO 8) When is the best time to think about security when
writing a new piece of code? IN
At the end, once all the modules
have been written After
the users have had a chance to review the application At
the beginning of the project After
the application has been approved and authorized by the ISO : 10, page 313 0
of 4 Question 4. Question
: (TCO 9) As it pertains to GLBA, what does NPI stand for? Nonpublic
information Nonpublic
personal information Nonprivate
information Nonprivate
personal information : 12, page 390 4
of 4 Question 5. Question
: (TCO 6) The primary antimalware control is an
updated antivirus solution. a
firewall. a
router. an
acceptable use policy. : 8, page 232 4
of 4 Question 6. Question
: (TCO 7) Which is the first target of a hacker who has gained
access to an organizations network? Log
files Sensitive
data User
accounts Public
data : 9, page 276 4
of 4 Question 7. Question
: (TCO 8) Which formal security-related process should take
place at the beginning of the code creation project? Risk
assessment Input
validation Output
validation SQL
injection validation : 10, page 313 4
of 4 Question 8. Question
: (TCO 9) Who enforces the GLBA? Eight
different federal agencies and states The
FDIC The
FFIEC The
Secretary of the Treasury : 12, page 392 4
of 4 Question 9. Question
: (TCO 6) The part of the antivirus solution that needs to be
updated daily is the
DAT files. central
command. the
control panel. the
engine. : 8, page 232 4
of 4 Question 10. Question
: (TCO 7) All users are expected to keep their password
secret, unless IN
a member of the IT group asks
for it. another
employee needs to log on as them.d. someone identifying themselves as the ISO asks for it. There
is no unless. : 9, page 281 0
of 4 Question 11. Question
: (TCO 8) If an employee uses a company-provided application
system and finds what he or she thinks is a loophole that allows access to
confidential data, that employee should alert
his or her manager and the ISO immediately. verify
and test the alleged loophole before alerting anyone. not
say anything unless he or she is a member of the incident response team. alert
his or her manager whenever he or she happens to have a chance to do so. : 10, page 317 4
of 4 Question 12. Question
: (TCO 9) What do the Interagency Guidelines require every
covered institution to implement? Quarterly
risk assessments A
biannual review of the disaster recovery plan A
comprehensive written information security program A
monthly inventory of all information assets : 12, page 394 4
of 4 Question 13. Question
: (TCO 6) Grandfather-father-son is a model used for antivirus
updates. antispyware
updates. backup
strategies. change
control management strategies. : 8, page 236 4
of 4 Question 14. Question
: (TCO 7) Which of the following is the most popular single
factor authentication method? Cameras IN Biometric devices Tokens Passwords : 9, page 281 0
of 4 Question 15. Question
: (TCO 8) Input validation is verifying that a piece of code
does not have any inherent vulnerabilities. making
sure that employees know what information to enter in a new system. testing
an application system by entering all kinds of character strings in the
provided fields. testing
what information an application system returns when information is entered. : 10, page 318

Do you need an answer to this or any other questions?

About Writemia

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Place Order” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order