CSCI 501 Midterm

CSCI 501 Midterm Liberty University

  1. Which of the following is not a type of disaster recovery plan test?
  2. A scammer posing as an IT support technician sends an e-mail to several employees at a credit union. The e-mail prompts for a logon ID and password to the company server. What type of attack is being described?
  3. Which of the following is a detailed written definition of how software and hardware are to be used?
  4. Which law restricts how online information is collected from children under 13 years of age?
  5. A(n) provides a consistent definition for how an organization should handle and secure different types of data.
  6. supports two business models, business to consumer (B2C) and business to business (B2B).
  7. Instructions for responding to the following would be included in an organization’s BCP but not a DRP.
  8. Which of the following is the most important part of successfully transitioning from a brick-and-mortar business to an e-commerce business?
  9. Which of the following uses relative ranking to determine risk responses?
  10. A major upgrade of your company’s customer relationship management software has been halted after access controls to part of the software were found to be inadequate. Which IT domain is most affected?
  11. Which of the following unified communications components is the best choice for groups of people, including remote users, to share applications in real time?
  12. You have determined that the cost of an encrypted network connection between your internal database server and internal application server outweighs the likelihood of an attacker accessing the network connection. Which risk management technique are you most likely to use?
  13. Which domain of a typical IT infrastructure includes cabling, servers, and wireless access points?
  14. Which of the following is the most effective countermeasure to social engineering?
  15. Regarding a disaster recovery plan, which of the following is the least expensive to set up?
  16. Regarding a disaster recovery plan, which of the following takes the least amount of switchover time?
  17. Which property of information security is most often affected by the sabotage or destruction of property?
  18. Which of the following is the likelihood that something bad will happen to an asset?
  19. What is phreaking most often associated with?
  20. In which type of attack does a person, program, or computer disguise itself as another person, program, or computer to gain access to a resource?
  21. Which tool helps you ensure your organization is satisfying its security policies?
  22. Which type of attacker intends to be helpful?
  23. What is a characteristic of VoIP?
  24. Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?
  25. Which equation do you use to calculate the loss for a single threat occurrence?
  26. Which of the following is a weakness that allows a threat to be realized or to have an effect on an asset?
  27. In which domain is malicious software not a significant vulnerability?
  28. Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect?
  29. An AUP is part of a layered approach to security and it supports confidentiality. What else supports confidentiality?
  30. Which domain of a typical IT infrastructure is primarily affected by weak endpoint security on *a. VPN client?
  31. Which of the following is considered a vulnerability?
  32. Which of the following is considered a threat rather than a risk?
  33. When conducting a business impact analysis on critical business functions, the amount of data loss that is acceptable is called .
  34. Which of the following uses mathematical formulas and numbers to rank risk severity?
  35. In which attack does a hacker capture data packets from a network and retransmit them to produce an unauthorized effect, usually to gain information that allows unauthorized access into a system?
  36. The key to protecting assets from the risk of attack is to eliminate or address as many as possible.
  37. Which of the following should be the first priority in any business continuity plan?
  38. Which technology of the following supports the convergence of voice, video, and data communication streams across a split channel?
  39. What does a lapse in a security control or policy create?
  40. Which of the following technologies is the best choice for stockbrokers and traders in remote locations to quickly reach supervisors to get approvals for large buy/sell orders?
  41. What is the result of the risk identification step in a risk management process?
  42. Session Initiation Protocol (SIP) supports which of the following?
  43. When conducting a business impact analysis on critical business functions, the maximum allowable time to recover the function is called .
  44. You purchase insurance to reduce the impact of equipment loss due to fire or flood. Which type of risk management technique are you using?
  45. Which law does not require securing private information, but it does require security controls to protect the confidentiality and integrity of the reporting itself?
  46. Which of the following is not a common type of data classification standard?
  47. Organizations that require customer-service representatives to access private customer data can best protect customer privacy and make it easy to access other consumer data by using what two security tools?
  48. Define risk management.
  49. Legally and practically, e-commerce systems require the utmost in security. List two reasons why organizations apply strict security controls to online business.
  50. Describe a situation in which you might opt to use store-and-forward communications instead of real-time communications.
$3.99
Buy Answer Key

has been added to your cart!

have been added to your cart!

Files Included - Liberty University
  1. CSCI 501 Midterm