CSIS 340 Quiz 3

  1. Which of the following control standards in the system/application domain maintains control of both managing errors and ensuring against potentially damaging code?
  2. It is important that LAN guidelines transfer technical knowledge and experience by guiding an individual through core principles and varied ways of considering risks. Which of the following guidelines documents offers instructions on the intricacies and uses of wireless structures and types?
  3. The______________________ denotes the application software and technology that concerns a wide range of topics from the data management to the systems that process information.
  4. Imagine a scenario in which an employee regularly shirks the organization’s established security policies in favor of convenience. What does this employee’s continued violation suggest about the culture of risk management in the organization?
  5. Consider this scenario: A company that buys a sizeable amount of equipment for its manufacturing process needs to accurately report such expenditures, so it calls upon the services of financial auditors. While financial auditors might consider how robust the data might be, the company might also involve IT auditors to examine the technology in place to gather the data itself. What process is this company using to address its concerns?
  6. LAN security policies center on issues concerning connectivity; this includes determining how devices adhere to the network. Among the types of LAN control standards are _______________, which creates the schedules on LAN-attached devices for scheduled preventative and consistent maintenance, and________________, which explains the change control management process for soliciting changes, granting changes, implementing changes on the network
  7. Which of the following statements is most accurate with respect to infrastructure security?
  8. Which of the following user groups has both the business needs of being able to access the systems, network, and application to complete contracted services, and access capability that is limited to particular sections of the systems, network, and application?
  9. The act of recording noteworthy security events that transpire on a network or computing device is known as a(n)______________________.
  10. One of the processes designed to eradicate maximum possible security risks is to ________________, which limits access credentials to the minimum required to conduct any activity and ensures that access is authenticated to particular individuals.
  11. Consider this scenario: After many years, an employee is promoted to a position that has an elevated level of trust with his management. He began the company in an entry-level position, and then moved from a supervisory to a managerial role. This role entails that the employee trains other employees and has a deep understanding of how the department functions. Which of the following actions should be taken in regard to this employee’s levels of access during the span of time he has worked for the company?
  12. According to the best practices most widely adopted to protect users and organizations, _______________ employs an approach that sets up overlapping layers of security as the preferred means of mitigating threats.
  13. One of seven domains of a typical IT infrastructure is the user domain. Within that domain is a range of user types, and each type has specific and distinct access needs. Which of the following types of users has the responsibility of creating and putting into place a security program within an organization?
  14. Which the following is notone the policies concerned with LAN-to-WAN filtering and connectivity?
  15. The Barings Bank collapsed in 1995 after it was found that an employee had lost over $1.3 billion of the bank’s assets on the market. The collapse occurred when an arbitrage trader was responsible for both managing trades and guaranteeing that trades were settled and reported according to proper procedures. To which of the following causes is this collapse attributed?
  16. Which of the following statements does notoffer an explanation of what motivates an insider to pose a security risk?
  17. In order to establish cogent expectations for what’s acceptable behavior for those utilizing an organization’s technology asset, an Acceptable Use Policy (AUP) defines the targeted functions of computers and networks. This policy delimits unacceptable uses and the consequences for policy violation. Which of the following topics is notlikely to be found in an AUP?
  18. Of all the reasons that people commit errors when it comes to IT security, which of the following is the main reason people make mistakes?
  19. Aside from human user types, there are two other non-human user groups. Known as account types, ________________ are accounts implemented by the system for the purpose of supporting automated service, and ___________________ are accounts that remain non-human until individuals are assigned access and can use them to recover a system following a major outage.
  20. Depending on the organization, the control procedure of the Domain Name System (DNS) might be built into the WAN standard. This standard identifies the criteria securing a domain name. Which of the following is notone of the types of approvals that can be used to track domains?
  21. Organizations seek to create a coherent set of documents that are stable and immune to the need for regularly adjustments. However, the types of policy documents can differ, depending on the organization. Which of the following is notone the reasons why these documents might vary from one organization to the next?
  22. Baseline LAN standards are concerned with network traffic monitoring because no matter how good firewalls and routers can be, they are still not 100% effective. Thus, _________________ offer a wide range of protection because they seek out patterns of attack.
  23. Security policies that clarify and explain how rights are assigned and approved among employees can ensure that people have only the access needed for their jobs. Which of the following is notaccomplished when prior access is removed?
  24. Which of the following statements illustrates the importance of the LAN-to-WAN domain to an organization’s security?
  25. Domain security control requirements are embodied in several different types of documents. One such document is known as _______________________, which uses a hierarchical organizing structure to identify the key terms and their explanations.
$2.99
Buy Answer Key
  • Find by class