Loading... Please wait...

Categories

Our Newsletter


CIS 462 Final Exam (2 Set)

Price:
$15.00


Product Description

This Tutorial contains 2 Set of Final Exam

 

 

CIS 462 Final Exam Guide Set 1

           

           

•           Question 1                   A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?

 

•           Question 2                   What entity issues and manages digital certificates?

 

•           Question 3                   A PKI uses public and private ______ for the secure exchange of information.      

 

•           Question 4                   A Wi-Fi Access Point Security standard defines secure wireless connectivity to a network. With which IT domain is this standard primarily associated?

                       

•           Question 5                   Baseline standards for the LAN Domain would include ____________.

                       

•           Question 6A    standard for Web Services from an external provider would be part of which set of policies?

                       

•           Question 7                   A control standard that separates the development environment from the production environment would be found in which set of policies?                                 

•           Question 8                   What is a benefit of instructor-led classroom training for security awareness?

•           Question 9                   Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.

 

•           Question 10                 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?

                       

•           Question 11                 Which of the following is least likely to be required to attend an organization's formal security awareness training program?

 

•           Question 12                 Implementing IT security policies is as much about __________ as it is about implementing controls.

                       

•           Question 13                 What is the best way to measure a specific user's comprehension of security awareness training?

                       

•           Question 14                 Conducting __________ can be an effective security awareness program solution.

           

•           Question 15                 The primary objective of a security awareness program is to _________.

                       

•           Question          16Which tool can you use in a Microsoft domain to manage security settings for users and organizational units (OUs)?

 

•           Question 17                 What does a configuration management database (CMDB) hold?

                       

•           Question 18                 A(n) __________ can include a computer's full operating system, applications, and system settings, including security and configuration settings.

           

•           Question 19                 You want to manage patches and updates for Windows client computers centrally. Which is the best tool to use?

                       

•           Question 20                 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?

                                   

•           Question 21                 Which of the following methods is used to track compliance?

                       

•           Question 22                 What is due care?

                       

•           Question 23                 Common IRT members may be IT subject matter experts, IT security reps, HR reps, and ____________ reps.

                       

•           Question 24                 When responding to an incident, when does the IRT timeline start?

                       

•           Question 25                 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?

                       

•           Question 26                 Before an incident can be declared, the IRT must develop an incident ________ for incident response.

                                   

•           Question 27                 FISMA requires federal agencies to report major incidents to which organization?

                       

•           Question 28                 During which phase of incident response do IRT members stop the attack and gather evidence?

                                   

•           Question 29                 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?

                                   

•           Question 30                 In a business classification scheme, which classification refers to routine communications within the organization?

                       

•           Question 31                 Regarding data classification, what does "declassification" mean?

                                               

•           Question 32                 What is the general retention period of regulated documents?

                                   

•           Question 33                 What is considered to be a natural extension of the BIA when conducting a BCP?

                       

•           Question 34                 Which of the following is not a primary reason a business classifies data?

                       

•           Question 35     In a business classification scheme, which classification refers to mission-critical data?

                       

•           Question 36                 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?

                       

•           Question 37                 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?

                                   

•           Question 38                 ___________ is/are key to security policy enforcement.

                       

•           Question 39                 Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee's right to privacy?

 

                                   

•           Question 40                 Which of the following is least likely to indicate the effectiveness of an organization's security policies?

                       

•           Question 41                 What is the name of a common control that is used across a significant population of systems, applications, and operations?

                       

•           Question 42                 Which employee role is directly accountable to ensure that employees are implementing security policies consistently?

 

•       Question 43                    Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?

 

•           Question 44                 An employee used her company-owned computer to e-mail invitations to friends for her upcoming party, which violated the company's acceptable use policy. Who is responsible for correcting the employee's behavior?

           

•           Question 45                 What is a disadvantage of hard-coding a user name and password into an application to simplify guest access?

                       

•           Question 46                 What is an example of "hardening"?

 

•           Question 47                 Which type of agreement would you have a contract system administrator (temporary worker) sign?

 

           

•           Question 48                 Which of the following is a policy that prohibits access or storage of offensive content?

 

•           Question 49                 What is pretexting associated with?

•           Question 50                 Who evaluates an organization's technology controls and risks for compliance with internal security policies or regulations?

                                   

 

CIS 462 Final Exam Guide Set 2

 

 

• Question 1    What is the most reasonable way to deal with outdated technology that cannot conform to an organization's security policies?

• Question 2    To be effective, which of the following must follow security policies?

• Question 3    Conducting __________ can be an effective security awareness program solution.

• Question 4    Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.

• Question 5    The primary objective of a security awareness program is to _________.

• Question 6    What is a common consequence of failing to adhere to an acceptable use policy (AUP)?

• Question 7    What is a benefit of instructor-led classroom training for security awareness?

• Question 8    Which of the following is generally not a part of a security awareness communications plan?

• Question 9    Which of the following methods is used to track compliance?

• Question 10  Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?

• Question 11  Best practices for IT security policy compliance monitoring includes ___________.

• Question 12 Three major components of the ITIL life cycle are service transition, service operation, and service _________.

• Question 13  You want to identify active hosts on a network, detect open ports, and determine the operating system in use on servers. Which is the best tool to use?

• Question 14 Nessus® is a type of _______________.

• Question 15 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?

• Question 16  Which organizational committee ensures that an external service provider is meeting the service level agreement (SLA) in the contract?

• Question 17  ___________ is/are key to security policy enforcement.

• Question 18  In a large organization, what is the name of the entity that reviews technology activity and provides approvals before a project or activity can proceed to the next stage?

• Question 19 When monitoring an employee's Internet use, which of the following can potentially violate an employee's rights?

• Question 20  What is the name of a common control that is used across a significant population of systems, applications, and operations?

• Question 21  Which of the following is a manual control for enforcing security policies?Before an incident can be declared, the IRT must develop an incident ________ for incident response.

• Question 22 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future? 

• Question 23  During which phase of incident response do IRT members recover from the attack and resume operations? 

• Question 24 During which phase of incident response do IRT members stop the attack and gather evidence?

• Question 25  During which phase of incident response do IRT members stop the attack and gather evidence?

• Question 26  Triage is performed during which phase of incident response?

• Question 27 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?

• Question 28 When analyzing an IT incident, which of the following is not something you need to identify?

• Question 29 When reporting an incident, the IRT team must first classify the _________ of the incident

• Question 30  A System Use Notification standard describes the on-screen display of system notification messages, such as a legal notice that the user is accessing a protected system. With which IT domain is this standard primarily associated?

• Question 31 A LAN Domain policy would include guidelines for which of the following?

• Question 32 A Separation of Environments standard establishes the need to separate the development environment from the production environment. With which IT domain is this standard primarily associated?

• Question 33  A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?

• Question 34  Baseline standards for the LAN Domain would include ____________.

• Question 35  Which of the following documents describes core control requirements for framework policies?

• Question 36  A PKI uses public and private ______ for the secure exchange of information.

• Question 37 When classifying documents in a business, the data owner must strike a balance between protection and _____________.

• Question 38 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?

• Question 39  In a business classification scheme, which classification refers to routine communications within the organization?

• Question 40  Before a BCP can be completed, a(n) _________ must first be completed and agreed upon by all the key departments within the organization.

• Question 41 Regarding data classification, what does "declassification" mean?

• Question 42  Which U.S. government data classification refers to confidential data that's not subject to release under the Freedom of Information Act? 

• Question 43  What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons? 

• Question 44  Which of the following is not a primary reason a business classifies data?

• Question 45 Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take?

• Question 46 Which of the following is generally not true of contractor workers?

• Question 47 What is an example of "hardening"?

• Question 48  Who is most likely to have the least amount of security awareness about your organization?

• Question 49  Who evaluates an organization's technology controls and risks for compliance with internal security policies or regulations?

• Question 50  Which type of agreement would you have a contract system administrator (temporary worker) sign?


Find Similar Products by Category


Write your own product review

Product Reviews

This product hasn't received any reviews yet. Be the first to review this product!


Add to Wish List

Click the button below to add the CIS 462 Final Exam (2 Set) to your wish list.

You Recently Viewed...