COM 510 FINAL EXAM LATEST-SAINT LEO
Visit Below Link, To Download This Course:
COM 510 Final Exam Latest-Saint Leo
COM510
COM 510 Final Exam Latest-Saint Leo
Question 1 (5 points)
What should you be armed with to adequately
assess potential weaknesses in each information asset?
- Intellectual property assessment
- Properly classified inventory
- List of known threats
- Audited accounting spreadsheet
Question 2 (5 points)
Which of the following is a network device
attribute that may be used in conjunction with DHCP, making
asset-identification using this attribute difficult?
- IP address
- Part number
- MAC address
- Serial number
Question 3 (5 points)
Which of the following is NOT a valid rule of
thumb on risk control strategy selection?
- When the attacker’s potential gain is less than the
costs of attack: Apply protections to decrease the attacker’s cost or
reduce the attacker’s gain, by using technical or operational controls.
- When a vulnerability can be exploited: Apply layered
protections, architectural designs, and administrative controls to
minimize the risk or prevent the occurrence of an attack.
- When the potential loss is substantial: Apply design
principles, architectural designs, and technical and non-technical
protections to limit the extent of the attack, thereby reducing the
potential for loss.
- When a vulnerability exists: Implement security
controls to reduce the likelihood of a vulnerability being exploited.
Question 4 (5 points)
By multiplying the asset value by the exposure
factor, you can calculate which of the following?
- Value to adversaries
- Annualized cost of the safeguard
- Annualized loss expectancy
- Single loss expectancy
Question 5 (5 points)
The Microsoft Risk Management Approach
includes four phases. Which of the following is NOT one of them?
- Implementing controls
- Evaluating alternative strategies
- Conducting decision support
- Measuring program effectiveness
Question 6 (5 points)
What does FAIR rely on to build the risk
management framework that is unlike many other risk management frameworks?
- Qualitative assessment of many risk components
- Quantitative valuation of safeguards
- Subjective prioritization of controls
- Risk analysis estimates
Question 7 (5 points)
Which of the following affects the cost of a
control?
- Maintenance
- Liability insurance
- CBA report
- Asset resale
Question 8 (5 points)
Strategies to limit losses before and during a
realized adverse event is covered by which of the following plans in the
mitigation control approach?
- Disaster recovery plan
- Business continuity plan
- Damage control plan
- Incident response plan
Question 9 (5 points)
- Risk reduction
- Risk management
- Risk identification
- Risk analysis
Question 10 (5 points)
Determining the cost of recovery from an
attack is one calculation that must be made to identify risk, what is another?
- Cost of prevention
- Cost of identification
- Cost of litigation
- Cost of detection
Question 11 (5 points)
Which of the following provides an identification
card of sorts to clients who request services in a Kerberos system?
- Ticket Granting Service
- Authentication Server
- Authentication Client
- Key Distribution Center
Question 12 (5 points)
Which of the following is a commonly used
criteria used to compare and evaluate biometric technologies?
- False accept rate
- False reject rate
- Crossover error rate
- Valid accept rate
Question 13 (5 points)
To move the InfoSec discipline forward,
organizations should take all but which of the following steps?
- Learn more about the requirements and qualifications
for InfoSec and IT positions
- Learn more about InfoSec budgetary and personnel needs
- Insist all mid-level and upper-level management take
introductory InfoSec courses
- Grant the InfoSec function an appropriate level of
influence and prestige
Question 14 (5 points)
Which of the following InfoSec positions is
responsible for the day-to-day operation of the InfoSec program?
- Security technician
- Security officer
- Security manager
- CISO
Question 15 (5 points)
The intermediate area between trusted and
untrusted networks is referred to as which of the following?
- Demilitarized zone
- Unfiltered area
- Proxy zone
- Semi-trusted area
Question 16 (5 points)
Which technology has two modes of operation:
transport and tunnel?
- Secure Sockets Layer
- Secure Hypertext Transfer Protocol
- Secure Shell
- IP Security
Question 17 (5 points)
Which of the following is NOT a typical task
performed by the security technician?
- Develop security policy
- Coordinate with systems and network administrators
- Configure firewalls and IDPSs
- Implement advanced security appliances
Question 18 (5 points)
Temporary hires called contract employees – or
simply contractors – should not be allowed to do what?
- Work on the premises
- Wander freely in and out of buildings
- Compensated by the organization based on hourly rates
- Visit the facility without specific, prior coordination
Question 19 (5 points)
Which tool can best identify active computers
on a network?
- Packet sniffer
- Port scanner
- Honey pot
- Trap and trace
Question 20 (5 points)
Which of the following is typically true about
the CISO position?
- Accountable for the day-to-day operation of all or part
of the InfoSec program
- Frequently reports directly to the Chief Executive
Officer
- Technically qualified individual who may configure
firewalls and IDPSs
- Business managers first and technologists second
Question 21 (5 points)
The penalties for offenses related to the
National Information Infrastructure Protection Act of 1996 depend on whether
the offense is judged to have been committed for one of the following reasons
except which of the following?
- For political advantage
- For private financial gain
- In furtherance of a criminal act
- For purposes of commercial advantage
Question 22 (5 points)
There are three general categories of unethical
behavior that organizations and society should seek to eliminate. Which of the
following is NOT one of them?
- Intent
- Accident
- Ignorance
- Malice
Question 23 (5 points)
- Persecution
- Remediation
- Rehabilitation
- Deterrence
Question 24 (5 points)
Which of the following is an international
effort to reduce the impact of copyright, trademark and privacy infringement,
especially via the removal of technological copyright protection measures?
- DMCA
- European Council Cybercrime Convention
- U.S. Copyright Law
- PCI DSS
Question 25 (5 points)
Which of the following ethical frameworks is
the study of the choices that have been made by individuals in the past;
attempting to answer the question, what do others think is right?
- Descriptive ethics
- Normative ethics
- Deontological ethics
- Applied ethics
Question 26 (5 points)
Deterrence is the best method for preventing
an illegal or unethical activity.
- True
- False
Question 27 (5 points)
Which law requires mandatory periodic training
in computer security awareness and accepted computer security practice for all
employees who are involved with the management, use, or operation of each federal
computer system?
- The Telecommunications Deregulation and Competition Act
- National Information Infrastructure Protection Act
- The Computer Security Act
- Computer Fraud and Abuse Act
Question 28 (5 points)
Which of the following is compensation for a
wrong committed by an employee acting with or without authorization?
- Jurisdiction
- Due diligence
- Liability
- Restitution
Question 29 (5 points)
The Secret Service is charged with the
detection and arrest of any person committing a U.S. federal offense relating to
computer fraud, as well as false identification crimes.
- True
- False
Question 30 (5 points)
Which entity is not exempt from the Federal
Privacy Act of 1974?
- U.S. Congress
- Hospitals
- Credit agencies
- Bureau of the Census
Comments
Post a Comment