Infosec leadership

QUESTION 1

Which of the following were actions the textbook listed as guides to manage IT security.
Work with users to make everyone more secure.

Avoid the risks.

Get mid-level management buy-in.

Evaluate your environment’s needs, exposures, and defenses.

8 points

QUESTION 2

Which of the following are categories you would be likely to see at a mid-year budget review?
Actual amount spent year to date

Actual amount spent for the month

Variance against budget (an over/under amount indicating how well you are doing compared to the expected amount based on your original budget)

Variance against last year (an over/under amount indicating if you are spending more or less for the same items as last year)

8 points

QUESTION 3

You should always try to get your server and storage environment on a single diagram.
True

False

6 points

QUESTION 4

What are the two things a control mechanism provide?
Audit trail and evidence

Appropriate checks and balances

Best effort and assurance

Policy and procedure

6 points

QUESTION 5

The goal of your audit should be to clearly determine the __ you are facing.
regulations

level of risk

degree of compliance

level of work

6 points

QUESTION 6

__ is a solution that allows users to authenticate once to the network and then have access to all applications and resources for which he has been granted permission, without having to enter additional IDs and passwords.
Single Sign-On

Two-Factor Authentication

Challenge-Response

Account Provision

6 points

QUESTION 7

Where were some locations the textbook suggested as potentially good places for physical copies of infrastructure documentation to be located?
Computer Room

Break room

Cubical Walls of the help desk personnel

Your home

6 points

QUESTION 8

How many process areas does CMMI have?
5

6

25

21

6 points

QUESTION 9

What two things need to happen for a policy to help ensure that all employees (both IT and users) are aware of it and that it can be applied consistently?
It must be approved by both the auditors and compliance groups

The business unit and individual owners must be listed

It should be documented and posted

It should be tied to a regulation and indexed

6 points

QUESTION 10

What can be used to “trap” data to and from a particular device or can be used to look for particular content.
A Packet Sniffer

Network Access Controls

A Packet Internet Groper

An IPS Appliance

6 points

QUESTION 11

A(n) __ is generally used to gather preliminary information about a vendor in order to see if they meet some basic requirements.
RFP

POC

RISC

RFI

6 points

QUESTION 12

Which of the following are issues that IT should care about and standardize on?
Operating systems

Monitor size

Software configuration

Hardware configurations

8 points

QUESTION 13

The textbook referred to a 2011 Ponemon Institute survey. That survey indicated __ was the most common cause of a security breach.
Negligence

Insider attack

Malicious attack

Criminal attack

6 points

QUESTION 14

In hard times, what are the things you should bring to management to show your leadership?
Be proactive

Adjust your priorities properly

Be willing to react quickly to decisions

Come to the table with ideas

6 points

QUESTION 15

What are the kinds of things a good inventory can help you discover?
Non-functional Resources

New departments

Overutilized Resources

Outdated Technology

8 points

QUESTION 16

One comforting thought with Information Security is that whether you are a virtual company or if you have a traditional office setting, your security priorities and concerns are the same.
True

False

6 points

QUESTION 17

__ is a technique for gathering confidential or privileged information by simply asking for it.
Phishing

Malware

Hacking

Social engineering

6 points

QUESTION 18

Which of the following are benefits of standardizing your technology?
Eases support burden

Requires fewer kinds of spares

Locks you into a smaller set of vendors

Makes it harder to detect shadow IT

8 points

QUESTION 19

Which of the following is not part of the IT Infrastructure Library?
Control activities

The business perspective

Planning to implement service management

Strategic alignment

8 points

QUESTION 20

Which of the following was not identified as common type of contact you would likely have with a vendor?
Billing

Technical Support

Sales

Development

6 points

QUESTION 21

__ is usually defined as any data that can be used (either alone or with other data and sources) to identify a person.
Personal Health Information

Protected Health Information

Personally Identifiable Information

Personal Identity Information

6 points

QUESTION 22

What is the commonly used name for the Public Company Accounting Reform and Investor Protection Act of 2002?
Gramm-Leach-Bliley

SEC’s Rule 17a-4

Sarbanes-Oxley

Basel II

6 points

QUESTION 23

Which of the following is not one of the common points for deciding to refresh technology?
The technology is no longer meeting your needs

The technology is holding up other IT projects

The technology presents risks to the environment

Vendor support is available, and not cost prohibitive

6 points

QUESTION 24

In general with leasing situations, you make arrangements to purchase a piece of hardware, but the leasing company makes the actual purchase.
True

False

5 points

QUESTION 25

This is the practice of trying to get information from people by lying to them over the computer.
Fraud

Smishing

Phishing

Social engineering

6 points

QUESTION 26

Match the terms to their descriptions.

  • A. B. C. D.

Spyware

  • A. B. C. D.

Trojan horses

  • A. B. C. D.

Rootkits

  • A. B. C. D.

Worms

A.

A set of modifications to the operating system that is designed primarily to hide malicious activity.

B.

Programs that appear to be legitimate, but in fact are malicious.

C.

Self-contained programs that replicate themselves usually via the network or e-mail attachments.

D.

Software that monitors a user’s activity, often to collect account numbers, passwords, etc.

6 points

QUESTION 27

Information regarding your company’s mobile equipment should include which of the following:
Storage Capacity

Model

Carrier

Operating System

6 points

QUESTION 28

According to Financial Accounting Standards Board (FASB) Statement 13, a lease is considered a capital lease if it meets any one of the following criteria, except:
The lease term is equal to or greater than 75 percent of the estimated life of the leased property (e.g., the lease term is six years and the estimated life is eight years).

The lease transfers ownership of the property to the lessee by the end of the lease term.The lease contains an option to purchase the leased property at a bargain price.

The lease contains an option to purchase the leased property at a bargain price.

The present value of rental and other minimum lease payments equals or exceeds 90 percent of the fair value of the leased property regardless of any investment tax credit retained by the lessor.

6 points

QUESTION 29

Outsourcing includes all but which of the following?
The primary company can provide the service

The secondary company chooses not to provide the service

The primary company chooses not to provide the service

The secondary company can provide services in question

6 points

QUESTION 30

During the difficult times, you should be looking all but which of these areas:
Demonstrating leadership

Managing costsLooking for opportunities to leverage IT for increased business value

Improving weak SLAs

Demonstrating leadership

6 points

QUESTION 31

Which of the following is not one of the common weaknesses found after a security assessment?
Misconfigured Devices

Weak Passwords

Weak Internal Controls on People

Outside “Fingerprints”

6 points

QUESTION 32

Which of the following is not usually found in a Wide Area Network schematic?
DMZs

site locations

location of switches

firewalls

6 points

QUESTION 33

Which organization is closely identified with the Control Objectives for Information and Related Technology framework?
(ISC)2

NIST

ISO

ISACA

6 points

QUESTION 34

This method of risk analysis generates an analysis of the risks facing an organization and is based on experience, judgment, and intuition.
Qualitative

Subjective

Quantitative

Rational

6 points

QUESTION 35

The benefit of __ individual departments is that those departments become more cost conscious of their IT uses and requirements.
underestimating budgets by

budgeting everything at

charging expenses back to

overestimating budgets by

6 points

QUESTION 36

The textbook suggests that IT department provide whatever the user asks for regarding ergonomic devices and ant-glare screens.
True

False

5 points

QUESTION 37

One of the contractual I stressed in the lecture that can cause a contract to be rejected by the legal team, even though the product is exactly what you need to purchase was the:
Absence of an automatic renewal provision

The SLA is too generic

Choice of Law Provision

Limited Indemnity Clause

6 points

QUESTION 38

The textbook mentioned that _ of people never change their banking password.
41%

32%

14%

23%

6 points

QUESTION 39

Proof that you can provide to anyone who might ask (e.g., lawyers, regulators, auditors) that you are actually operating by the established policies is often considered __.
A hidden benefit of maintaining evidence

A hidden benefit of educating your employees

A hidden benefit of operational excellence

A hidden benefit of control mechanisms

6 points

QUESTION 40

If your project needs a new piece of hardware for a project that costs $10,000 and has a 5 year depreciation span, the amount of the expense in the year following the purchase is _.
$2,000

$0

$2,500

$1,500

Sample Solution

The post Infosec leadership appeared first on use litetutors.