It255 Final Exam Study Guide

Final Exam Study Guide
1. Which of the following is an action that could damage an asseta. Risk
b. Threat
c. Data transfer
d. Information assessment
Reference: p62. Which law requires all types of financial institutions to protect customers’ private financial information?
b. SOX
Reference: p93. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality?
a. Threat monitoring
b. Vulnerability assessments
c. Data classification standards
d. Security awareness policies
Reference: p144. Which of the following is a detailed written definition of how software and hardware are to be used?
a. Policy
b. Standard
c. Procedure
d. Guideline
Reference: p40
5. Which of the following is not a common type of data classification standard?
a. Guideline
b. Top secret
c. Internal use only
d. Private data
Reference: p426. What does a lapse in a security control or policy create?
a. Policy violation
b. Penetration testing
c. Risk mitigation
d. Security gap
Reference: p1337. Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?
a. Risk
b. Backdoor
c. Vulnerability
d. Exploit
Reference: p968. Which of the following terms refers to the likelihood of exposure to danger?
a. Threat
b. Risk
c. Vulnerability
d. Mitigation
Reference: p119, 1219. Which type of attacker intends to be helpful?
a. Gray-hat hacker
b. Black-hat hacker
c. Script kiddie
d. White-hat hacker
Reference: p8810. Which domain is primarily affected by weak endpoint security on a VPN client?
a. Remote Access Domain
b. LAN Domain
c. Workstation Domain
d. Systems/Applications Domain
Reference: p97-9811. Identify two phases of the access control process.
a. Identification and authorization
b. Policy definition and policy enforcement
c. Knowledge and…

Leave a Reply

Your email address will not be published. Required fields are marked *