CIS 462 CIS462 CIS/462 ENTIRE COURSE HELP – STRAYER UNIVERSITY
$149.99$275.00
CIS 462 CIS462 CIS/462 ENTIRE COURSE HELP – STRAYER UNIVERSITY
CIS 462 Final Exam (2 Set)
CIS 462 Midterm Exam (2 Set)
CIS 462 Week 10 Term Paper Disaster Recovery Plan (2 Set)
CIS 462 Week 2 Case Study 1 Acceptable Use Policy (2 Papers)
CIS 462 Week 4 Assignment 1 IT Security Policy Framework (2 Papers)
CIS 462 Week 6 Case Study 2 SCADA Worm (2 Papers)
CIS 462 Week 8 Assignment 2 Business Impact Analysis (2 Papers)
Description
CIS 462 CIS462 CIS/462 ENTIRE COURSE HELP – STRAYER UNIVERSITY
CIS 462 Final Exam (2 Set)
CIS 462 Midterm Exam (2 Set)
CIS 462 Week 10 Term Paper Disaster Recovery Plan (2 Set)
CIS 462 Week 2 Case Study 1 Acceptable Use Policy (2 Papers)
CIS 462 Week 4 Assignment 1 IT Security Policy Framework (2 Papers)
CIS 462 Week 6 Case Study 2 SCADA Worm (2 Papers)
CIS 462 Week 8 Assignment 2 Business Impact Analysis (2 Papers)
CIS 462 Final Exam (2 Set)
This Tutorial contains 2 Set of Final Exam
CIS 462 Final Exam Guide Set 1
• Question 1 A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?
• Question 2 What entity issues and manages digital certificates?
• Question 3 A PKI uses public and private ______ for the secure exchange of information.
• Question 4 A Wi-Fi Access Point Security standard defines secure wireless connectivity to a network. With which IT domain is this standard primarily associated?
• Question 5 Baseline standards for the LAN Domain would include ____________.
• Question 6A standard for Web Services from an external provider would be part of which set of policies?
• Question 7 A control standard that separates the development environment from the production environment would be found in which set of policies?
• Question 8 What is a benefit of instructor-led classroom training for security awareness?
• Question 9 Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.
• Question 10 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?
• Question 11 Which of the following is least likely to be required to attend an organization’s formal security awareness training program?
• Question 12 Implementing IT security policies is as much about __________ as it is about implementing controls.
• Question 13 What is the best way to measure a specific user’s comprehension of security awareness training?
• Question 14 Conducting __________ can be an effective security awareness program solution.
• Question 15 The primary objective of a security awareness program is to _________.
• Question 16Which tool can you use in a Microsoft domain to manage security settings for users and organizational units (OUs)?
• Question 17 What does a configuration management database (CMDB) hold?
• Question 18 A(n) __________ can include a computer’s full operating system, applications, and system settings, including security and configuration settings.
• Question 19 You want to manage patches and updates for Windows client computers centrally. Which is the best tool to use?
• Question 20 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?
• Question 21 Which of the following methods is used to track compliance?
• Question 22 What is due care?
• Question 23 Common IRT members may be IT subject matter experts, IT security reps, HR reps, and ____________ reps.
• Question 24 When responding to an incident, when does the IRT timeline start?
• Question 25 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?
• Question 26 Before an incident can be declared, the IRT must develop an incident ________ for incident response.
• Question 27 FISMA requires federal agencies to report major incidents to which organization?
• Question 28 During which phase of incident response do IRT members stop the attack and gather evidence?
• Question 29 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?
• Question 30 In a business classification scheme, which classification refers to routine communications within the organization?
• Question 31 Regarding data classification, what does “declassification” mean?
• Question 32 What is the general retention period of regulated documents?
• Question 33 What is considered to be a natural extension of the BIA when conducting a BCP?
• Question 34 Which of the following is not a primary reason a business classifies data?
• Question 35 In a business classification scheme, which classification refers to mission-critical data?
• Question 36 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?
• Question 37 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?
• Question 38 ___________ is/are key to security policy enforcement.
• Question 39 Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee’s right to privacy?
• Question 40 Which of the following is least likely to indicate the effectiveness of an organization’s security policies?
• Question 41 What is the name of a common control that is used across a significant population of systems, applications, and operations?
• Question 42 Which employee role is directly accountable to ensure that employees are implementing security policies consistently?
• Question 43 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?
• Question 44 An employee used her company-owned computer to e-mail invitations to friends for her upcoming party, which violated the company’s acceptable use policy. Who is responsible for correcting the employee’s behavior?
• Question 45 What is a disadvantage of hard-coding a user name and password into an application to simplify guest access?
• Question 46 What is an example of “hardening”?
• Question 47 Which type of agreement would you have a contract system administrator (temporary worker) sign?
• Question 48 Which of the following is a policy that prohibits access or storage of offensive content?
• Question 49 What is pretexting associated with?
• Question 50 Who evaluates an organization’s technology controls and risks for compliance with internal security policies or regulations?
CIS 462 Final Exam Guide Set 2
• Question 1 What is the most reasonable way to deal with outdated technology that cannot conform to an organization’s security policies?
• Question 2 To be effective, which of the following must follow security policies?
• Question 3 Conducting __________ can be an effective security awareness program solution.
• Question 4 Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.
• Question 5 The primary objective of a security awareness program is to _________.
• Question 6 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?
• Question 7 What is a benefit of instructor-led classroom training for security awareness?
• Question 8 Which of the following is generally not a part of a security awareness communications plan?
• Question 9 Which of the following methods is used to track compliance?
• Question 10 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?
• Question 11 Best practices for IT security policy compliance monitoring includes ___________.
• Question 12 Three major components of the ITIL life cycle are service transition, service operation, and service _________.
• Question 13 You want to identify active hosts on a network, detect open ports, and determine the operating system in use on servers. Which is the best tool to use?
• Question 14 Nessus® is a type of _______________.
• Question 15 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?
• Question 16 Which organizational committee ensures that an external service provider is meeting the service level agreement (SLA) in the contract?
• Question 17 ___________ is/are key to security policy enforcement.
• Question 18 In a large organization, what is the name of the entity that reviews technology activity and provides approvals before a project or activity can proceed to the next stage?
• Question 19 When monitoring an employee’s Internet use, which of the following can potentially violate an employee’s rights?
• Question 20 What is the name of a common control that is used across a significant population of systems, applications, and operations?
• Question 21 Which of the following is a manual control for enforcing security policies?Before an incident can be declared, the IRT must develop an incident ________ for incident response.
• Question 22 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?
• Question 23 During which phase of incident response do IRT members recover from the attack and resume operations?
• Question 24 During which phase of incident response do IRT members stop the attack and gather evidence?
• Question 25 During which phase of incident response do IRT members stop the attack and gather evidence?
• Question 26 Triage is performed during which phase of incident response?
• Question 27 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?
• Question 28 When analyzing an IT incident, which of the following is not something you need to identify?
• Question 29 When reporting an incident, the IRT team must first classify the _________ of the incident
• Question 30 A System Use Notification standard describes the on-screen display of system notification messages, such as a legal notice that the user is accessing a protected system. With which IT domain is this standard primarily associated?
• Question 31 A LAN Domain policy would include guidelines for which of the following?
• Question 32 A Separation of Environments standard establishes the need to separate the development environment from the production environment. With which IT domain is this standard primarily associated?
• Question 33 A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?
• Question 34 Baseline standards for the LAN Domain would include ____________.
• Question 35 Which of the following documents describes core control requirements for framework policies?
• Question 36 A PKI uses public and private ______ for the secure exchange of information.
• Question 37 When classifying documents in a business, the data owner must strike a balance between protection and _____________.
• Question 38 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?
• Question 39 In a business classification scheme, which classification refers to routine communications within the organization?
• Question 40 Before a BCP can be completed, a(n) _________ must first be completed and agreed upon by all the key departments within the organization.
• Question 41 Regarding data classification, what does “declassification” mean?
• Question 42 Which U.S. government data classification refers to confidential data that’s not subject to release under the Freedom of Information Act?
• Question 43 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?
• Question 44 Which of the following is not a primary reason a business classifies data?
• Question 45 Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take?
• Question 46 Which of the following is generally not true of contractor workers?
• Question 47 What is an example of “hardening”?
• Question 48 Who is most likely to have the least amount of security awareness about your organization?
• Question 49 Who evaluates an organization’s technology controls and risks for compliance with internal security policies or regulations?
• Question 50 Which type of agreement would you have a contract system administrator (temporary worker) sign?