


























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CMIT 425 FINAL EXAM Question 1 (1 point) ________________ refers to software that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version control mechanisms, and more. Question 1 options: Privacy impact rating CASE Attack surface analysis Threat modeling
Typology: Quizzes
1 / 98
This page cannot be seen from the preview
Don't miss anything!



























































































Note: It is recommended that you save your response as you complete each question. Question 1 (1 point) ________________ refers to software that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version control mechanisms, and more. Question 1 options: Privacy impact rating CASE Attack surface analysis Question 2 (1 point) In which testing phase ensures that the code meets customer requirements? Question 2 options: Integration testing Unit testing Threat modeling
Acceptance testing Regression testing Question 3 (1 point) Incident response procedures include the following activities, but of which stage can be difficult in case of a virus attack. Question 3 options: Incident identification Containment Tracking Recovery Question 4 (1 point) Phreaking is a type of hacking primarily concerned with what type of systems? Question 4 options: LAN Telephony SCADA
Question 8 (1 point) You are told by your supervisor to maintain evidence for later use during a legal proceeding. What process do you need to document referring to the proper handling of the evidence? Question 8 options: Chain of custody Due Diligence Escalation of Privilege Incident response Order of volatility Question 9 (1 point) What type of network device is responsible for determining the best route from the source to the destination? Question 9 options:
Switch Repeater Bridge Router Question 10 (1 point) The strength of an encryption is determined by many components. However, one of the following does not contribute to the strength of an encryption. Question 10 options: The secrecy of the key The length of the key The initialization vector The cryptanalyst skills Question 11 (1 point) Which risk handling method defines the acceptable risk level the organization can tolerate and reduces the risk to that level? Question 11 options: Risk avoidance Risk transfer Risk mitigation
Question 14 (1 point) Simultaneous execution of more than one program by a single OS is called _____________. Fill in the blank. Question 14 options: interrupt Multitasking Multiprocessing Preemptive multitasking Question 15 (1 point) What type of malware is self-replicating? Question 15 options: Trojan Worm Clone Spam Virus
Question 18 (1 point) What is RAID 5? Question 18 options: Stripping Mirroring Stripping with parity Clustering Question 19 (1 point) Which access control model is based on an operating system enforcing the system's policy through the use of security labels? Question 19 options: DAC MAC RBAC Non-RBAC Question 20 (1 point) What type of evidence is not viewed as reliable and strong in proving innocence or guilt when compared to best evidence? Question 20 options: Circumstantial Evidence
Secondary Evidence Corroborative Evidence Opinion Evidence Question 21 (1 point) Which of the following Hash Algarithms is a more secure Hash Algorithm? Question 21 options: MD SHA HAVAL RIPEMD Question 22 (1 point) Different functionalities of security controls are applied to produce the desired security outcomes. Which of the following security controls is intended to fix components or systems after an incident has occurred? Question 22 options: Detective
Question 25 (1 point) The BCP committee must identify the threats to the company and map them to the following but one. Question 25 options: Maximum tolerable downtime and disruption for activities. Operational disruption and productivity Third party relationship Reputation Question 26 (1 point) Which of the following is not an application protocol? Question 26 options: SMTP HTTP SNMP ICMP Question 27 (1 point) Cryptography algorithms are either __________ algorithms, which use private keys, or ____________ algorithms, which use public & private keys. Fill in the blanks. Question 27 options: Asymmetric, symmetric
Symmetric, asymmetric
Question 30 (1 point) Software is usually developed for _______________ first, not ___________ first. To get the best of both worlds, security and functionality would have to be designed and integrated into the individual phases of the SDLC. Fill in the blanks. Question 30 options: Security, functionality Functionality, security Requirement, functionality Functionality, requirement Question 31 (1 point) What is RAID 1? Question 31 options: Stripping Mirroring Stripping with parity Clustering Question 32 (1 point) What is the level of risk an organization is willing to accept? Question 32 options: Baseline Minimum configuration Acceptable risk
Risk appetite Question 33 (1 point) In SDLC model, _________________ deploys the software and then ensures that it is properly configured, patched, and monitored. Question 33 options: Requirement gathering Design Testing Maintenance Question 34 (1 point) ____________ means that an individual should have just enough permission and rights to fulfill his roles and responsibilities in the company and no more. Question 34 options: Least privilege Job rotation Mandatory vacations Collusion
Vulnerability assessment Risk mitigation Risk monitoring Question 38 (1 point) A process can be in any of these states except Question 38 options: running blocked parked ready Question 39 (1 point) In which testing is performed after a change to a system takes place, retesting to ensure functionality performance, and protection. Question 39 options: Integration testing
Unit testing Acceptance testing Regression testing Question 40 (1 point) In SDLC model, the _________ phase deals with how the software will accomplish the goals identified, which are encapsulated into a functional design. Question 40 options: Requirement gathering Design Testing Maintenance Question 41 (1 point) Which software development model emphasizes risk analysis per iteration and is iterative in approach? This approach integrates customer feedback in the development process. Question 41 options: Agile