Download MISY 5325 Final Exam and more Exams Nursing in PDF only on Docsity!
m
- Anotherz9termz9forz9dataz9rangez9andz9reasonablene ssz9checksz9is:
inputz9validation
- Whichz9ofz9thez9followingz9isz9notz9onez9ofz9thez9threez9primaryz 9 Eliminate objectivesz9ofz9controls?
- Whatz9changesz9plaintextz9dataz9toz9cipheredz9data? Encryption
- Az9hackerz9wantsz9toz9launchz9anz9attackz9onz9anz9organization.z 9 Az9packetz9analyzer
Thez9hackerz9usesz9az9toolz9toz9capturez9dataz9sentz9overz9t hez9networkz9inz9cleartext,z9hopingz9toz9gatherz9informat ionz9thatz9willz9helpz9makez9thez9attackz9successful.z9Whatz toolz9isz9thez9hackerz9using?
Primaryz9considerationsz9forz9assessingz9threatsz9basedz9onz9weatherz9conditions,z9nat
historicalz9dataz9inz9yourz9localz9areaz9arez9 and .
uralz9disasters
- Inz9az9SQLz9injectionz9attack,z9anz9attackerz9can: readz9sectionsz9ofz9az9data- basez9orz9az9wholez9databasez withoutz9authorization.
- Whatz9doesz9thez9principlez9ofz9leastz9privilegez9havez9inz9com- z 9 Theyz9bothz9specifyz9that monz9withz9thez9principlez9ofz9needz9toz9know?
- Anz9accessz9controlz9suchz9asz9az9firewallz9orz9intrusionz9p re- z9ventionz9systemz9cannotz9protectz9againstz9whichz9ofz thez9following?
usersz9bez9grantedz9accessz onlyz9toz9whatz9theyz9needz9toz performz9theirz9jobs.
Socialz9engineering
m
- Whatz9isz9thez9 purposez9ofz9 nonrepudiationz9techniques? Toz9preventz9peoplez9from denyingz9theyz9tookz9actions
m ning?
- Havingz9suppliesz9onz9handz9forz9continuedz9productio
n:
Probabilityz9ofz9occurrencez andz9impact
Usuallyz9managesz9multipl ez9BCPz9projects.
Testingz9andz9exercisingz9pla ns
m
- Whichz9termz9isz9definedz9asz9"anz9elementz9necessaryz 9 toz9performz9thez9missionz9ofz9anz9organization"?
- Whatz9isz9thez9primaryz9purposez9ofz9identifyingz9criticalz re-
mayz 9 conflictz9withz9oth- erz 9 organizationalz 9 planning z9principles.
CSF
Identifyz9allz9ITz9assetsz9that
sourcesz9inz9thez9businessz9impactz9analysisz9(BIA)z9process?z9supportz9criticalz9busin ess functionsz9(CBFs).
- Lowerz9recoveryz9timez9objectivesz9(RTOs)z9arez butz.
achievable,z9costly
- Whatz9arez9criticalz9resources? Thosez9thatz9arez9requi redz9toz9supportz9criticalz9b usinessz9functionsz9(CBFs )
- Functionalityz9testingz9isz9primarilyz9usedz9with: Softwarez9development
- A(n)z assessmentz9attemptsz9toz9identifyz9vu l-z9nerabilitiesz9thatz9canz9bez9exploited.
Exploit
- Az9businessz9continuityz9planz9(BCP)z9isz9anz9examplez9ofz9a(n):z 9 Securityz9Plan
- Whichz9ofz9thez9followingz9isz9mostz9likelyz9toz9describez9h owz9toz9performz9testz9restores?
- Whichz9ofz9th ez9followingz9i
m
- Completez9thez9equationz9forz9thez9relationshipz9betwe enz9risk,z9vulnerabilities,z9andz9threats:z9Riskz9equals:
Vulnerabilityz9×z9Threat
- Whichz9ofz9thez9followingz9isz9az9physicalz9controlz9thatz9isz9mostz 9 Az9lockedz9door likelyz9toz9bez9usedz9withz9az9proximityz9card?
- Thez9Nationalz9Institutez9ofz9Standardsz9andz9Technolog yz9(NIST)z9publishesz9SPz9800- 53.z9Thisz9documentz9describesz9az 9 varietyz 9 ofz 9 ITz 9 securityz 9 controls,z 9 suchz 9 asz 9 accessz 9 control,z9incidentz9response,z 9 andz9configurationz9management.z9Controlsz 9 arez 9 grou pedz 9 intoz 9 families.z 9 Whichz 9 NISTz 9 controlz9familyz 9 helpsz 9 an z 9 organizationz 9 recoverz 9 fromz 9 failuresz 9 andz9disasters?
- providez9thez9detailedz9stepsz9neededz9toz9car ryz9outz.
Contingencyz 9Planz 9(CP)
Procedures,z 9 policies
- Whyz9arez9auditsz9performed? Toz9checkz9complianc ez9withz9rulesz9andz9guidel ines
- Piggybackingz9isz9alsoz9knownz9as: Tailgating
- Billz9isz9az9securityz9professional.z9Hez9isz9inz9az9meetingz9withz 9 z 9 Publicz9keyz9infrastr ucture co-workersz 9 andz 9 describesz 9 az 9 systemz 9 thatz 9 willz 9 makez 9 webz9(PKI) sessionsz9morez9secure.z9Hez9saysz9whenz9az9userz9connect sz9toz9thez9webz9serverz9andz9startsz9az9securez9session,z9t hez9serverz9sendsz9az9certificatez9toz9thez9user.z9Thez9certifi catez9includesz9az9publicz9key.z9Thez9userz9canz9encryptz9da taz9withz9thez9publicz9keyz9andz9sendz9itz9toz9thez9server.z9Be
m causez9thez9serverz9holdsz9thez9privatez9key,z9itz9canz9decry ptz9thez9data.z9Becausez9noz9otherz9entityz9hasz9thez9privat ez9key,z9noz9onez9elsez9canz9decryptz9thez9data.z9Whatz9isz Billz9describing?
m
- share,z9transfer
m Purchasingz9insurancez9isz9thez9primaryz9wayz9forz9anz9org a-z9nizationz9toz9 orz9 risk.
- Somez9controlsz9arez9identifiedz9basedz9onz9thez9functi onz9theyz9perform.z9Whatz9arez9thez9broadz9classesz9ofz9c ontrolsz9basedz9onz9function?
Preventative,z9detective,z9corr ective
- Whyz9isz9processz9analysisz9performed? Toz9determinez9ifz9vuln erabil- z9itiesz9existz9inz9thez9proces s
- Whichz9approachz9toz9firewallz9rulesz9startsz9offz9byz9blockingz 9 Implicitz9deny
allz9trafficz9andz9thenz9addingz9rulesz9toz9allowz9approvedz9t raffic?
- Whichz9ofz9thez9followingz9isz9notz9commonlyz9includedz9i nz9az9cost-benefitz9analysisz9(CBA)?
Az9businessz9continuityz9planz (BCP)
- Whatz9shouldz9youz9doz9ifz9youz9discoverz9thatz9az9securityz9gapz 9 Addressz9thez9gap. hasz9notz9beenz9closed?
- Whichz9ofz9thez9followingz9isz9anz9importantz9elementz 9 ofz9followingz9upz9onz9az9riskz9mitigationz9plan?
- Allz9ofz9thez9followingz9wouldz9bez9specifiedz9inz9az9passw ordz9policy,z9except:
Ensuringz9thatz9securityz9g apsz9arez9closed
passwordz9management
- Thez9primaryz9risksz9associatedz9withz9thez9Userz9Domainz9ofz9socialz 9 engineering az9typicalz9ITz9infrastructurez9arez9relatedz9to:
- Whichz 9 ofz 9 thez 9 followingz 9 mainlyz 9 appliesz 9 toz 9 anyz 9 organiza-z9HIPAA
m
- Thez9Remotez9Accessz9Domainz9ofz9az9typicalz9ITz9infrastr uc-z9turez9allowsz9 toz9accessz9thez9 network.
remotez9users,z9private
- Devakiz9isz9thez9officez9managerz9forz9az9smallz9medicalz9prac-z9HIPAAz9andz9PCIz9DSS
ticez9inz9California.z9Partz9ofz9herz9dutiesz9isz9toz9ensurez9th ez9practicez 9 isz 9 inz 9 compliancez 9 withz 9 anyz 9 relevantz 9 regulati onsz9orz9standards.z9Self- payz9patientsz9payz9forz9servicesz9viaz9cash,z9check,z9orz9pa ymentz9card.z9Whichz9ofz9thez9followingz9doesz9Devakiz9ne edz9toz9ensurez9compliancez9with?
- Accordingz9toz9thez9Sarbanes- Oxleyz9Actz9(SOX),z9whoz9inz9anz9organizationz9mustz9verif yz9andz9attestz9toz9thez9accuracyz9ofz9financialz9dataz9asz9az 9 matterz9ofz9legalz9compliance?
high-levelz 9 oflcers
- Whichz9ofz9 thez9followingz9isz9notz9truez9ofz9 thez9WANz9Domainz 9 Internal- facingz9serversz9are ofz9az9typicalz9ITz9infrastructure ?
configuredz9inz9thez9demili
z9tarizedz9zonez9betweenz9t woz9firewalls.
- Whatz9isz9az9servicez9levelz9agreementz9(SLA)? Az9documentz9thatz9identifies anz9expectedz9levelz9ofz9per- z9formance
- Afterz9beingz9fired,z9anz9employeez9becomesz9disgruntle d.z9Thez9managersz9neverz9disabledz9hisz9loginz9informa tion,z9andz 9 hisz 9 bestz 9 friendz 9 stillz 9 worksz 9 atz 9 thez 9 company.z 9 Thez 9 dis- z9gruntledz9employeez9givesz9hisz9friendz9hisz9loginz9infor ma-
z9tionz 9 forz 9 thez 9 company'sz 9 p rivatez 9 networ kz 9 andz 9 convin cesz9thez9frien dz9toz9deletez9i
m mportantz9filesz9fromz9thez9compa- z9ny'sz9database.z9Youz9arez9confusedz9whenz9youz9reviewz 9 thez9auditz9logsz9andz9seez9thatz9thez9disgruntledz9emplo yeez9hasz9beenz9loggingz9inz9fromz9withinz9thez9officez9ev eryz9dayz9forz9thez9pastz9week.z9Whatz9hasz9beenz9lostz9inz 9 thisz9scenario?
nonrepudiation
m webz9farm,z9networkz9loadz9balancing
Threatz9likelihood/impactz9matrix
up,z9out
m
- Whyz9mightz9youz9needz9toz9verifyz9riskz9elementsz9ifz9az9s ub- z9stantialz9amountz9ofz9timez9hasz9passedz9sincez9youz9p er-z9formedz9az9riskz9assessment?
- Tonyaz9hasz9beenz9askedz9toz9researchz9compliancez9an dz9thenz9providez9az9reportz9toz9upperz9management.z Man- z9agementz9wantsz9toz9knowz9whatz9thez9organizationz mustz9doz9toz9complyz9withz9az9regulationz9thatz9protects z9thez9pri- z9vacyz9ofz9citizensz9inz9thez9Europeanz9Union.z9Whichz9ofz 9 thez9followingz9willz9Tonyaz9research?
- Wenz9isz9performingz9az9cost- benefitz9analysisz9(CBA).z9Hez9needsz9toz9determinez9whe therz9thez9organizationz9shouldz9movez9workloadsz9from z9thez9in- housez9dataz9centerz9toz9thez9cloud.z 9 Thez 9 projectedz 9 benef itz 9 isz 9 $50,000.z 9 Thez 9 costz 9 ofz 9 thez9controlz9isz9$1,500.z9Wh atz9isz9thez9controlz9value?
Toz9makez9surez9thatz9thez9t hreatsz9orz9vulnerabilitiesz9yo uz9wantz9toz9mitigatez9stillz9ex ist
Generalz9Dataz9Protectionz9Re gulationz9(GDPR)
- Whatz 9 arez 9 overlappingz 9 countermeasures? Ditterentz9countermea- suresz9thatz9attemptz9toz9miti- z9gatez9thez9samez9risk
- Whatz9isz9thez9purposez9ofz9az9riskz9mitigationz9plan? Toz9implementz9counter- measures
Bobz9isz9thez9projectz9managerz9forz9hisz9company'sz9secu
z9rityz 9 counter measurez 9 imp lementationz
m
- Youz9havez9createdz9az9riskz9assessmentz9andz9managementz 9 Createz9az9riskz9mitigat ion hasz9approvedz9it.z9Whatz9doz9youz9doz9next?
Susanz9worksz9forz9az9U.S.z9investmentz9firmz9thatz9isz9re
z9quiredz9toz9bez9registeredz9withz9thez9Securitiesz9andz9E x- z9changez9Commission.z9Susanz9isz9responsiblez9forz9im ple- z9mentingz9accessz9controlsz9onz9thez9organization'sz9da ta- z9basez9servers.z9Whichz9onez9ofz9thez9followingz9lawsz9m ustz9herz9organizationz9complyz9with? - Whatz9processz9generallyz9causesz9az9planz9ofz9actionz9a ndz9milestonesz9(POAM)z9toz9expand?
- Healthz9Insurancez9Portabilityz9andz9Accountabilityz9Act z9(HIPAA)z9finesz9forz9mistakesz9canz9bez9asz9highz9asz
z9az9year.
- Whichz9ofz9thez9followingz9isz9notz9az9valuablez9areaz9ofz9co n- z9siderationz9whenz9definingz9thez9scopez9ofz9az9riskz9mana ge-z9mentz9project?
- Allz9ofz9thez9followingz9statementsz9regardingz9complian cez9lawsz9arez9true,z9except:
plan
Sarbanes-Oxleyz9Actz9(SOX)
Transformingz9thez9riskz9as
z9sessmentz9intoz9az9riskz9mi ti-z9gationz9plan
$25,
Thez9maximumz9acceptabl ez9outagez9(MAO)z9forz9serv ers
thez9Federalz9Informationz9S ecurityz9Managementz9Actz9( FISMA)z9requiresz9coveredz9o rganizationsz9toz9sharez9stu dentz9recordsz9withz9stu- z9dentsz9orz9theirz9parents.
- Gapz9analysisz9reportsz9forz9securityz9arez9oftenz9usedz9whenz9legalz 9 compliance
m dealingz9with: