CIS 502 Midterm Set 2
This Tutorial was purchased 1 times & rated No rating by student like you.
This Tutorial contains following Attachments
- CIS 502 Midterm Set 2.docx
CIS 502 Midterm set 2
• 1 An organization recently underwent an audit of its financial applications. The audit report stated that there were several segregation of duties issues that were related to IT support of the application. What does this mean?
• 2 A security manager is developing a data classification policy. What elements need to be in the policy?
• 3 An organization employs hundreds of office workers that use computers to perform their tasks. What is the best plan for informing employees about security issues?
• 4 An organization suffered a virus outbreak when malware was download by an employee in a spam message. This outbreak might not have happened had the organization followed what security principle:
• 5 A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to estimate the yearly loss based on a particular threat. The correct way to calculate this is::
• 6 A qualitative risk assessment is used to identify:
• 7 An employee with a previous criminal history was terminated. The former employee leaked several sensitive documents to the news media. To prevent this, the organization should have:
• 8 CIA is known as:
• 9 The options for risk treatment are:
• 10 The statement, “Information systems should be configured to require strong passwords”, is an example of a/an:
• 11 An organization has a strong, management-driven model of security related activities such as policy, risk management, standards, and processes. This model is better known as:
• 12 An organization wishes to purchase an application, and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics?
• 13 The statement, “Promote professionalism among information system security practitioners through the provisioning of professional certification and training.” is an example of a/an:
• 14One disadvantage of the use of digital certificates as a means for two-factor authentication is NOT:
• 15 The categories of controls are:
• 16 A biometric authentication system that incorporates the results of newer scans into a user's profile is less likely to:
• 17 The use of retina scanning as a biometric authentication method has not gained favor because:
• 18 Buffer overflow, SQL injection, and stack smashing are examples of:
• 19 Which of the following statements about Crossover Error Rate (CER) is true:
• 20 In an information system that authenticates users based on userid and password, the primary reason for storing a hash of the password instead of storing the encrypted password is:
• 21 The reason why preventive controls are preferred over detective controls is:
• 22 Video surveillance is an example of what type(s) of control:
• 23 Which of the following is NOT an authentication protocol:
• 24 An information system that processes sensitive information is configured to require a valid userid and strong password from any user. This process of accepting and validating this information is known as:
• 25 What is the best defense against social engineering?
• 26 The following are valid reasons to reduce the level of privilege for workstation users
• 27 The purpose for putting a “canary” value in the stack is:
• 28 An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an:
• 29 The instructions contained with an object are known as its:
• 30 Rootkits can be difficult to detect because:
• 31 A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as:
• 32 An attack on a DNS server to implant forged “A” records is characteristic of a:
• 33 “Safe languages” and “safe libraries” are so-called because:
• 34 A defense in depth strategy for anti-malware is recommended because:
• 35 The most effective countermeasures against input attacks are:
• 36 A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take?
• 37 The following are characteristics of a computer virus EXCEPT:
• 38 A list of all of the significant events that occur in an application is known as:
• 39 The purpose of a parallel test is:
• 40 The first priority for disaster response should be:
• 41 In what sequence should a disaster recovery planning project be performed?
• 42 For the purpose of business continuity and disaster recovery planning, the definition of a “disaster” is:
• 43 The purpose of a server cluster includes all of the following EXCEPT:
• 44 The definition of Recovery Point Objective (RPO) is:
• 45 At the beginning of a disaster recovery planning project, the project team will be compiling a list of all of the organization’s most important business processes. This phase of the project is known as:
• 46 An organization is about to start its first disaster recovery planning project. The project manager is responsible for choosing project team members. Which staff members should be chosen for this project?
• 47 The types of BCP and DRP tests are:
• 48 Why is disaster recovery-related training a vital component in a DRP project?
• 49 A DRP project team has determined that the RTO for a specific application shall be set to 180 minutes. Which option for a recovery system will best meet the application’s recovery needs?
• 50 The primary reason for classifying disasters as natural or man-made is:
Write a reviewOrder Id
Order Id will be kept Confidential
Rating: A B C D F
Enter the code in the box below:
CIS 502 Final Exam Guide • 1 Two parties are exchanging messages using public key cryptography. Which of the following statements describes the proper procedure for tra..
CIS 502 Midterm set 2 • 1 An organization recently underwent an audit of its financial applications. The audit report stated that there were..
CIS 502 Midterm set 1 • 1 A security manager is developing a data classification policy. What elements need to be in the policy? &..
This Tutorial contains 2 Papers CIS 502 Week 10 Technical Paper Technical Paper: Risk Assessment Global Finance, Inc. Internet OC193 10Gbps Remote Dial UpUsers OC193 10Gbps DMZ Border (Core) Routers Distribution Routers VPN Gateway 10Gbps ..
This Tutorial contains 2 Papers CIS 502 Week 9 Assignment 3 – Strayer New Assignment 3: Cybersecurity Due Week 9 and worth 50 points Cybersecurity is such an important topic today and understanding its implications is paramount in the se..
This Tutorial contains 2 Papers CIS 502 WEEK 8 CASE STUDY Case Study: Mobile Device Security and Other Threats Due Week 8 and worth 110 points Read the article titled, “Mobile Devices Will Be Biggest Business Security Threat i..
This Tutorial contains 2 Papers CIS 502 Week 7 Case Study 3 – Strayer New Case Study 3: Mobile Devices Security Due Week 7 and worth 100 points The use of mobile devices is prevalent and growing rapidly as users heavily depend..
This Tutorial contains 2 Papers CIS 502 WEEK 6 ASSIGNMENT 2 Assignment 2: Critical Infrastructure Protection Due Week 6 and worth 110 points According to the text, Critical Infrastructure Protection (CIP) is an important cybersecurity in..
This Tutorial contains 2 Papers CIS 502 Week 4 Case Study 2 – Strayer New Case Study 2: Social Engineering Attacks and Counterintelligence Due Week 4 and worth 100 points Social engineering attacks and counterintelligence have..
This Tutorial contains 2 Papers CIS 502 Week 3 Case Study 1 – Strayer New Case Study 1: Advanced Persistent Threats Against RSA Tokens Due Week 3 and worth 100 points Authentication breach by impersonation or password crack has been popu..
This Tutorial contains 2 Papers Assignment 1: Web Server Application Attacks Due Week 2 and worth 110 points It is common knowledge that Web server application attacks have become common in today’s digital information sharing age. Understanding the imp..
CIS 502 Week 2 Assignment 1 Web Server Application Attacks (2 Papers) CIS 502 WEEK 6 Assignment 2: Critical Infrastructure Protection (2 Papers) CIS 502 Week 9 Assignment 3 Cybersecurity (2 Papers) CIS 502 Week 10 Technical Paper Risk Assessment (2 Papers) &n..