Popular in Course
verified elite notetaker
Popular in Department
This 9 page Study Guide was uploaded by kimwood Notetaker on Monday November 9, 2015. The Study Guide belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 139 views.
Reviews for ISSC363 quiz1
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
Question 1 of 20 5.0/ 5.0 Points Which of the following statements best describes risk? A.The probability of loss of a valued resource B.An error or weakness in the security system C.A negative effect or influence on an information system D.An external situation or event with the potential to cause harm to an IT system Feedback: pg. 4 Question 2 of 20 0.0/ 5.0 Points In which of the IT domains is a hub considered a major component of risk? A.Workstation Domain B.LANWAN Domain C.LAN Domain D.User Domain Question 3 of 20 5.0/ 5.0 Points How does risk management impact an organization? A.Affects the survivability B.Increases the profitability C.Does not affect the profitability D.Does not affect the survivability Feedback: pg. 1415 Question 4 of 20 5.0/ 5.0 Points Which of the following is not a technique for dealing with vulnerabilities? A.Costbenefit analysis B.Audits C.System logs D.Accreditation Feedback: pg. 25 Question 5 of 20 5.0/ 5.0 Points Which of the following statements about threats is not accurate? A.Threats are always present. B.Threats can be eliminated completely. C.Appropriate actions can reduce the chances of occurrence of threats. D.Appropriate actions can reduce the impact of a threat but not the threat itself. Feedback: pg. 12 Question 6 of 20 5.0/ 5.0 Points What would you most commonly do to reduce the potential risk from a threat/vulnerability pair? A.Reduce the vulnerability B.Reduce the threat C.Remove controls D.Remove countermeasures Feedback: pg. 37 Question 7 of 20 5.0/ 5.0 Points After implementing several security controls, what should be done to ensure the controls are performing as expected? A.Continuous monitoring B.Remove existing controls C.Configuration management D.Version control Feedback: pg. 40 Question 8 of 20 5.0/ 5.0 Points What is the most common target of perpetrators initiating an exploit? A.Publicfacing servers B.Users unaware of social engineering tactics C.Enduser systems D.Internal servers Feedback: pg. 41 Question 9 of 20 5.0/ 5.0 Points Which of the following is a U.S. organization that publishes the Special Publication 800 (SP 800) series of documents? A.USCERT B.ITIL C.MITRE Corporation D.NIST Feedback: pg. 50 Question 10 of 20 0.0/ 5.0 Points What U.S. organization routinely publishes free cybersecurityrelated alerts and tips, and includes the ability to subscribe to email alerts for cybersecurity topics? A.NIST B.USCERT C.Department of Homeland Cyber Security D.CVE Question 11 of 20 5.0/ 5.0 Points Companies are expected to understand and abide by any laws that apply to them. What is this commonly called? A.Accountability B.Legal binding C.Compliance D.Regulatory compensation Feedback: pg. 58 Question 12 of 20 5.0/ 5.0 Points To which of the following would HIPAA apply? A.Health insurance companies B.Publicly traded companies C.Federal agencies D.Educational institutions Feedback: pg. 59, 60 Question 13 of 20 5.0/ 5.0 Points What is the first step you would take when creating a HIPAA compliance plan? A.Assessment B.Plan creation C.Plan implementation D.Risk analysis Feedback: pg. 61 Question 14 of 20 5.0/ 5.0 Points Which agency enforces the SarbanesOxley Act (SOX)? A.SEC B.FTC C.Attorney General D.Department of Defense Feedback: pg. 62, 65 Question 15 of 20 5.0/ 5.0 Points To which of the following would SOX apply? A.Federal agencies B.Health insurance companies C.Publicly traded companies D.Educational institutions Feedback: pg. 62 Question 16 of 20 5.0/ 5.0 Points Which of the following is not one of the objectives of a risk management plan? A.Create a list of threats B.Create a list of vulnerabilities C.Identify costs D.Eliminate risk Feedback: pg. 86 Question 17 of 20 5.0/ 5.0 Points Which portion of a risk management plan explains the extent to which the plan will be organized and carried out? A.Introduction B.Scope C.Assignment D.Schedule Feedback: pg. 89 Question 18 of 20 5.0/ 5.0 Points What is scope? A.A list of responsibilities B.Order of RA steps C.Boundaries of a plan D.Analyzing records Feedback: pg. 89 Question 19 of 20 5.0/ 5.0 Points Of the following choices, what is not a responsibility of a project manager for a risk management plan? A.Ensuring costs are controlled B.Ensuring the project stays on schedule C.Ensuring the project stays within scope D.Ensuring team members do not work on other projects Feedback: pg. 92 Question 20 of 20 5.0/ 5.0 Points Which of the following will be included in a risk management report? A.Policies B.Audit reports C.Standards D.Recommendations Feedback: pg. 97
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'