Question 1 2.5 / 2.5 pointsThe use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?Question options:ConfidentialityAvailabilityIntegrityNonrepudiationQuestion 2 2.5 / 2.5 pointsThe concept of “need to know” is most closely associated with which of the following?Question options:AuthenticationAvailabilityConfidentialityIntegrityQuestion 3 2.5 / 2.5 pointsWhat is the primary goal of business process reengineering?Question options:To develop new security policiesTo improve business processesTo implement an enterprise resource systemTo determine management bonusesQuestion 4 2.5 / 2.5 pointsAn unauthorized user accessed protected network storage and viewed personnel records. What has been lost?Question options:ConfidentialityNonrepudiationIntegrityAvailabilityQuestion 5 2.5 / 2.5 pointsWhat does COBIT stand for?Question options:Control Objectives for Information and Related TechnologyCommon Objects for Information and TechnologyCommon Objectives for Information and TechnologyControl Objects for Information TechnologyQuestion 6 2.5 / 2.5 pointsWhat does “tone at the top” refer to?Question options:Policies, in relation to standards, procedures, and guidelinesConfidentiality in the C-I-A triadRegulatory bodies, in relation to security policies and controlsCompany leadersQuestion 7 2.5 / 2.5 pointsWhich of the following types of security controls stops incidents or breaches immediately?Question options:PreventiveCorrectiveDetectiveNone of the aboveQuestion 8 2.5 / 2.5 pointsAn encryption system is an example of which type of security control?Question options:TechnicalCorrectivePhysicalAdministrativeQuestion 9 2.5 / 2.5 pointsSecurity controls fall into three design types: preventive, detective, and:Question options:effective.corrective.quantitative.qualitative.Question 10 2.5 / 2.5 pointsWhich of the following is not a generally accepted principle for implementing a security awareness program?Question options:Competency should be measured.Remind employees of risks.Leaders should provide visible support.None of the above.Question 11 2.5 / 2.5 pointsOf the following compliance laws, which focuses most heavily on personal privacy?Question options:FISMAGLBAHIPAASOXQuestion 12 2.5 / 2.5 pointsTo which sector does HIPAA apply primarily?Question options:FinancialNone of the aboveCommunicationsMedicalQuestion 13 2.5 / 2.5 pointsWhich law was challenged by the American Library Association and the American Civil Liberties Union claiming it violated free speech rights of adults?Question options:CIPAFERPAHIPAAGLBAQuestion 14 2.5 / 2.5 pointsTo which sector does the Sarbanes-Oxley Act apply primarily?Question options:MedicalPublically traded companiesFinancialCommunicationsQuestion 15 2.5 / 2.5 pointsWhich compliance law concept states that only the data needed for a transaction should be collected?Question options:Public interestLimited use of personal dataFull disclosureOpt-in/opt-outQuestion 16 2.5 / 2.5 pointsYou are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?Question options:Role-based access controlElevated privilegesVirtual private networkingSoftware as a ServiceQuestion 17 2.5 / 2.5 pointsWhich of the following is not true of segmented networks?Question options:By limiting certain types of traffic to a group of computers, you are eliminating a number of threats.Switches, routers, internal firewalls, and other devices restrict segmented network traffic.A flat network has more controls than a segmented network for limiting traffic.Network segmentation limits what and how computers are able to talk to each other.Question 18 2.5 / 2.5 pointsIn which domain is virtual private networking a security control?Question options:WAN DomainRemote Access DomainBoth A and BNeither A nor BQuestion 19 0 / 2.5 pointsA security policy that addresses data loss protection, or data leakage protection, is an issue primarily in which IT domain?Question options:UserWorkstationWANSystem/ApplicationQuestion 20 0 / 2.5 pointsA nurse uses a wireless computer from a patient’s room to access real-time patient information from the hospital server. Which domain does this wireless connection fall under?Question options:System/ApplicationUserWANLANQuestion 21 2.5 / 2.5 pointsRegarding security policies, what is a stakeholder?Question options:An individual who has an interest in the success of the security policiesA framework in which security policies are formedA placeholder in the framework where new policies can be addedAnother name for a change requestQuestion 22 0 / 2.5 pointsWhich personality type tends to be best suited for delivering security awareness training?Question options:PleaserPerformerAnalyticalCommanderQuestion 23 2.5 / 2.5 pointsWhich of the following is typically defined as the end user of an application?Question options:Data ownerData managerData custodianData userQuestion 24 0 / 2.5 pointsWhich of the following is not true of auditors?Question options:Report to the leaders they are auditingAre accountable for assessing the design and effectiveness of security policiesCan be internal or externalOffer opinions on how well the policies are being followed and how effective they areQuestion 25 0 / 2.5 pointsIn an organization, which of the following roles is responsible for the day-to-day maintenance of data?Question options:Data ownerInformation security office (ISO)Compliance officerData custodianQuestion 26 2.5 / 2.5 pointsWhich of the following include details of how an IT security program runs, who is responsible for day-to-day work, how training and awareness are conducted, and how compliance is handled?Question options:ProceduresGuidelinesStandardsPoliciesQuestion 27 0 / 2.5 pointsWhich of the following are used as benchmarks for audit purposes?Question options:PoliciesGuidelinesStandardsProceduresQuestion 28 2.5 / 2.5 pointsWhat does an IT security policy framework resemble?Question options:Narrative documentCycle diagramListHierarchy or treeQuestion 29 0 / 2.5 pointsWhich of the following is not a control area of ISO/IEC 27002, “Information Technology–Security Techniques–Code of Practice for Information Security Management”?Question options:Security policyRisk assessment and treatmentAsset managementAudit and accountabilityQuestion 30 2.5 / 2.5 pointsWhat is included in an IT policy framework?Question options:ProceduresGuidelinesStandardsAll of the aboveQuestion 31 0 / 2.5 pointsWhich of the following is generally not an objective of a security policy change board?Question options:Review requested changes to the policy frameworkCoordinate requests for changesMake and publish approved changes to policiesAssess policies and recommend changesQuestion 32 2.5 / 2.5 pointsWhen publishing an internal security policy or standard, which role or department usually gives final approval?Question options:Audit and Compliance ManagerSenior ExecutiveLegalHuman ResourcesQuestion 33 0 / 2.5 pointsVirus removal and closing a firewall port are examples of which type of security control?Question options:CorrectiveRecoveryDetective or responsePreventiveQuestion 34 0 / 2.5 pointsFences, security guards, and locked doors are examples of which type of security control?Question options:Technical securityNone of the aboveAdministrativePhysical securityQuestion 35 0 / 2.5 pointsWhich principle for developing policies, standards, baselines, procedures, and guidelines discusses a series of overlapping layers of controls and countermeasures?Question options:Multidisciplinary principleAccountability principleProportionality principleDefense-in-depth principleQuestion 36 0 / 2.5 pointsWho is responsible for data quality within an enterprise?Question options:Data stewardData custodianCISACISOQuestion 37 0 / 2.5 pointsThe core requirement of an automated IT security control library is that the information is:Question options:alphabetized.in a numerical sequence.in PDF formatsearchable.Question 38 2.5 / 2.5 pointsWhich security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?Question options:ITILCOBITCOSOOCTAVEQuestion 39 2.5 / 2.5 points__________ refers to the degree of risk an organization is willing to accept.Question options:ProbabilityRisk aversionRisk toleranceRisk appetiteQuestion 40 0 / 2.5 pointsA fundamental component of internal control for high-risk transactions is:Question options:a defense in depth.a separation of duties.data duplication.following best practices.
Our Service Charter
-
Excellent Quality / 100% Plagiarism-Free
We employ a number of measures to ensure top quality essays. The papers go through a system of quality control prior to delivery. We run plagiarism checks on each paper to ensure that they will be 100% plagiarism-free. So, only clean copies hit customers’ emails. We also never resell the papers completed by our writers. So, once it is checked using a plagiarism checker, the paper will be unique. Speaking of the academic writing standards, we will stick to the assignment brief given by the customer and assign the perfect writer. By saying “the perfect writer” we mean the one having an academic degree in the customer’s study field and positive feedback from other customers. -
Free Revisions
We keep the quality bar of all papers high. But in case you need some extra brilliance to the paper, here’s what to do. First of all, you can choose a top writer. It means that we will assign an expert with a degree in your subject. And secondly, you can rely on our editing services. Our editors will revise your papers, checking whether or not they comply with high standards of academic writing. In addition, editing entails adjusting content if it’s off the topic, adding more sources, refining the language style, and making sure the referencing style is followed. -
Confidentiality / 100% No Disclosure
We make sure that clients’ personal data remains confidential and is not exploited for any purposes beyond those related to our services. We only ask you to provide us with the information that is required to produce the paper according to your writing needs. Please note that the payment info is protected as well. Feel free to refer to the support team for more information about our payment methods. The fact that you used our service is kept secret due to the advanced security standards. So, you can be sure that no one will find out that you got a paper from our writing service. -
Money Back Guarantee
If the writer doesn’t address all the questions on your assignment brief or the delivered paper appears to be off the topic, you can ask for a refund. Or, if it is applicable, you can opt in for free revision within 14-30 days, depending on your paper’s length. The revision or refund request should be sent within 14 days after delivery. The customer gets 100% money-back in case they haven't downloaded the paper. All approved refunds will be returned to the customer’s credit card or Bonus Balance in a form of store credit. Take a note that we will send an extra compensation if the customers goes with a store credit. -
24/7 Customer Support
We have a support team working 24/7 ready to give your issue concerning the order their immediate attention. If you have any questions about the ordering process, communication with the writer, payment options, feel free to join live chat. Be sure to get a fast response. They can also give you the exact price quote, taking into account the timing, desired academic level of the paper, and the number of pages.