Chapter 7, 8, and 9 Questions and Answers

docx

School

Indiana University, Purdue University, Indianapolis *

*We aren’t endorsed by this school

Course

45100

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

9

Uploaded by AdmiralParrotPerson970

Report
Chapter 7, 8 & 9 Questions & Answers Chapter 7: 1. Ensuring that a service is operational 99.999 percent of the time is possible even if a server needs to be regularly rebooted. a. True b. False It is true that ensuring that a service is operational 99.999 percent of the time is possible even if a server needs to be regularly rebooted. 2. What is a single point of failure? a. Any single part of a system that can fail b. Any single part of a system that can cause the entire system to fail if it fails c. Any single part of a system that has been protected with redundancy d. Any single part of a system A single point of failure is any single part of a system that can cause the entire system to fail if it fails. 3. When identifying the assets in an organization, what would be included? a. Hardware b. Software c. Personnel d. Only A and B e. A, B, and C When identifying the assets in an organization, hardware, software, and personnel would be included. 4. When identifying hardware assets in an organization, what information should be included? a. Model number and manufacturer b. Serial number c. Location d. Only A and C e. A, B, and C Model number and manufacturer, serial number and location should be included when identifying hardware assets in an organization. 5. An organization may use a ____ rotation policy to help discover dangerous shortcuts or fraudulent activity.
An organization may use a job rotation policy to help discover dangerous shortcuts or fraudulent activity. 6. What type of data should be included when identifying an organization’s data or information assets? a. Organizational data b. Customer data c. Intellectual property d. A and B only e. A, B, and C Organizational data, customer data, and intellectual property should be included when identifying an organization’s data or information assets. 7. What is a data warehouse? a. A database used in a warehouse b. A database used to identify the location of products in a warehouse c. A database created by combining multiple databases into a central database d. One of several databases used to create a central database for data mining A database created by combining multiple databases into a central database is a data warehouse. 8. What is data mining? a. The process of retrieving relevant data from a data warehouse b. A database used in metal mining operations c. A database created by combining multiple databases into a central database d. A process used to extract, load, and transform a data warehouse The process of retrieving relevant data from a data warehouse is data mining. 9. What can asset management system be compared with to ensure an entire organization is covered? a. Hardware and software assets b. Software assets c. Personnel and data assets d. The seven domains of a typical IT infrastructure What an asset management system can be compared with to ensure an entire organization is covered is the seven domains of a typical IT infrastructure. 10. When updating an organization’s business continuity plans, only _____ systems should be included. When updating an organization's business continuity plans, only mission-critical systems should be included.
11. Which of the following is a privacy regulation that may impact data sourced from the European Economic Area? a. HIPPA b. GDPR c. PCI DSS d. FOIP The GDPR is a privacy regulation that may impact data sourced from the European Economic Area. 12. What should an organization use if it wants to determine what the impact would be if a specific IT server fails? a. BIA b. BCP c. DRP d. BCC What an organization should use if it wants to determine what impact would be if a specific IT server fails is to use BIA. 13. What should an organization use if it wants to ensure it can continue mission-critical operations in the event of a disaster? a. BIA b. BCP c. DRP d. BCC What an organization should use if it wants to ensure it can continue mission-critical operations in the event of a disaster is to use BCP. 14. What should an organization use if it wants to ensure it can recover a system in the event of a disaster? a. BIA b. BCP c. DRP d. BCC What an organization should use if it wants to ensure it can recover a system in the event of a disaster is to use DRP. 15. A BCP and a DRP are two different things. a. True b. False It is true that a BCP and a DRP are two different things. Chapter 8:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1. The two major categories of threats are human and ____. The two major categories of threats are human and natural. 2. A threat is any activity that represents a possible danger, with the potential to affect confidentiality, integrity, or accessibility. a. True b. False It is true that a threat is any activity that represents a possible danger, with the potential to affect confidentiality, integrity, or accessibility. 3. Which of the following methods can be used to identify threats? a. Reviewing historical data b. Performing threat modeling c. Both A and B d. Neither A or B Reviewing historical data and performing threat modeling are methods that can be used to identify threats. 4. What are some sources of internal threats? (Select all that apply) a. Disgruntled employee b. Equipment failure c. Software failure d. Data loss A disgruntled employee, equipment failure, software failure, and data loss are sources of internal threats. 5. Which of the following choices is not considered a best practice when identifying threats? a. Verifying systems operate and are controlled as expected b. Limiting the scope of the assessment c. Considering threats to confidentiality, integrity, and availability d. Assuming the systems have not changed since the last threat assessment Assuming the systems have not changed since the last threat assessment is not considered a best practice when identifying threats. 6. A ______ assessment is used to identify vulnerabilities within an organization. A vulnerability assessment is used to identify vulnerabilities within an organization. 7. Who should perform vulnerability assessment? a. Internal security professionals working as employees b. External security professionals hired as consultants
c. Either internal or external security professionals or both d. Only the IT personnel who own the system Either internal or external security professionals or both should perform a vulnerability assessment. 8. What is the name of a common tool used to perform an automated vulnerability assessment scan? a. Wireshark b. Superscan c. Nessus d. VA Scanner Nessus is the name of a common tool that is used to perform an automated vulnerability assessment scan. 9. What is a common drawback or weakness of a vulnerability scanner? a. A high false-positive error rate b. A high false-negative error rate c. A low false-positive error rate d. A low false-negative error rate A high false-positive error rate is a common drawback or weakness of a vulnerability scanner. 10. An organization wants to check compliance with internal rules and guidelines to ensure that existing policies are being followed. What should be performed? a. Threat assessment b. Gap analysis c. Audit trail d. Audit An audit should be performed if an organization wants to check compliance with internal rules and guidelines to ensure that existing policies are being followed. 11. A business wants to know whether its users are granted the rights and permissions needed to do their job only and no more. A(n) _____ test should be performed. A business wants to know whether its users are granted the rights and permissions needed to do their job only and no more. An access controls test should be performed. 12. A business wants to identify whether any of the discovered vulnerabilities can be exploited. What should be performed? a. Audit b. Transaction and applications test c. Functionality test d. Exploit assessment
An exploit assessment should be performed if a business wants to identify whether any of the discovered vulnerabilities can be exploited. 13. An organization is governed by HIPPA and wants to know whether it is in compliance. What would document the differences between what is required and what is currently implemented? a. Gap analysis b. Vulnerability assessment c. Threat assessment d. Penetration test A gap analysis would document the differences between what is required and what is currently implemented if an organization that is governed by HIPPA wants to know whether it is in compliance. 14. Which of the following types of IDSs is installed on a single system? a. Anomaly-based IDS b. Signature-based IDS c. Host-based IDS d. Network-based IDS A host-based IDS is installed on a single system. 15. An IDS may employ machine learning algorithms to detect unknown malware attacks. a. True b. False It is true that an IDS may employ machine learning algorithms to detect unknown malware attacks. Chapter 9: 1. A ____ will reduce or eliminate a threat or vulnerability. A control or countermeasure will reduce or eliminate a threat or vulnerability. 2. Controls can be identified based on their function. The functions are preventive, detective, and corrective. a. True b. False It is true that controls can be identified based on their function as functions are preventive, detective, and corrective. 3. What are the primary objectives of a control? a. Prevent, control, and attack b. Prevent, respond, and log
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
c. Prevent, recover, and detect d. Prevent, recover, and attack Prevent, recover, and detect are the primary objectives of a control. 4. What type of control is an intrusion detection system (IDS)? a. Preventive b. Detective c. Corrective d. Recovery Detective is a control that is an intrusion detection system (IDS). 5. Controls are often categorized based on how they are implemented. What are the three common methods of implementing controls? a. Preventive, detective, and corrective b. Administrative, technical, and operational c. Technical, administrative, and environmental d. Procedural, technical, and physical Procedural, technical, and physical or the three common methods of implemented controls. 6. A(n) _____ control is used to ensure that users have the rights and permissions they need to perform their jobs and no more. An access control is used to ensure that users have the rights and permissions they need to perform their jobs and no more. 7. Logon identifiers help ensure that users cannot deny taking a specific action, such as deleting a file. What is this called? a. Digital signature b. Encryption c. Nonrepudiation d. PKI Logon identifiers help ensure that users cannot deny taking a specific action such as deleting a file, which is called nonrepudiation. 8. What should be used to ensure that users understand what they can and cannot do on systems within the network? a. Acceptable use banner b. Data range checks c. Rules of behavior d. Audit trails
Rules of behavior should be used to ensure that users understand what they can and cannot do on systems within the network. 9. What can be used to ensure confidentiality or sensitive data? a. Encryption b. Hashing c. Digital signature d. Nonrepudiation Encryption can be used to ensure confidentiality or sensitive data. 10. What should be logged in an audit log? a. All system events? b. All security-related events c. The details of what happened for an event d. Who, what, when, and where details of an event Who, what, when, and where details of an event should be logged in an audit log. 11. An organization wants to issue certificates for internal systems, such as an internal web server. A ____ will need to be installed to issue and manage certificates. An organization wants to issue certificates for internal systems, such as an internal web server. A certificate authority (CA) will need to be installed to issue and manage certificates. 12. Which of the following is a procedural control? a. Session time-out b. Reasonableness check c. Water detection d. DRP A DRP is a procedural control. 13. Which of the following is a technical control? a. PKI b. Awareness and training c. Guards d. Electrical grounding A PKI is a technical control. 14. Which of the following is a physical control? a. Logon identifiers b. CCTV c. Encryption d. BCP
A CCTV is a physical control. 15. The web of trust has a centralized trust model. a. True b. False It is false that the web of trust has a centralized trust model.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CYB_240_Module_Four_Lab_Worksheet_SG.docx
CYB_240_Module_Five_Lab_Worksheet_SG.docx
Chapter 1 and 2 Questions and Answers.docx
Chapter 5 and 6 Questions and Answers.docx
Chapter 3 and 4 Questions and Answers.docx
Chapter 10 and 11 Questions & Answers.docx
ECE114-Final Assignment.docx
Unit 2 Case Study_ Pizza Palace Job Interview.docx
Unit 4 Case Study_ VIP Pizza.docx
Unit 3 Case Study_ Marco's Pizza Supply.docx
Proposal of Protocol_ LaNasa, Harn, Jones, Thomas, Haynes.docx
Module 3 Strength Based Perspective.docx