Scribd Logo
Upload

Welcome to Scribd!

  • Saint Leo Com540 Module 4 Mid Term Exam (40 Questions)

    Uploaded by

    teacher.theacestud
    55 views6 pages
    SAINT LEO COM540 MODULE 4 MID TERM EXAM (40 QUESTIONS) SAINT LEO COM540 MODULE 4 MID TERM EXAM (40 QUESTIONS) Question 1. Question : The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit. training objective recovery time objective dependency objective recovery point objective Question 2. Question : The ____ contains the rules and configuration guidelines governing the implementation and operation of IDSs within the organization. security policy log file honeypot site policy Question 3. Question : ____ services are triggered by an event or request, such as a report of a compromised host, wide-spreading malicious code, software vulnerability, or something that was identified by an intrusion detection or logging system. Reactive Forensic Security Proactive Question 4. Question : A(n) ____ is a document containing contact information for the individuals that need to be notified in the event of an actual incident. root roster alert roster hierarchical roster sequential roster Question 5. Question : ____ is the control approach that attempts to shift the risk to other assets, other processes, or other organizations. Acceptance Transference Mitigation Avoidance Question 6. Question : A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made. risk assessment mitigation plan risk management disaster recovery plan Question 7. Question : Which of the following is a proactive service? Incident handling Risk analysis Announcements Alerts and warnings Question 8. Question : A favorite pastime of information security professionals is ____, which is realistic, head-to-head attack and defend information, security attacks, and incident response methods. parallel testing war gaming simulation structured walk-through Question 9. Question : In an organization, unexpected activities occur periodically; these are referred to as ____. warnings problems after-action events Question 10. Question : The ____ job functions focus more on costs of system creation and operation, ease of use for system users, and timeliness of system creation, as well as transaction response time. organizational management and professionals information technology management and professionals human resource management and professional information security management and professionals Question 11. Question : ____ is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. Acceptance Avoidance Transference Mitigation Question 12. Question : ____ occurs when valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network. DNS cache poisoning Clipping Signature matching Clustering Question 13. Question : ____ is a common approach used in the discipline of systems analysis and design. Database diagramming Network diagramming Application diagramming Systems diagramming Question 14. Question : A ____ is a document that expresses how an organization ensures that critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site if a catastrophic incident or disaster occurs. risk assessment plan worm Trojan horse business continuity plan Question 15. Question : ____ are important when team members are preparing advisories and procedures. Writing skills Forensic skills Medical skills Mathematical skills Question 16. Question : ____ is an IDS’s ability to dynamically modify its site policies in reaction or response to environmental activity. Alarm Compaction True Attack Stimulus Confidence Value Site policy awareness Question 17. Question : A(n) ____ is any clearly identified attack on the organization’s information assets that wo

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SAINT LEO COM540 MODULE 4 MID TERM EXAM (40 QUESTIONS) SAINT LEO COM540 MODULE 4 MID TERM EXAM (40 QUESTIONS) Question 1. Question : The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit. training objective recovery time objective dependency objective recovery point objective Question 2. Question : The ____ contains the rules and configuration guidelines governing the implementation and operation of IDSs within the organization. security policy log file honeypot site policy Question 3. Question : ____ services are triggered by an event or request, such as a report of a compromised host, wide-spreading malicious code, software vulnerability, or something that was identified by an intrusion detection or logging system. Reactive Forensic Security Proactive Question 4. Question : A(n) ____ is a document containing contact information for the individuals that need to be notified in the event of an actual incident. root roster alert roster hierarchical roster sequential roster Question 5. Question : ____ is the control approach that attempts to shift the risk to other assets, other processes, or other organizations. Acceptance Transference Mitigation Avoidance Question 6. Question : A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made. risk assessment mitigation plan risk management disaster recovery plan Question 7. Question : Which of the following is a proactive service? Incident handling Risk analysis Announcements Alerts and warnings Question 8. Question : A favorite pastime of information security professionals is ____, which is realistic, head-to-head attack and defend information, security attacks, and incident response methods. parallel testing war gaming simulation structured walk-through Question 9. Question : In an organization, unexpected activities occur periodically; these are referred to as ____. warnings problems after-action events Question 10. Question : The ____ job functions focus more on costs of system creation and operation, ease of use for system users, and timeliness of system creation, as well as transaction response time. organizational management and professionals information technology management and professionals human resource management and professional information security management and professionals Question 11. Question : ____ is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. Acceptance Avoidance Transference Mitigation Question 12. Question : ____ occurs when valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network. DNS cache poisoning Clipping Signature matching Clustering Question 13. Question : ____ is a common approach used in the discipline of systems analysis and design. Database diagramming Network diagramming Application diagramming Systems diagramming Question 14. Question : A ____ is a document that expresses how an organization ensures that critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site if a catastrophic incident or disaster occurs. risk assessment plan worm Trojan horse business continuity plan Question 15. Question : ____ are important when team members are preparing advisories and procedures. Writing skills Forensic skills Medical skills Mathematical skills Question 16. Question : ____ is an IDS’s ability to dynamically modify its site policies in reaction or response to environmental activity. Alarm Compaction True Attack Stimulus Confidence Value Site policy awareness Question 17. Question : A(n) ____ is any clearly identified attack on the organization’s information assets that wo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views6 pages

    Saint Leo Com540 Module 4 Mid Term Exam (40 Questions)

    Uploaded by

    teacher.theacestud
    SAINT LEO COM540 MODULE 4 MID TERM EXAM (40 QUESTIONS) SAINT LEO COM540 MODULE 4 MID TERM EXAM (40 QUESTIONS) Question 1. Question : The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit. training objective recovery time objective dependency objective recovery point objective Question 2. Question : The ____ contains the rules and configuration guidelines governing the implementation and operation of IDSs within the organization. security policy log file honeypot site policy Question 3. Question : ____ services are triggered by an event or request, such as a report of a compromised host, wide-spreading malicious code, software vulnerability, or something that was identified by an intrusion detection or logging system. Reactive Forensic Security Proactive Question 4. Question : A(n) ____ is a document containing contact information for the individuals that need to be notified in the event of an actual incident. root roster alert roster hierarchical roster sequential roster Question 5. Question : ____ is the control approach that attempts to shift the risk to other assets, other processes, or other organizations. Acceptance Transference Mitigation Avoidance Question 6. Question : A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made. risk assessment mitigation plan risk management disaster recovery plan Question 7. Question : Which of the following is a proactive service? Incident handling Risk analysis Announcements Alerts and warnings Question 8. Question : A favorite pastime of information security professionals is ____, which is realistic, head-to-head attack and defend information, security attacks, and incident response methods. parallel testing war gaming simulation structured walk-through Question 9. Question : In an organization, unexpected activities occur periodically; these are referred to as ____. warnings problems after-action events Question 10. Question : The ____ job functions focus more on costs of system creation and operation, ease of use for system users, and timeliness of system creation, as well as transaction response time. organizational management and professionals information technology management and professionals human resource management and professional information security management and professionals Question 11. Question : ____ is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. Acceptance Avoidance Transference Mitigation Question 12. Question : ____ occurs when valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network. DNS cache poisoning Clipping Signature matching Clustering Question 13. Question : ____ is a common approach used in the discipline of systems analysis and design. Database diagramming Network diagramming Application diagramming Systems diagramming Question 14. Question : A ____ is a document that expresses how an organization ensures that critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site if a catastrophic incident or disaster occurs. risk assessment plan worm Trojan horse business continuity plan Question 15. Question : ____ are important when team members are preparing advisories and procedures. Writing skills Forensic skills Medical skills Mathematical skills Question 16. Question : ____ is an IDS’s ability to dynamically modify its site policies in reaction or response to environmental activity. Alarm Compaction True Attack Stimulus Confidence Value Site policy awareness Question 17. Question : A(n) ____ is any clearly identified attack on the organization’s information assets that wo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    10/12/2015

    TheAceStudent:SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)

    SAINTLEOCOM540MODULE4MIDTERMEXAM(40
    QUESTIONS)
    SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)
    Question1.Question:
    The____isthepointintimebywhichsystemsanddatamustberecoveredafteranoutageas
    determinedbythebusinessunit.
    trainingobjective
    recoverytimeobjective
    dependencyobjective
    recoverypointobjective
    Question2.Question:
    The____containstherulesandconfigurationguidelinesgoverningtheimplementationand
    operationofIDSswithintheorganization.
    securitypolicy
    logfile
    honeypot
    sitepolicy
    Question3.Question:
    ____servicesaretriggeredbyaneventorrequest,suchasareportofacompromisedhost,wide
    spreadingmaliciouscode,softwarevulnerability,orsomethingthatwasidentifiedbyanintrusion
    detectionorloggingsystem.
    Reactive
    Forensic
    Security
    Proactive
    Question4.Question:
    A(n)____isadocumentcontainingcontactinformationfortheindividualsthatneedtobenotifiedin
    theeventofanactualincident.
    rootroster
    alertroster
    hierarchicalroster
    sequentialroster
    Question5.Question:
    ____isthecontrolapproachthatattemptstoshifttherisktootherassets,otherprocesses,orother
    organizations.
    Acceptance
    Transference
    Mitigation
    Avoidance
    Question6.Question:
    A____dealswiththepreparationforandrecoveryfromadisaster,whethernaturalormanmade.
    riskassessment
    mitigationplan
    riskmanagement
    disasterrecoveryplan
    Question7.Question:
    data:text/htmlcharset=utf8,%3Ch3%20class%3D%22posttitle%20entrytitle%22%20itemprop%3D%22name%22%20style%3D%22margin%3A%200px%3B

    1/6

    10/12/2015

    TheAceStudent:SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)

    Whichofthefollowingisaproactiveservice?
    Incidenthandling
    Riskanalysis
    Announcements
    Alertsandwarnings
    Question8.Question:
    Afavoritepastimeofinformationsecurityprofessionalsis____,whichisrealistic,headtohead
    attackanddefendinformation,securityattacks,andincidentresponsemethods.
    paralleltesting
    wargaming
    simulation
    structuredwalkthrough
    Question9.Question:
    Inanorganization,unexpectedactivitiesoccurperiodicallythesearereferredtoas____.
    warnings
    problems
    afteraction
    events
    Question10.Question:
    The____jobfunctionsfocusmoreoncostsofsystemcreationandoperation,easeofusefor
    systemusers,andtimelinessofsystemcreation,aswellastransactionresponsetime.
    organizationalmanagementandprofessionals
    informationtechnologymanagementandprofessionals
    humanresourcemanagementandprofessional
    informationsecuritymanagementandprofessionals
    Question11.Question:
    ____isthecontrolapproachthatattemptstoreducetheimpactcausedbytheexploitationof
    vulnerabilitythroughplanningandpreparation.
    Acceptance
    Avoidance
    Transference
    Mitigation
    Question12.Question:
    ____occurswhenvalidpacketsexploitpoorlyconfiguredDNSserverstoinjectfalseinformationto
    corrupttheserversanswerstoroutineDNSqueriesfromothersystemsonthatnetwork.
    DNScachepoisoning
    Clipping
    Signaturematching
    Clustering
    Question13.Question:
    ____isacommonapproachusedinthedisciplineofsystemsanalysisanddesign.
    Databasediagramming
    Networkdiagramming
    Applicationdiagramming
    Systemsdiagramming
    Question14.Question:
    A____isadocumentthatexpresseshowanorganizationensuresthatcriticalbusinessfunctions
    continueatanalternatelocationwhiletheorganizationrecoversitsabilitytofunctionattheprimary
    siteifacatastrophicincidentordisasteroccurs.
    riskassessmentplan
    data:text/htmlcharset=utf8,%3Ch3%20class%3D%22posttitle%20entrytitle%22%20itemprop%3D%22name%22%20style%3D%22margin%3A%200px%3B

    2/6

    10/12/2015

    TheAceStudent:SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)

    worm
    Trojanhorse
    businesscontinuityplan
    Question15.Question:
    ____areimportantwhenteammembersarepreparingadvisoriesandprocedures.
    Writingskills
    Forensicskills
    Medicalskills
    Mathematicalskills
    Question16.Question:
    ____isanIDSsabilitytodynamicallymodifyitssitepoliciesinreactionorresponseto
    environmentalactivity.
    AlarmCompaction
    TrueAttackStimulus
    ConfidenceValue
    Sitepolicyawareness
    Question17.Question:
    A(n)____isanyclearlyidentifiedattackontheorganizationsinformationassetsthatwould
    threatentheassetsconfidentiality,integrity,oravailability.
    incident
    threat
    Trojanhorse
    worm
    Question18.Question:
    A____isatypeofIDSthatissimilartotheNIDS,reviewsthelogfilesgeneratedbyservers,
    networkdevices,andevenotherIDSs.
    logfilemonitor
    DNScache
    honeypot
    alarmcluster
    Question19.Question:
    The____canbeusedtocollectinformationdirectlyfromtheendusersandbusinessmanagers.
    forensicanalysis
    systemlogsession
    facilitateddatagatheringsession
    datamanagementsession
    Question20.Question:
    ____aretoolsusedtoidentifywhichcomputersareactiveonanetwork,aswellaswhichportsand
    servicesareactiveonthecomputers,whatfunctionorrolethemachinesmaybefulfilling,andso
    on.
    Filters
    Scanningutilities
    Clusters
    Triggers
    Question21.Question:
    A____isacomputerserverconfiguredtoresembleaproductionsystem,containingrich
    informationjustbeggingtobehacked.
    networkcluster
    honeypot
    smartIDS
    data:text/htmlcharset=utf8,%3Ch3%20class%3D%22posttitle%20entrytitle%22%20itemprop%3D%22name%22%20style%3D%22margin%3A%200px%3B

    3/6

    10/12/2015

    TheAceStudent:SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)

    DNScache
    Question22.Question:
    ____enablesauthorizeduserspersonsorcomputersystemstoaccessinformationwithout
    interferenceorobstruction,andtoreceiveitintherequiredformat.
    Riskassessment
    Integrity
    Availability
    Confidentiality
    Question23.Question:
    ____ensuresthatonlythosewiththerightsandprivilegestoaccessinformationareabletodoso.
    Confidentiality
    Riskassessment
    Integrity
    Availability
    Question24.Question:
    ____istheprocessofmovingtheorganizationtowarditsvision.
    Transference
    Avoidance
    Mitigation
    Strategicplanning
    Question25.Question:
    Usingaprocessknownas____,NetworkIDSsmustlookforattackpatternsbycomparing
    measuredactivitytoknownsignaturesintheirknowledgebasetodeterminewhetherornotan
    attackhasoccurredormaybeunderway.
    cachepoisoning
    signaturematching
    clipping
    scanning
    Question26.Question:
    A(n)____isaSIRTteammember,otherthantheteamleader,whoiscurrentlyperformingthe
    responsibilitiesoftheteamleaderinscanningtheorganizationsinformationinfrastructureforsigns
    ofanincident.
    IRdutyofficer
    softwareengineer
    forensicexpert
    projectmanager
    Question27.Question:
    ____isthecoherentapplicationofmethodicalinvestigatorytechniquestosolvecrimecases.
    AlarmCompaction
    Scanning
    Forensics
    Signaturematching
    Question28.Question:
    ____istheprocessofsystematicallyexamininginformationassetsforevidentiarymaterialthatcan
    provideinsightintohowtheincidenttranspired.
    Incidentresponse
    Forensicsanalysis
    Wargaming
    Disasterrecovery
    Question29.Question:
    data:text/htmlcharset=utf8,%3Ch3%20class%3D%22posttitle%20entrytitle%22%20itemprop%3D%22name%22%20style%3D%22margin%3A%200px%3B

    4/6

    10/12/2015

    TheAceStudent:SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)

    A(n)____isgenerallythoughtofasagroupofindividualsunitedbysharedinterestsorvalues
    withinanorganizationandwhoshareacommongoalofmakingtheorganizationfunctiontomeetits
    objectives.
    networkcommunity
    communityofinterest
    databasecommunity
    incidentresponsecommunity
    Question30.Question:
    Theviolationoffairuseofcopyrightedmaterialisanexampleofa(n)____.
    compromisetointellectualproperty
    actofhumanerror
    deliberateactofinformationdistortion
    deliberateactoftrespass
    Question31.Question:
    A(n)____isaneventthattriggersalarmsandcausesafalsepositivewhennoactualattacksarein
    progress.
    TrueAttackStimulus
    alert
    falsenegative
    falseattackstimulus
    Question32.Question:
    A(n)____isadetailedexaminationoftheeventsthatoccurredfromfirstdetectiontofinalrecovery.
    reactivereview
    proactivereview
    auditreview
    afteractionreview
    Question33.Question:
    A(n)____isatypeofattackoninformationassetsinwhichtheinstigatorattemptstogain
    unauthorizedentryintoasystemornetworkordisruptthenormaloperationsofasystemor
    network.
    event
    intrusion
    alert
    honeypot
    Question34.Question:
    A(n)____requiresthatacontactpersoncalleachandeverypersonontheroster.
    rootroster
    alertroster
    sequentialroster
    hierarchicalroster
    Question35.Question:
    The____istheperiodoftimewithinwhichsystems,applications,orfunctionsmustberecovered
    afteranoutage.
    trainingobjective
    recoverytimeobjective
    recoverypointobjective
    dependencyobjective
    Question36.Question:
    A(n)____mustleadtheprojectandmakesureasoundprojectplanningprocessisused,a
    completeandusefulprojectplanisdeveloped,andprojectresourcesareprudentlymanagedto
    data:text/htmlcharset=utf8,%3Ch3%20class%3D%22posttitle%20entrytitle%22%20itemprop%3D%22name%22%20style%3D%22margin%3A%200px%3B

    5/6

    10/12/2015

    TheAceStudent:SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)

    reachthegoalsoftheproject.
    champion
    crisismanager
    projectmanager
    incidentmanager
    Question37.Question:
    ____servicesaugmentexistingandwellestablishedservicesthatareindependentofincident
    handlingandtraditionallyperformedbyotherareasofanorganizationsuchastheIT,Audit,or
    Trainingdepartments.
    Reactive
    Forensic
    Proactive
    Securityqualitymanagement
    Question38.Question:
    A(n)____ispreparedbytheorganizationtoanticipate,reactto,andrecoverfromeventsthat
    threatenthesecurityofinformationandinformationassetsintheorganization,and,subsequently,
    torestoretheorganizationtonormalmodesofbusinessoperations.
    asset
    threat
    socialplan
    contingencyplan
    Question39.Question:
    A____isanalarmoralertthatindicatesthatanattackisinprogressorthatanattackhas
    successfullyoccurredwheninfacttherewasnosuchattack.
    sitepolicy
    falsepositive
    falsenegative
    ConfidenceValue
    Question40.Question:
    A(n)____isaninvestigationandassessmentoftheimpactthatvariousattackscanhaveonthe
    organization.
    threat
    BIA
    incident
    intellectualproperty
    SAINTLEOCOM540MODULE4MIDTERMEXAM(40QUESTIONS)

    data:text/htmlcharset=utf8,%3Ch3%20class%3D%22posttitle%20entrytitle%22%20itemprop%3D%22name%22%20style%3D%22margin%3A%200px%3B

    6/6

    You might also like