17236246
Description
Flashcards by Tyler Rock, updated more than 1 year ago
|
Created by Tyler Rock
about 5 years ago
|
|
| Question | Answer |
| ___________________ is the act of protecting information and the systems that store and process it. A. Information Systems Audit and Control Association (ISACA) B. Control Objectives for Information and related Technology (COBIT) C. Business as Usual (BAU) D. Business process reengineering (BPR) | B. Control Objectives for Information and related Technology (COBIT) |
| Which of the following is not one of the four domains that collectively represents a conceptual information systems security management life cycle? A. Align, Plan, and Organize B. Build, Acquire, and Implement C. Deliver, Service, and Support D. Evaluate, Assess, and Perform | D. Evaluate, Assess, and Perform |
| The COBIT Align, Plan, and Organize domain includes basic details of an organization’s requirements and goals; this domain answers which of the following questions? A. What are the areas of vulnerability? B. Where is there room to build? C. What are the processes for quality assurance? D. What do you want to do? | D. What do you want to do? |
| When writing a ____________________, one could state how often a supplier will provide a service or how quickly a firm will respond. For managed services, this document often covers system availability and acceptable performance measures. A. contract B. Policy C. Service Level Agreement D. Standard | C. Service Level Agreement |
| A ____________ would be a misconfiguration of a system that allows the hacker to gain unauthorized access, whereas a______________ is a combination of the likelihood that such a misconfiguration could happen, a hacker’s exploitation of it, and the impact if the event occurred. A. vulnerability, risk B. risk, vulnerability C. threat, risk D. risk, threat | A. vulnerability, risk |
| Generally, regardless of threat or vulnerability, there will ____________ be a chance a threat can exploit a vulnerability. A. Never B. Occasionally C. Always D. Seldom | C. Always |
| Which of the following domains addresses schedules and deliverables? A. Plan, Organize, and Perform B. Build, Acquire, and Implement C. Deliver, Service, and Support D. Evaluate, Assess, and Review | B. Build, Acquire, and Implement |
| In the Build, Acquire, and Implement domain, the ability to manage change is very important. Thus, there are often ___________________ set to avoid disrupting current services while new services are added. A. authentications B. entitlements C. upgrades D. guidelines | C. Upgrades |
| The COBIT Monitor, Evaluate, and Assess domain looks at specific business requirements and strategic direction, and determines if the system still meets these objectives. To ensure requirements are being met, independent assessments known as________________ take place. A. Audits B. quality controls C. quality assurance D. information assurances | A. Audits |
| Which of the following is not one of the “five pillars of the IA model” A. Confidentiality B. Integrity C. Availability D. Assurance | D. Assurance |
| In the ______________ principle adopted by many organizations, you gain access only to the systems and data you need to perform your job. A. confidentiality B. integrity C. don’t ask, don’t tell D. need to know | D. need to know |
| Which of the following situations best illustrates the process of authentication? A. A Web site sets users’ passwords to expire every 90 days B. Using an electronic signature on official documentation C. When an application sets a limit on the amount of payment a user can approve D. When a service is made unavailable to a user due to a server crash | A. A Web site sets users’ passwords to expire every 90 days |
| ________________ functions as a preventive control designed to prevent mistakes from happening. ________________ functions as a detective control intended to improve the quality over time by affording opportunities to learn from past mistakes. A. Quality control; Quality assurance B. Governance; Nonrepudiation C. Quality assurance; Quality control D. Quality control; Business as usual | C. Quality assurance; Quality control |
| A__________________ communicates general rules that cut across the entire organization. A. procedure B. policy principles document C. guideline D. policy definitions document | B. policy principles document |
| Which statement most clearly contrasts the difference between policies and procedures? A. Policies are requirements placed on processes, whereas procedures are the technical steps taken to achieve those policy goals. B. Policies implement controls on a system to make it compliant to a standard, whereas procedures influence the creation of policies. C. Policies set the parameters within which a procedure can be used, whereas procedures influence the creation of policies. D. Policies are often approved by lower-level management responsible for the implementation of policies, whereas procedures are often approved by the most senior levels of management. | A. Policies are requirements placed on processes, whereas procedures are the technical steps taken to achieve those policy goals. |
| ISS policies ensure the consistent protection of information flowing through the entire system. Which of the following is not one of the foundational reasons for using and enforcing security policies? A. protecting systems from the insider threat B. protecting information at rest and in transit C. controlling change to IT infrastructure D. compliance controls for legal mandates | D. compliance controls for legal mandates |
| When an organization lacks policies, its operations become less predictable. Which of the following is a challenge you can expect without policies? A. lower costs B. increased regulatory compliance C. customer dissatisfaction D. low retention rates for employees | C. customer dissatisfaction |
| As employees find new ways to improve a system or process, it is important to have a way to capture their ideas. ________________________ can be understood as finding a better way or as a lesson learned. A. Business process reengineering B. Continuous improvement C. Policy implementation D. Change management | B. Continuous improvement |
| There are many barriers to policy acceptance and enforcement. Which of the following is not one the challenges to policy acceptance? A. organizational support at all levels B. giving employees a stake C. policy awareness and understanding D. disciplinary action for employees who fail to accept policies | D. disciplinary action for employees who fail to accept policies |
Want to create your own Flashcards for free with GoConqr? Learn more.