Final Exam Study Guide
1. Which of the following is an action that could damage an asset?
c. Data transfer
d. Information assessment
2. Which law requires all types of financial institutions to protect customers’ private financial information?
3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality?
a. Threat monitoring
b. Vulnerability assessments
c. Data classification standards
d. Security awareness policies
4. Which of the following is a detailed written definition of how software and hardware are to be used?
5. Which of the following is not a common type of data classification standard?
b. Top secret
c. Internal use only
d. Private data
6. What does a lapse in a security control or policy create?
a. Policy violation
b. Penetration testing
c. Risk mitigation
d. Security gap
7. Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?
8. Which of the following terms refers to the likelihood of exposure to danger?
Reference: p119, 121
9. Which type of attacker intends to be helpful?
a. Gray-hat hacker
b. Black-hat hacker
c. Script kiddie
d. White-hat hacker
10. Which domain is primarily affected by weak endpoint security on a VPN client?
a. Remote Access Domain
b. LAN Domain
c. Workstation Domain
d. Systems/Applications Domain
11. Identify two phases of the access control process.
a. Identification and authorization
b. Policy definition and policy enforcement
c. Knowledge and...