IS4680 Final Exam Questions

IS4680 Final Exam Questions

Question: I am the framework used to stay in compliance with SOX 404.
Answer: COBIT

Question: The difference between an Assessment and an Audit is that the assessment finds blame where an Audit does not. True or False
Answer: False

Question: This regulation ensures that organizations have sound information security practices and framework for effective information security resources that support federal operations, data, and infrastructure.
Answer: Federal Information Security Management Act (FISMA)

Question: Regulatory compliance benefits organizations, consumers, and this group of people.
Answer: Shareholders

Question: ‘Confidentiality’ is defined as in this in the DoD requirement for IA.
Answer: What is “ensuring that information is not disclosed to unauthorized sources”

Question: Organizations perform this to identify anything that is missing.
Answer: What is a gap analysis

Question: Financial Privacy Rule is found in this act
Answer: What is GLBA

Question: COSO stands for this.
Answer: Committee of Sponsoring Organizations

Question: An AUP is used primarily in this domain.
Answer: User Domain

Question: This is the end user’s operating environment.
Answer: Workstation Domain

Question: Reasons to expand the scope from the initial interviews can vary, but common examples include the lack of controls, the override of controls, and the __________.
Answer: Fraudulent Activity

Question: Applying controls is a direct result of the risk assessment process combined with an analysis of the tradeoffs and is a tradeoff of this.
Answer: Operational Impact


Question: Analyzing the potential threats requires the identification of all possible threats first is known as this.
Answer: Threat Identification

Question: Controls are classified as ______________, ______________, and ________________.
Answer: Preventive, Detective, and Corrective

Question: These are the three IT security controls covered by the National...

Similar Essays