SEC 440 DeVry Complete Quiz Package
SEC 440 DeVry Complete Quiz Package
SEC 440 DeVry Week 2 Quiz Latest
Question 1. Question: (TCO 1) Why is it important to prepare written policies?
- It lets the policies be communicated more easily.
- This helps to ensure consistency.
- A policy is part of the corporate culture.
- It is required by law.
Question 2. Question: (TCO 2) Which of the following is NOT a threat to data confidentiality?
- Improper access controls
- IN Social engineering In
Question 3. Question : (TCO 1) Which of the following is MOST likely to reflect the policy audience for a corporate ethics policy at Acme Manufacturing?
- All Acme Manufacturg employees and all vendors and service providers
- All full- and part-time employees of Acme Manufacturg and its subsidiaries
- The Acme Manufacturg board of directors
- The fance, human resources, and marketg departments of Acme Manufacturg
Question 4. Question : (TCO 2) Which of the following are all federal regulations?
- Sarbanes-Oxley, IEEE 802.11, and NIST 800-34
- GLBA, HIPAA, and Sarbanes-Oxley
- GLBA, HIPAA, and IEEE 802.11
- GLBA, NIST 800-34, and Sarbanes-Oxley
Question 5. Question : (TCO 1) When should formation security policies, procedures, standards, and guideles be revisited?
- As dicated the policy
- Never; once they are written and published, they must be adhered to
- When dictated by change drivers
Question 6. Question : (TCO 2) What is a valid defition of data tegrity?
- Knowg that the data on the screen have not been tampered with
- Data that are encrypted
- Data that have not been accessed by unauthorized users
- The knowledge that the data are transmitted cipher text only
Question 7. Question : (TCO 1) What should be the consequences of formation security policy violations?
- Always up to, and cludg, termation
- Immediate revocation of all user privileges
- Commensurate with the criticality of formation the policy was written to protect
- Violations cited the person’s annual performance review
Question 8. Question : (TCO 2) Match the followg terms to their meangs.
: Change driver » 2 : Any event that impacts culture, procedures, and activities with an organization
: Acceptable use agreement » 1 : List of actions that employees are not allowed to perform while usg company-provided equipment
: Statement of authority » 3 : introduction to the policy document
: Security policy document policy » 4 : Policy about a policy
Question 9. Question : (TCO 1) Which of the followg best describes how the penalties defed the Policy Enforcement Clause should relate to the fractions?
- Any fraction should result suspension or termation.
- The same penalty should apply each time an fraction occurs.
- The penalty should be proportional to the level of risk curred as a result of the fraction.
- Penalties should be at the discretion of management.
Question 10. Question : (TCO 2) Data tegrity is
- protectg the data from tentional or accidental disclosure.
- makg sure the data are always available when legitimately needed.
- protectg the data from tentional or accidental modification.
- makg sure the data are always transmitted encrypted format.
Question 11. Question : (TCO 1) Which is the worst that may happen if formation security policies are out of date or address technologies no longer used the organization?
- People may take the policies less seriously or dismiss them entirely.
- Executive management may become upset.
- The company may cur unnecessary costs to change them.
- People may not know which policy applies.
Question 12. Question : (TCO 2) Which of the followg federal regulations pertas to the medical field?
Question 13. Question : (TCO 1) which of the followg ways does understandg policy elements help you terpret your organization’s formation security policies?
- Awareness of policy elements helps you determe the strength of the policy and whether you should take it seriously.
- If you understand policy elements, you will be able to change the policies.
- Knowg the purpose and goal of each section of the policy can help you better understand the tent of the policy, as well as how the policy applies to you.
- You need to know the policy elements order to determe which parts of the policy apply to you.
Question 14. Question : (TCO 2) Which of the followg federal regulations pertas to the educational field?
Question 15. Question : (TCO 1) Which of the followg is an important function of the statement of authority?
- It provides a bridge between an organization’s core values and security strategies.
- It dicates who to talk to if you want to request a change the policy.
- It describes the penalties for policy fractions.
- It references standards, guideles, and procedures that the reader can consult for clarification of the policy.
SEC 440 DeVry Week 4 Quiz Latest
Question 1. Question : (TCO 3) Which section of the ISO 17799 deals with asset classification?
Question 2. Question : (TCO 4) The age group most inclined to use an online job search is
- 30 to 49.
- 18 to 29.
- 50 to 64.
- None of the above
Question 3. Question : (TCO 5) In ISO 17799, an area where assets are protected from man-made and natural harm is known as
- secure area.
- company property.
- security perimeter.
Question 4. Question : (TCO 3) When it comes to information security, what is the purpose of labeling?
- Communicating the sensitiity leel
- Communicating the access controls
- Enforcing the access controls
- Auditing the access controls
Question 5. Question : (TCO 4) A security clearance inestigation does NOT inole research into a person’s
- family connections.
Question 6. Question : (TCO 5) The clear desk and clear screen policy is the way to aoid which of the following kinds of physical attacks?
- Shoulder surfing
- Reprinting the last document from the fax machine
- Looking at papers on desks
- All of the above
Question 7. Question : (TCO 3) Information needs to be handled according to
- its classification leel.
- the statement of authority.
- the access controls set forth in the asset management policy.
- IN the access controls set forth in the affirmation agreement.
Question 8. Question : (TCO 4) Which of the following is a component of an affirmation agreement?
- Statement of authority
- Background check
- Job description
- Credit history
Question 9. Question : (TCO 5) What is the goal of the physical entry controls policy?
- Restrict the knowledge of, access to, and actions within secure areas
- Require authorized users to be authenticated and isitors to be identified and labeled
- Require perimeter controls as appropriate
- Make sure the organization pays attention to potential enironmental hazards and threats
Question 10. Question : (TCO 3) This is known as the process of downgrading the classification leel of an information asset.
- Classification review
- Asset publication
Question 11. Question : (TCO 4) Match each of the following with its example.
: Security education » 3 : Recertification training for the network administrator
: Security training » : A presentation on creating good passwords
: Security awareness » 1: Posters reminding users to report security breaches
Question 12. Question : (TCO 5) Which of the following might the working in secure areas policy restrict from being brought into a facility?
- Recording devices
- Laptop computers
- All of the above
Question 13. Question : (TCO 3) When calculating the alue of an asset, which of the following is NOT a criterion?
- Cost to acquire or develop asset
- Cost to maintain and protect the asset
- Cost to disclose the asset
Question 14. Question : (TCO 5) According to the equipment siting and protection policy, smoking, eating, and drinking will not be permitted
- except in designated areas.
- inside the security perimeter.
- under any circumstances.
- in areas where equipment is located.
Question 15. Question : (TCO 3) A qualitative approach to an analysis uses
- hard numbers.
- expert opinions.
- general population surveys.
SEC 440 DeVry Week 6 Quiz Latest
Question 1. Question : (TCO 6) An employee who fails to report a suspected security weakness
- is doing his or her job.
- will not be punished.
- will be treated the same as if he or she had initiated a malicious act against the company.
- is making sure not to aggravate the situation by making a mistake.
Question 2. Question : (TCO 7) Which of the following is NOT an access control method?
Question 3. Question : (TCO 8) When is the best time to think about security when writing a new piece of code?
- IN At the end, once all the modules have been written
- After the users have had a chance to review the application
- At the beginning of the project
- After the application has been approved and authorized by the ISO
Question 4. Question : (TCO 9) As it pertains to GLBA, what does NPI stand for?
- Nonpublic information
- Nonpublic personal information
- Nonprivate information
- Nonprivate personal information
Question 5. Question : (TCO 6) The primary antimalware control is
- an updated antivirus solution.
- a firewall.
- a router.
- an acceptable use policy.
Question 6. Question : (TCO 7) Which is the first target of a hacker who has gained access to an organization’s network?
- Log files
- Sensitive data
- User accounts
- Public data
Question 7. Question : (TCO 8) Which formal security-related process should take place at the beginning of the code creation project?
- Risk assessment
- Input validation
- Output validation
- SQL injection validation
Question 8. Question : (TCO 9) Who enforces the GLBA?
- Eight different federal agencies and states
- The FDIC
- The FFIEC
- The Secretary of the Treasury
Question 9. Question : (TCO 6) The part of the antivirus solution that needs to be updated daily is
- the DAT files.
- central command.
- the control panel.
- the engine.
Question 10. Question : (TCO 7) All users are expected to keep their password secret, unless
- IN a member of the IT group asks for it.
- another employee needs to log on as them.
- d. someone identifying themselves as the ISO asks for it.
- There is no “unless.”
Question 11. Question : (TCO 8) If an employee uses a company-provided application system and finds what he or she thinks is a loophole that allows access to confidential data, that employee should
- alert his or her manager and the ISO immediately.
- verify and test the alleged loophole before alerting anyone.
- not say anything unless he or she is a member of the incident response team.
- alert his or her manager whenever he or she happens to have a chance to do so.
Question 12. Question : (TCO 9) What do the Interagency Guidelines require every covered institution to implement?
- Quarterly risk assessments
- A biannual review of the disaster recovery plan
- A comprehensive written information security program
- A monthly inventory of all information assets
Question 13. Question : (TCO 6) Grandfather-father-son is a model used for
- antivirus updates.
- antispyware updates.
- backup strategies.
- change control management strategies.
Question 14. Question : (TCO 7) Which of the following is the most popular single factor authentication method?
- IN Biometric devices
Question 15. Question : (TCO 8) Input validation is
- verifying that a piece of code does not have any inherent vulnerabilities.
- making sure that employees know what information to enter in a new system.
- testing an application system by entering all kinds of character strings in the provided fields.
- testing what information an application system returns when information is entered.
ABS,AC,ACC,ACCT,ACT,ADJ,AH,AJS,AMP,ANT,ART,BA,BAM,BBA,BCOM,BIO,BIOS,BIS,BMGT,BPA,BSA,BSE,BSHS,BSOP,BUS,BUSN,CARD,CEIS,CHEM,CIS,CIT,CJA,CJS,CMC,CMGT,COLL,COM,COMM,COMP,CPN1,CRJ,CRMJ,CRT,CS,CWV,DBM,EBUS,ECE,ECET,ECN,ECO, ECOM,ECON,ECT,EDU,EED,EMM,ENG,ENGL,ENT,ENTR,ESE,ETH,ETHC,FIN,FIS,FP,GB,GBM,GED,GEN,GENERALQUESTIONS,GLG,GM,GSCM,HCA,HCS,HHS,HIS,HIST,HLT,HOSP,HPE,HRM,HSA,HSM,HTM,HTT,HUM,HUMN,IFSM,INFT,INT,IS,ISCOM,IT,ITB,JADM,JUS,JWI, LAS,LAW,LAWS,LDR,LEG,LIT,LTC,MA,MAT,MATH,MGMT,MGT,MIS,MKT,MKTG,MTH,NETW,NR,NRS,NSCI,NTC,NUR,NURS,OI,OMM,OPS,ORG,PA,PAD,PCN,PHI,PHL,PHYS,PM,POL,POLI,POS,PPA,PRG,PROJ,PSC,PSY,PSYC,PSYCH,QNT,QRB,RDG,REL,RELI,RES,SBE,SCI,SEC,SOC,SOCS,SPE,SRM,STAT,STR,SYM,TCH,UNV,WEB,XACC,XBIS,XCOM,XECO,XMGT