Categories
CIS 349 Final Exam Guide Set 1
$10.00

CIS 349 Final Exam Guide Set 1

This Tutorial was purchased 5 times & rated A by student like you.

 

This Tutorial contains following Attachments

  • CIS 349 Final Exam Guide Set 1.docx

CIS 349 Final Exam Guide Set 1

 

 

1)  ___________ are the components, including people, information, and conditions, that support business objectives.                              

           

                                   

2)         The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access.  The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else.  This is known as the principle of:                                  

           

                                   

3)   What is meant by business drivers?                                 

           

                                   

4)   Which law defines national standards for all consumer reports, including background checks?                       

                                   

5)         ___________ is the process of providing additional credentials that match the user ID or username.                                   

                                   

6)  What is meant by availability?                  

                                   

7)         Which of the following is the definition of authorization?                           

                                               

8)         An organization wants to determine how well it adheres to its security policy and determine if any “holes” exist. What type of analysis or assessment does it perform?            

9)         Which of the following is not a step to ensuring only authorized users can see confidential data in the LAN Domain?                                               

                                   

10)       Which of the following is not typically a LAN Domain component?                       

                                   

11)       Which control is used in the LAN Domain to protect the confidentiality of data?                                      

12)  The following are LAN Domain controls except:                                  

                                   

13)       Here is a common flow a penetration tester follows to develop attacks:  This step collects as much information about the target environment as possible. At this stage, the attacker is collecting both technical and nontechnical information. Both types of information can help the attacker determine how the organization operates, where it operates, and which characteristics the organization and its customers’ value. This is:                           

           

                                   

14)       A nonintrusive penetration test ____________.                                

                                               

15)       One particular type of network security testing simulates actions an attacker would take to attack your network.  This is known as:                           

                                   

16)       You have the least amount of control over who accesses data in the ______ Domain.                                            

                                   

17) What is the primary type of control used to protect data in the WAN Domain?

                                   

18) What is a best practice for compliance in the WAN Domain?                                        

                                   

19)  The Remote Access Domain server components also generally reside in the ___________ environment, even though they still belong to the Remote Access Domain.                                  

           

                                   

20)       Which of the following is primarily a corrective control in the Remote Access Domain?                            

           

                                   

21) The most common control for protecting data privacy in untrusted environments is encryption. There are three main strategies for encrypting data to send to remote users. One  strategy does not require any application intervention or changes at all. The connection with the remote user handles the encryption. The most common way to implement system connection encryption is by setting up a secure virtual private network (VPN).  This is:                                

           

                                   

22) An important step in securing applications is to remove the _____________.                           

                                   

23) Security controls in the System/Application Domain generally fall into salient categories. The need to create backup copies of data or other strategies to protect the organization from data or functionality loss.                       

                                   

24)  Which of the following is true of a hot site?

                                   

25)       What name is given to an IIA certification that tests audit knowledge unique to the public sector?                                    

Write a review

Order Id


Order Id will be kept Confidential
Your Name:


Your Review:
Rating:   A   B   C   D   F  

Enter the code in the box below:



Related Tutorials
$9.00

This Tutorial was purchased 7 times & rated B+ by student like you.

This Tutorial contains 2 Papers on the Below Mentioned Topic      CIS 349 Week 10 Term Paper Planning An It Infrastructure Audit For Compliance erm Paper: Planning an IT Infrastructure Audit for Compliance   Due Week 10 and worth 200 points   ..
$8.00

This Tutorial was purchased 3 times & rated No rating by student like you.

This Tutorial contains 2 Papers on the Below Mentioned Topic      CIS 349 Week 8 Assignment 4 Designing Compliance Within The Lan-To-Wan Domain   Assignment 4: Designing Compliance within the LAN-to-WAN Domain   Note: Review the page requireme..
$8.00

This Tutorial was purchased 3 times & rated A+ by student like you.

This Tutorial contains 2 Papers on the Below Mentioned Topic      CIS 349 Week 6 Assignment 3 Evaluating Access Control Methods   Imagine you are an Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Securit..
$9.00

This Tutorial was purchased 3 times & rated A by student like you.

This Tutorial contains 2 Papers on the Below Mentioned Topic      Assignment 2: Organizational Risk Appetite and Risk Assessment Due Week 4 and worth 100 points Imagine that a software development company has just appointed you to lead a risk assessment project..
$9.00

This Tutorial was purchased 1 times & rated No rating by student like you.

This Tutorial contains 2 Papers on the Below Mentioned Topic    Imagine you are an Information Security consultant for a small college registrar’s office consisting of the registrar and two (2) assistant registrars, two (2) student workers, and one (1) receptionist. The office ..
$10.00

This Tutorial was purchased 5 times & rated B+ by student like you.

CIS 349 Final Exam Guide Set 2   1) Which type of access control defines permissions based on roles, or groups, and allows object owners and administrators to grant access rights at their discretion?              &n..
$4.00

This Tutorial was purchased 2 times & rated B+ by student like you.

"IT Auditor" Please respond to the following: Take a position on whether or not you would want to pursue a career as an IT auditor. Explain the key reasons why or why not. Determine if you would recommend this job to your family and friends. Provide a rationale for your response.   ..
$4.00

This Tutorial was purchased 0 times & rated No rating by student like you.

Data Center Management" Please respond to the following: Imagine you are an IT security specialist of a large organization which is opening a new data center. Recommend a minimum of three (3) controls, other than door locks, you would utilize to secure the new data center physically. Support ..
$4.00

This Tutorial was purchased 1 times & rated No rating by student like you.

Remote access to corporate resources is becoming commonplace. From an auditing perspective, suggest two (2) or more controls that should be in place to prevent the loss or theft of confidential information.    Give your opinion on what you believe are the essential elements of a..
$4.00

This Tutorial was purchased 2 times & rated B+ by student like you.

Many companies, large and small, have implemented Bring Your Own Device (BYOD) policies allowing employees to use their personal smartphones and tablets to conduct business while at work. Debate the major pros and cons of implementing such a policy.   Identify three (3) risks that mi..
$4.00

This Tutorial was purchased 0 times & rated No rating by student like you.

Select an organization with which you are familiar. Identify the compliance laws that you believe would be most relevant to this organization.   Justify your response. Define the scope of an IT compliance audit that would verify whether or not this organization is in compliance w..