A ____________ would be a misconfiguration of a system that allows the hacker to gain unauthorized access, whereas a______________ is a combination of the likelihood that such a misconfiguration could happen, a hacker's exploitation of it, and the impact if the event occurred.

a.vulnerability, risk

b.risk, vulnerability

c.threat, risk

d.risk, threat

5 points Save Answer

Question 2

 

A vulnerability is a human-caused or natural event that could impact the system, whereas a risk is a weakness in a system that can be exploited.

 True

 False

5 points Save Answer

Question 3

 

A__________________ communicates general rules that cut across the entire organization.

a.procedure

b.policy principles document

c.guideline

d.policy definitions document

5 points Save Answer

Question 4

 

As employees find new ways to improve a system or process, it is important to have a way to capture their ideas. ________________________ can be understood as finding a better way or as a lesson learned.

a.Business process reengineering

b.Continuous improvement

c.Policy implementation

d.Change management

5 points Save Answer

Question 5

 

Authentication is the ability to verify the identity of a user or device and is a concept that explicitly applies to human users.

 True

 False

5 points Save Answer

Question 6

 

Availability ensures information is available to authorized users and devices. Initially, the information owner must determine availability requirements. The owner must determine who needs access to the data and when.

 True

 False

5 points Save Answer

Question 7

 

Data exists generally in one of two states: data at rest, such as on a backup tape, or data in transit, such as when traveling across a network.

 True

 False

5 points Save Answer

Question 8

 

Generally, regardless of threat or vulnerability, there will ____________ be a chance a threat can exploit a vulnerability.

a.never

b.occasionally

c.always

d.seldom

5 points Saved

Question 9

 

Good governance provides assurance and confidence that rules are being followed; governance exists for the purpose of providing assurance to regulators that risks to shareholders, customers, and the public are being properly managed.

 True

 False

5 points Save Answer

Question 10

 

It is possible for an organization to set up a sound policy framework that can prevent any issues from occurring in ISS.

 True

 False

5 points Save Answer

Question 11

 

Integrity ensures that only authorized individuals are able to access information.

 True

 False

5 points Save Answer

Question 12

 

In the Build, Acquire, and Implement domain, the ability to manage change is very important. Thus, there are often ___________________ set to avoid disrupting current services while new services are added.

a.authentications

b.entitlements

c.upgrades

d.guidelines

5 points Save Answer

Question 13

 

The COBIT Align, Plan, and Organize domain includes basic details of an organization's requirements and goals; this domain answers which of the following questions?

a.What are the areas of vulnerability?

b.Where is there room to build?

c.What are the processes for quality assurance?

d.What do you want to do?

5 points Save Answer

Question 14

 

The COBIT Monitor, Evaluate, and Assess domain looks at specific business requirements and strategic direction, and determines if the system still meets these objectives. To ensure requirements are being met, independent assessments known as________________ take place.

a.audits

b.quality controls

c.quality assurance

d.information assurances

5 points Save Answer

Question 15

 

The legal concept of nonrepudiation provides assurance that an individual cannot deny having digitally signed a document or been party to a transaction. As the sum total of evidence that proves to the court's satisfaction that only one person could have executed that transaction, this concept exists because businesses want to prove it was one person's computer, ID, and digital signature, and that the person's transaction that cannot be repudiated.

 True

 False

5 points Save Answer

Question 16

 

The COBIT Monitor, Evaluate, and Assess domain phase looks at specific business requirements and strategic direction and determines if the system still meets these objectives.

 True

 False

5 points Save Answer

Question 17

 

Which of the following is not one of the "five pillars of the IA model"

a.Confidentiality

b.Integrity

c.Availability

d.Assurance

5 points Save Answer

Question 18

 

Which of the following situations best illustrates the process of authentication?

a.A Web site sets users' passwords to expire every 90 days

b.Using an electronic signature on official documentation

c.When an application sets a limit on the amount of payment a user can approve

d.When a service is made unavailable to a user due to a server crash

5 points Save Answer

Question 19

 

Which of the following is not one of the four domains that collectively represents a conceptual information systems security management life cycle?

a.Align, Plan, and Organize

b.Build, Acquire, and Implement

c.Deliver, Service, and Support

d.Evaluate, Assess, and Perform 

5 points Save Answer

Question 20

 

.Which statement most clearly contrasts the difference between policies and procedures?

a..Policies are requirements placed on processes, whereas procedures are the technical steps taken to achieve those policy goals.

b..Policies implement controls on a system to make it compliant to a standard, whereas procedures influence the creation of policies.

c.Policies set the parameters within which a procedure can be used, whereas procedures influence the creation of policies.

dPolicies are often approved by lower-level management responsible for the implementation of policies, whereas procedures are often approved by the most senior levels of management.