New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
computer science
managing risk in information systems
Managing Risk In Information Systems 3rd Edition Darril Gibson, Andy Igonor - Solutions
Which of the following security principles divides job responsibilities to reduce fraud?A. Need to knowB. Least privilegeC. Separation of dutiesD. Mandatory vacations
What can be used to ensure that unauthorized changes are not made to systems?A. Input validationB. Patch managementC. Version controlD. Configuration management
What are two types of intrusion detection systems?A. Intentional and unintentionalB. Natural and man-madeC. Host based and network basedD. Technical and physical
A technical control prevents unauthorized personnel from having physical access to a secure area or secure system.A. TrueB. False
What allows an attacker to gain additional privileges on a system by sending unexpected code to the system?A. Buffer overflowB. MAC floodC. Input validationD. Spiders
What is hardening a server?A. Securing it from the default configurationB. Ensuring it cannot be powered downC. Locking it in a room that is hard to accessD. Enabling necessary protocols and services
Which of the following steps could be taken to harden a server?A. Removing unnecessary services and protocolsB. Keeping the server up to dateC. Changing defaultsD. Enabling local firewallsE. All of the above
Which government agency includes the Information Technology Laboratory and publishes SP 800-30?A. NISTB. DHSC. NCCICD. US-CERT
Which of the following is a Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Lifecycle Approach?A. SP 800-34B. SP 800-35C. SP 800-37D. SP 800-84
Which U.S. government agency regularly publishes alerts and bulletins related to security threats?A. NISTB. FBIC. US-CERTD. MITRE Corporation
The CVE list is maintained by _______.
What is the standard used to create information security vulnerability names?A. CVEB. MITREC. DISAD. CSI
Which one of the following properly defines risk?A. Threat × MitigationB. Vulnerability × ControlsC. Controls − Residual riskD. Threat × Vulnerability
Which one of the following properly defines total risk?A. Threat − MitigationB. Threat × Vulnerability × Asset valueC. Vulnerability − ControlsD. Vulnerability × Controls
The best bet is to reduce risk to a level that can be accepted.A. TrueB. False
A loss of client confidence or public trust is an example of a loss of _______.
A _______ is used to reduce a vulnerability.
As long as a company is profitable, it does not need to consider survivability.A. TrueB. False
What is the primary goal of an information security program?A. To eliminate losses related to employee actionsB. To eliminate losses related to riskC. To reduce losses related to residual riskD. To reduce losses related to loss of confidentiality, integrity, and availability
The _______ is an industry-recognized standard list of common vulnerabilities.
Which of the following is a goal of risk management?A. To identify the correct cost balance between risk and controlsB. To eliminate risk by implementing controlsC. To eliminate the loss associated with riskD. To calculate value associated with residual risk
If the benefits outweigh the cost, a control is implemented. Costs and benefits are identified by completing a _______.
A company decides to reduce losses of a threat by purchasing insurance, which is known as risk _______.
After controls to minimize risk in the environment have been applied, what is the remaining risk called?A. Remaining riskB. Mitigated riskC. Managed riskD. Residual risk
Who is ultimately responsible for losses resulting from residual risk?A. End usersB. Technical staffC. Senior managersD. Security personnel
Showing 200 - 300
of 225
1
2
3
Step by Step Answers
Get 50% OFF
Claim Now
