Assignment Help - homework help

An organization that accepts credit card payments would be


Question 1 : Historically, a web server attached to the public Internet has a probability of being successfully attacked .90 in each year. To which of the following quantitative elements would this most likely relate?

a. EF

b. ARO

c. ALE

d. SLE
 
Question 2 : An organization that accepts credit card payments, would be expected to be compliant with which of the following laws or standards?

a. PCI-DSS

b. HIPAA

c. GLBA

d. FISMA

Question 3 : The act of taking advantage of a weakness within a system to gain unauthorized access is best described as a/an:

a. vulnerability

b. exploit

c. risk

d. threat
 
Question 4 : A risk handling technique in which the company chooses to do nothing about the risk, as the cost of implementing a contro would be more expensive than the impact if the risk were actualized is known as

a. Share or Transfer

b. Mitigation

c. Avoidance

d. Acceptance
 
Question 5 : Which of the following is not a U.S. Government risk management initiative or program?

a. ITIL

b. US-CERT

c. DHS' NCCIC

d. MITRE's CVE List
 
Question 6 : Under FISMA, how often are federal agencies expected to have an independent compliance audit to ensure that security controls are effectively managing risk?

a. Every three years

b. Never

c. Quarterly

d. Annually
 
Question 7 : Students at the University of the Cumberlands have some expectation of privacy afforded to them under which Federal Act?

a. SOX

b. CIPA

c. FERPA

d. FISMA
 
Question 8 :  Which of the following NIST documents addresses how to effectively manage risk?

a. SP 800-55

b. SP 800-41

c. SP 800-53

d. SP 800-30
 
Question 9 : What are valid contents of a risk management plan?

a. Recommendations

b. Scope

c. Objectives

d. All of the above

e. POA&M
 
Question 10 : The amount of money that a negative event will cost us, each time that it occurs.

a. Annualized Rate of Occurrence (ARO)

b. Annual Loss Expectancy (ALE)

c. Single Loss Expectancy (SLE)

d. Exposure Factor (EF)
 
Question 11 : You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $100,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $30,000 per year. Which of the following is the best course of action?

a. Spend $25,000 on cyber insurance to transfer the risk

b. Spend the $30,000 to mitigate the risk

c. Spend whatever it takes to ensure that this data is safe. Its sensitive data, after all!

d. Accept the risk
 
Question 12 :  A type of redundant site that has all of the hardware, software, telecommunication lines, an data already configured and ready to go in the event of a disaster is known as a/an
a. warm site

b. alternate site

c. cold site

d. hot site
 
Question 13 : Implementing an Intrustion Detection System that allows you to watch for hackers in real-time is an example of

a. Risk monitoring

b. Vulnerabiity assessment

c. Risk assessment

d. Risk response
 
Question 14 : A tool used to find open ports on a system is
a. Nessus

b. Wireshark

c. John the Ripper

d. Nmap
 
Question 15 : A risk assessment that uses numerical values to assess the likelihood and impact of a threat to a system is a ____________ risk assessment

a. Quantitative

b. Qualitative

c. Objective

d. Subjective
 
Question 16 : A method that shows a list of project tasks that must be completed on time so that the project is not delayed.

a. Risk Management Plan

b. Milestone Plan Chart

c. Critical Path Chart

d. Gannt Chart
 
Question 17 : A document used to track the progress of remediating identified risk.

a. POA&M, or risk register

b. Risk Profile

c. Vulnerability Assessment

d. Risk Assessment

 Question 18 : This Act applies to financial oganizations

a. Sabanes-Oxley (SOX)

b. FERPA

c. GLBA

d. FISMA
 
Question 19 : Which of the following is not considered a method by which we would harden a server againsts attacks?

a. Enable a firewall

b. Change default passwords

c. Reverse engineer a patch to look for vulnerabilities

d. Remove unused services

Question 20 : This Act applies to security and privacy expectations of healthcare organizations.

a. HIPAA

b. GLBA

c. FERPA

d. FISMA

Question 21 : A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.

a. Job Rotation

b. Need to Know

c. Separation of Duties

d. Acceptable Use

Question 22 : If a hacker hacks in to a bank and transfers money out of one account into his account, which of the following security services was the one that was principally violated?

a. Integrity

b. Confidentiality

c. Availability

d. Access Control

Question 23 : The area inside the firewall is considered to be the

a. Secured Domain

b. Workstation Domain

c. User Domain

d. LAN Domain
 
Question 24 : Which of the following is an example of an intangible asset?

a. Sales database

b. "Good will" or the branding that is associated with a well-liked product

c. Server hardware

d. Server software

Question 25 : The possibility that a negative event will occur is known as a/an:

a. threat

b. risk

c. vulnerablity

d. exploit
 
Question 26 : A weak password, or a firewall that has been improperly configured, is considered a/an:

a. vulnerability

b. threat

c. risk

d. exploit

Question 27 : Which of the following is not a source that would be used to assess an organziation's vulnerabilities?

a. System Logs

b. Prior events

c. Audits

d. Acutuary tables

Question 28 : Which of the following is the formula used to calculate the risk that remains after you apply controls?

a. Risk=Threat X Vulnerability

b. Residual Risk = Total Risk - Controls

c. ALE=SLExARO

d. Total Risk=Thrat X Vulnerability X Assest Value
 
Question 29 : Which of the following is not a fundamental component of an IT risk management plan?

a. Risk assessment

b. Risk reporting

c. Risk identification

d. Risk planning

Question 30 : You have a healthcare organization and would like medical personnel to be able to remotely log in to the network (the Remote Access Domain). Which of the following would be the best technique or tool that you would implement to help mitigate risk to this domain?

a. Implement automated server scanning

b. Implement Web content filters

c. Implement a VPN encrypted tunnel

d. Implement automatic account lockout after 3 failed attempts
 
Question 31 : Discuss one role that would participate in risk management and describe that one role's resposnibilities with respect to risk management.

Question 32 : In your own words, explain why it can be difficult to perform a quantitative risk assessment for a system. Do NOT copy in information or discuss what a quantitative risk assessment is. One, or two, short sentences is all that is required, or expected, for this answer.

Request for Solution File

Ask an Expert for Answer!!
Management Information Sys: An organization that accepts credit card payments would be
Reference No:- TGS02480262

Expected delivery within 24 Hours