CIS 462 question with answer

  • Question 1

In order to enhance the training experience and emphasize the core security goals and mission, it is recommended that the executives _______________________.

Correct Answer:

video record a message from one the leaders in a senior role to share with new employees

  • Question 2

Which of the following scenarios illustrates an ideal time to implement security policies in order to gain the maximum level of organizational commitment?

Correct Answer:

The policies should be implemented following a new product launch.

  • Question 3

__________________ is a term that denotes the way that a policy either diminishes business disruptions or facilitates the business’s success.

Correct Answer:

Business risk

  • Question 4

Which of the following is the most important reason to solicit feedback from people who have completed security awareness training?

Correct Answer:

It helps discern that attendees can demonstrate knowledge gained through training.

  • Question 5

Many organizations have a(n) ________________________, which is comprised of end user devices (including tablets, laptops, and smartphones) on a shared network and that use distributed system software; this enables these devices to function simultaneously, regardless of location.

Correct Answer:

distributed infrastructure

  • Question 6

In order to build security policy implementation awareness across the organization, there should be ____________________ who partner with other team and departments to promote IT security through different communication channels.

Correct Answer:

multiple executive supporters

  • Question 7

The department responsible for providing security training to new employees is the _______________.

Correct Answer:


  • Question 8

Which of the following statements doesnotoffer an explanation of what motivates an insider to pose a security risk?

Correct Answer:

An individual might think that threatening to disclose security information will earn the attention and recognition from the organization and thus result in promotion.

  • Question 9

One of seven domains of a typical IT infrastructure is the user domain. Within that domain is a range of user types, and each type has specific and distinct access needs. Which of the following types of users has the responsibility of creating and putting into place a security program within an organization?

Correct Answer:

security personnel

  • Question 10

The Barings Bank collapsed in 1995 after it was found that an employee had lost over $1.3 billion of the bank’s assets on the market. The collapse occurred when an arbitrage trader was responsible for both managing trades and guaranteeing that trades were settled and reported according to proper procedures. To which of the following causes is this collapse attributed?

Correct Answer:

lack of separation of duties

  • Question 11

Which of the following isnotone of the types of control partners?

Correct Answer:

software engineers

  • Question 12

Of all the reasons that people commit errors when it comes to IT security, which of the following is the main reason people make mistakes?

Correct Answer:


  • Question 13

One of the processes designed to eradicate maximum possible security risks is to ________________, which limits access credentials to the minimum required to conduct any activity and ensures that access is authenticated to particular individuals.

Correct Answer:


  • Question 14

Which of the following user types is responsible for audit coordination and response, physical security and building operations, and disaster recovery and contingency planning?

Correct Answer:

security personnel

  • Question 15

There are many different types of automated controls that are configured into devices for the purpose of enforcing a security policy. Which of the following isnotan automated control?

Correct Answer:

log reviews

  • Question 16

There are number of issues to consider when composing security policies. One such issue concerns the use of security devices. One such device is a ____________, which is a network security device with characteristics of a decoy that serves as a target that might tempt a hacker.

Correct Answer:


  • Question 17

In information security, the individual responsible for setting goals for implementing security policies is the _________________.

Selected Answer:

chief information security officer

Correct Answer:

chief information security officer

  • Question 18

___________________ are responsible for the monitoring of activities the pre, middle, and post stages of goal implementation, whereas __________________are responsible for the monitoring of activities following the implementation and are called upon to evaluate whether or not the goals have been achieved.

Correct Answer:

Management committees, government committees

  • Question 19

Consider this scenario: A health insurer in Oklahoma settled a class-action lawsuit after having reported that one laptop was stolen in 2008; this laptop contained personal data of more than 1.6 million customers. Based on the fact that the laptop was not encrypted, and that employees were lacking in security awareness training, which of the following statements captures the root cause of this breach?

Correct Answer:

The thorough implementation of security policies was not something that the executive management prioritized.

  • Question 20

It is important that partnership exists between the ___________________, which needs to review the standing legislation that governs their business, and the ____________________, which needs to review all recent or significant policy changes.

Correct Answer:

information security team, legal department

  • Question 21

One of the many roles of the security compliance committee is to focus on controls that are widely used across a large population of applications, systems, and operations. These types of controls are known as ___________________.

Correct Answer:

pervasive controls

  • Question 22

In workstation domain policies, _________________ provide the specific technology requirements for each device. IT staff uses recorded and published procedures to enact configurations by devices to ensure that secure connectivity for remote devices exists, as well as virus and malware protection and patch management capability, among several other related functions.

Correct Answer:

baseline standards

  • Question 23

In general, WAN-specific standards identify specific security requirements for WAN devices. For example, the ____________________ explains the family of controls needed to secure the connection from the internal network to the WAN router, whereas the ______________________ identifies which controls are vital for use of Web services provided by suppliers and external partnerships.

Correct Answer:

WAN router security standard, Web services standard

  • Question 24

___________________ is a term that denotes a user’s capability to authenticate once to access the network and then have automatic authentication on different applications and devices afterward.

Correct Answer:

Single sign-on

  • Question 25

A procure document should accompany every baseline document. Which of the following is a true statement about the circumstances for when a procedure document needs to be created to support the baseline document?

Correct Answer:

Because many configuration processes reuse the same procedure, there does not need to be a new procedure document for every configuration.

  • Question 26

Which of the following statements is most accurate with respect to infrastructure security, as demonstrated by the private sector?

Correct Answer:

Even when an industry standard is applied, there is no way to predict there will be compatibility.

  • Question 27

Baseline LAN standards are concerned with network traffic monitoring because no matter how good firewalls and routers can be, they are still not 100% effective. Thus, _________________ offer a wide range of protection because they seek out patterns of attack.

Correct Answer:

intrusion systems

  • Question 28

An important principle in information security is the concept oflayers of security, which is often referred to aslayered security, ordefense indepth. Which of the following isnotan example of a layer of security?

Correct Answer:

a control standard

  • Question 29

The ______________________ denotes the application software and technology that concerns a wide range of topics from the data management to the systems that process information.

Correct Answer:

system/application domain

  • Question 30

While it would not be possible to classify all data in an organization, there has nonetheless been an increase in the amount of unstructured data retained in recent years, which has included data and logs. There are many different ways to make the time-consuming and expensive process of retaining data less challenging. Which of the following isnotone these approaches?

Correct Answer:

Classify all forms of data no matter the risk to the organization.

  • Question 31

The term ________________ denotes data that is being stored on devices like a universal serial bus (USB) thumb drive, laptop, server, DVD, CD, or server. The term ______________ denotes data that exists in a mobile state on the network, such as data on the Internet, wireless networks, or a private network.

Correct Answer:

data at rest, data in transit

  • Question 32

If a vulnerability is not fixed at the root cause, there is a possibility that another route of attack can emerge. This route is known as the ____________________.

Correct Answer:

attack vector

  • Question 33

At Stanford University, data is labeled according to a classification scheme that identifies information in the following way: prohibited, restricted, confidential, and unrestricted. Which of the following schemes has Stanford adopted?

Correct Answer:

legal classification

  • Question 34

Which of the following outcomes is one of the benefits of a risk-management approach to security policies?

Correct Answer:

This approach offers alternative Assignments of action that might not be obvious to the leaders.

  • Question 35

In policies regarding the ___________ of data, it must be guaranteed that the data that exits the private network is secured and monitored; the data should also be encrypted while in transit.

Correct Answer:

physical transport

  • Question 36

The National Security Information document EO 12356 explains the U.S. military classification scheme of top secret, secret data, confidential, sensitive but unclassified, and unclassified. Which of the following data can be reasonably expected to create serious damage to national security in the event that it was subject to unauthorized disclosure?

Correct Answer:


  • Question 37

2 out of 2 points

In addition to compiling the list of user access requirements, applications, and systems, the BIA also includes processes that are ____________. These processes safeguard against any risks that might occur due to key staff being unavailable or distracted.

Correct Answer:


  • Question 38

In order to form an IRT, an organization is required to create a charter; this document identifies the authority, mission, and goals of a committee or team, and there are a number of different types of IRT models for doing this. Which of the following models permits an IRT to have the complete authority to ensure a breach is contained?

Correct Answer:

IRT that provides on-site response

  • Question 39

2 out of 2 points

An organization’s _______________________ is a particular group of differently skilled individuals who are responsible for attending to serious security situations.

Correct Answer:

incident response team (IRT)

  • Question 40

When reporting incidents, it is necessary to institute transparent procedures for filing incident reports. The process of the incident classification is known astriage. When triage is set in motion, the severity of the threat is assessed. For example, ___________________ occurs when there are a numbers of unauthorized scans, system probes, or vast viruses detected; the event also necessitates manual intervention.

Correct Answer:

severity 3

  • Question 41

The ____________________ identifies the processes entailed in the business continuity plan and/or the disaster recovery plan.

Correct Answer:

disaster declaration policy

  • Question 42

The goal of conducting an incident analysis is to ascertain weakness. Because each incident is unique and might necessitate a distinct set of approaches, there is a range of steps that can be pursued to aid the analysis. One of these steps is to ________________, which entails mapping the network traffic according to the time of day and look for trends.

Correct Answer:

profile your network

  • Question 43

It is important to conduct a nearly continuous evaluation of possible ______________ to guarantee that recovery estimates provided to customers are accurate and maintain credibility with customers.

Correct Answer:


  • Question 44

A __________________________ is a term that refers to the original image that is duplicated for deployment. Using this image saves times by eradicating the need for repeated changes to configuration and tweaks to performance.

Correct Answer:

gold master

  • Question 45

Microsoft domains offer _______________ in order to enhance security for certain departments or users in an organization. This method allows security gaps to close and security settings to be increased for some computers or users.

Correct Answer:

group policy

  • Question 46

Consider this scenario: A sales organization with an onsite IT staff experiences a major outage due to a minor change to a printer. Though systems were working successfully, the printer stopped working when a new server was added to the network. The new server that was added to the network shared the same IP address as the printer. Which of the following statements captures a contributing cause of the problem with the IP compatibility?

Correct Answer:

The IP address conflict demonstrates that the organization failed to comply with change management policies.

  • Question 47

There have been a number of attacks on government systems that have been the result of fundamental errors. Correct configurations of these systems would have prevented these attacks, so security experts created the solution in the form of the ___________________________.

Correct Answer:

Federal Desktop Core Configuration (FDCC)

  • Question 48

2 out of 2 points

A ________________________ is a string of data associated with a file that provides added security, authentication, and nonrepudiation.

Correct Answer:

digital signature

  • Question 49

A security _____________identifies a group of fundamental configurations designed to accomplish particular security objectives.

Correct Answer:


Question 50

Even though SNMP is a part of the TCP/IP suite of protocols, it has undergone a series of improvements since its first version. Which of the following is not one of the improvements offered in version 3?

Correct Answer:

HP SCAP Scanner by HP is now implemented, which enhances overall security.