CIS 286 Module 5-6 test
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes ______. A. All of the above B. Controls have been bypassed C. Controls have failed D. Controls have proven ineffective
A. All of the above
The ___________ is a respected professional society that was established in 1947 as "the world's first educational and scientific computing society." A. association for Computing Machinery B. Information Systems Security Association (ISSA) C. International Information Systems Security Certification Consortium, Inc. D. EC-Council
A. Association for Computing Machinery
The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition, is called a(n) _______. A. Chain of evidence B. Evidence affidavit C. Audit trail D. Search warrant
A. Chain of evidence
Payment Card Industry _______ Standards are designed to enhance the security of customers' payment card account data. A. Data Security B. Data Safety C. Data Practices D. Account Security
A. Data Security
A crime involving digital media, computer technology, or related components may be called an act of _______. A. Digital malfeasance B. Digital abuse C. Computer theft. D. computer trespass
A. Digital malfeasance
Which of the following is another name for the Financial Services Modernization Act? A. Gramm-Leach-Bliley Act B. Hitech Act C. The HIPAA Act D. Kennedy-Kassebaum Act
A. Gramm-Leach-Bliley Act
A resumption location known as a ______ is a fully configured computer facility capable of establishing operations at a moment's notice. A. Hot site B. Mobile site C. Service bureau D. Cold site
A. Hot site
The Digital _____ Copyright Act is the American contribution to an international effort by the World Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement. A. Millenium B. Information C. Management D. Master
A. Millenium
A potential disadvantage of a timeshare site-resumption strategy is: A. More than one organization might need the facility. B. More expensive than other options. C. All of the above D. Requires additional investment in time and technology to get up to speed in the event of a disaster.
A. More than one organization might need the facility
______ uses a number of hard drives to store information across multiple drive units. A. RAID B. Virtualization C. Legacy backup D. Continuous database protection
A. RAID
A _____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor. A. Service agreement B. Memorandum of understanding C. Mutual agreement D. Time-share agreement
A. Service agreement
In the 1999 study of computer use-ethics, which of the following countries reported the least tolerant attitudes toward misuse of organizational computing resources? A. Singapore B. Sweden C. United States D. Australia
A. Singapore
Which of these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams? A. So individuals don't find themselves with different responsibilities in different locations at the same time. B. To spread the work out among more people. C. To allow people to specialize in one area. D. To avoid cross-division rivalries.
A. So individuals don't find themselves with different responsibilities in different locations at the same time.
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage ________. A. by accident and/or through unintentional negligence B. With Malice C. With Intent D. none of the other answers are correct
A. by accident and/or through unintentional negligence
The key initial focus of a crisis management response should be on _______. A. safety for staff, visitors, and the public B. the image of the organization C. returning the organization to production D. communicating to the stockholders/owners
A. safety for staff, visitors, and the public
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ________. A. to harass. B. in furtherance of a criminal act C. for private financial gain D. for purposes of commercial advantage
A. to harass
Laws and policies and their associated penalties only provide deterrence if which of the following conditions is present? A. Probability of penalty being administrated. B. All of the other answers are correct. C. Fears of penalty D. Probability of being caught
B. All of the other answers are correct
A _____ site provides only rudimentary services and facilities. A. Commercial B. Cold C. Hot D. Warm
B. Cold
The most common schedule for tape-based backup is a _______ backup, either incremental or differential, with a weekly off-site full backup. A. 12-hour on-site B. Daily on-site C. Daily off-site D. Hourly off-site
B. Daily on-site
The __________ attempts to prevent trade secrets from being illegally shared. A. Sarbanes-Oxley Act B. Economic Espionage Act C. Electronic Communications Privacy Act D. Financial Services Modernization Act
B. Economic Espionage Act
The unauthorized taking of a person information with the intent of committing fraud and abuse of a person's financial and personal reputation, purchasing goods and services without authorization, and generally impersonating the victim for illegal or unethical purposes is known as _________. A. non-criminal fraud B. Identity theft C. Ransoming D. Identity extortion
B. Identity theft
The Health Insurance Probability and Accountability Act of 1996, also known as the _______ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards by standardizing electronic data interchange. A. HITECH B. Kennedy-Kessebaum C. Privacy D. Gramm-Leach-Bliley
B. Kennedy-Kessebaum
Information about a person's history, background, and attributes that can be used to commit identity theft is known as __________ information. A. privately held B. personally identifiable C. Virtually interpreted D. Identity defined
B. Personally Identifiable
Data backup should be based on a(n) ________ policy that specifies how long log data should be maintained. A. Incident response B. Retention C. Business resumption D. Replication
B. Retention
Which of these is not a definite indicator that an event is an incident? A. use of dormant accounts B. Unusual system crashes C. Changes to logs D. Presence of hacker tools
B. Unusual System Crashes
A(n) ______ is a document containing contact information for the people to be notified the event of an incident. A. Call registry B. Emergency notification system C. Alert roster D. Phone list
C. Alert roster
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? A. Identify resource requirements B. Determine mission/business processes and recover criticality C. All of these are BIA stages D. Identify recovery priorities for system resources
C. All of these are BIA stages
Most common data backup schemes involve ______. A. RAID B. Disk-to-disk-to-cloud C. Both of these D. Neither of these
C. Both of these
Each of these is a major component of contingency planning EXCEPT _______. A. incident response plan B. business continuity plan C. Business Loss analysis D. Disaster Recovery plan
C. Business loss analysis
The CPMT should include a _____ who is a high-level manager to support, promote, and endorse the findings of the project and could be the COO or (ideally) the CEO/president. A. Project instigator B. Executive-in-charge C. Champion D. Project manager
C. Champion
The National Information Infrastructure Protection Act of 1996 modified which act? A. Computer Security Act B. USA PATRIOT Improvement and Reauthorization Act C. Computer Fraud and Abuse Act D.. USA PATRIOT Act
C. Computer Fraud and Abuse Act
The processes of examining an adverse event or incident and determining whether it constitutes an actual disaster is known as a ______. A. Incident review B. Disaster indication C. Disaster classification D. Event escalation
C. Disaster classification
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? A. Sarbanes-Oxley Act B. Financial Services Modernization Act C. Electronic Communications Privacy Act D. Economic Espionage Act
C. Electronic Communications Privacy Act
In 2001, the Council of Europe drafted the European Council Cybercrime Convention, which empowers an international task force to oversee a range of security functions associated with _______ activities. A. Electronic Commerce B. Online Terrorist C. Internet D. Cyberactivist
C. Internet
The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption is ______. A. Work recovery time (WRT) B. Recovery point objective (RPO) C. Maximum tolerable downtime (MTD) D. Recovery time objective (RTO)
C. Maximum tolerable downtime (MTD)
The transfer of transaction data in real time to an off-site facility is called ______. A. Off-site storage B. Database shadowing C. Remote journaling D. Electronic vaulting
C. Remote journaling
Business policies function as ______ laws and must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone. A. national B. State C. organizational D. city
C. organizational
The transfer of large data batches to an off-site facility, usually through leased lines or services, is called ______. A. Database shadowing B. Off-site storage C. Remote journaling D. Electronic vaulting
D. Electronic vaulting
_____ is a professional association that focuses on auditing, control, and security. The membership compromises both technical and managerial professionals. A. Information Systems Security Association (ISSA) B. SANS C. EC-Council D. ISACA
D. ISACA
There are three general causes of unethical and illegal behavior: _______, Accident, and Intent. A. none of the other answers are correct. B. Revenge C. Curiosity D. ignorance
D. Ignorance
What is the subject of the Computer Security Act of 1987? A. Telecommunications common carriers B. Cryptography software vendors C. Troubleshooting D. Marketing
D. Marketing
Which U.S. Federal Agency is most responsible for developing and using encryption? A. FBI B. Secret Service C. National Institute for Science and Technology D. National Security Agency
D. National Security Agency
Which type of organizations should prepare for the unexpected? A. Small organizations that can easily recover. B. Only those without good insurance. C. Large organizations which have many assets at risk. D. Organizations of every size and purpose should also prepare for the unexpected.
D. Organizations of every size and purpose should also prepare for the unexpected.
The ______ of 1999 provides guidance on the use of encryption and provides protection from government intervention. A. Economic Espionage Act B. USA PATRIOT Act C. Prepper Act D. Security through Freedom through Encryption Act
D. Security through Freedom through Encryption Act
Intellectual property includes all of the following except? A. the recipe to make Coca-Cola B. An article to the New York Times C. Cengage D. The adventures of Sherlock Holmes E. Process to manufacture an iPhone
D. The Adventures of Sherlock Holmes
Criminal or unethical ____ goes to the state of mind of the individual performing the act. A. accident B. all of the other answers are correct. C. ignorance D. intent
D. intent
The privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ________ purposes. A. billing B. customer service C. troubleshooting D. marketing
D. marketing
When generating a disaster scenario for planning or rehearsal, start with the most important asset: ________. A. networks B. threats C. data D. people
D. people
