Chapters 13–14 Quiz-IT-412

Chapters 13–14 Quiz-IT-412

Chapters 13–14 Quiz

Why is continuous monitoring an important activity in risk management?
Question options:
  It automatically responds to threats and vulnerabilities.
  It helps define long-term business strategy.
  It helps define the financial goals for long-term viability.
  It enables an organization to update policies and controls that aren’t effective.
You are analyzing a risk and have determined that the SLE is $1,200 and the ARO is 3. What is the ALE?
Question options:
  $400
  $3,000
  $12,000
  $3,600
What type of standard states a minimum level of behavior or actions that must be met to comply with a policy?
Question options:
  baseline
  minimal
  safeguard
  procedural
An organization responds to risk according to its:
Question options:
  monitoring plan
  operation plan
  business strategy
  tactical plan
All of the following statements are true except:
Question options:
  To be admissible, evidence must be collected in a lawful manner.
  Admissible evidence is good evidence. Inadmissible evidence is bad evidence.
  Forensic examiners must use established practices and procedures when collecting evidence.
  All evidence is admissible regardless of collection method as long as it is reproducible in a tangible form.
What is a test for measuring the reliability of a scientific methodology?
Question options:
  Silver Platter
  Locard’s
  Daubert
  Merrell
________________ state(s) the justification of why the policy exists. This includes the legal or regulatory justification for the policy, which might be drafted in response to information security threats.
Question options:
  Policy exclusions
  Policy definitions
  Policy rationale
  Policy history
What does the best evidence rule require?
Question options:
  that all evidence must be submitted in digital form whenever possible
  that all evidence must be forensically sound
  that hearsay evidence must be delivered by an expert witness
  that original documents be used at trial
What type of risk assessment uses descriptive categories to express asset criticality, risk exposure (likelihood), and risk impact?
Question options:
  ongoing
  quantitative
  probability-based
  qualitative
Chapters 13–14 Quiz

Which law requires each federal agency to develop an information security program?
Question options:
  FERPA
  HIPAA
  GLBA
  FISMA
Members of the risk assessment team should include:
Question options:
  information security managers only
  information security managers and financial planners
  representatives from business, IT, human resources, executive management, and information security managers
  information security managers, financial planners, and representatives from business lines
What is the name of data that is stored in memory?
Question options:
  volatile
  persistent
  static
  forensically sound
Of the following information security assurance documents, which is the most flexible?
Question options:
  policy
  standard
  guideline
  procedure
What kind of policy would contain a No Retaliation element?
Question options:
  acceptable use
  anti-harassment
  intellectual property
  authentication
When performing computer forensics, what is a potential source of digital evidence?
Question options:
  door handle
  cell phone
  faxed documents
  headphones
What type of risk assessment uses monetary values to assess a risk?
Question options:
  ongoing
  quantitative
  probability-based
  qualitative
What is a forensic duplicate image?
Question options:
  a backup copy of the original data
  a system image
  a bit-by-bit copy of the original storage media
  a backup copy of digital evidence made in a forensic lab
Which of the following is not a valid court-recognized exception to search warrant requirements?
Question options:
  consent
  forensic examination of seized media
  plain view doctrine
  exigent circumstances
According to the NIST, the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level is ___________.
Question options:
  incident response management
  security response management
  breach response management
  risk management
Which of the following steps occurs before any of the others in a formal policy development process?
Question options:
  management approval
  documentation of compliance or exceptions
  stakeholder review
  maintenance and review

Answer Preview-Chapters 13–14 Quiz-IT-412 

Chapters 13–14 Quiz-IT-412 

$5.00

Posted

in

by

Tags: