Description
DeVry SEC 578 Week 8 Final Exam Latest
Week 8 final exam
Question 1. 1. (TCO A) What are the goals of information security? (Points : 5)
Administrative, technical, and physical
Confidentiality, accountability, and integrity
Confidentiality, integrity, and accountability
Technical, integrity, and administrative
Confidentiality, integrity, and availability
Question 2. 2. (TCO A) Security controls protect ______. (Points : 5)
facilities
people
information
computers and networks
All of the above
Question 3. 3. (TCO B) Due care is used as a test to determine whether management has taken precautions that are ______. (Points : 5)
compliant
legal
reasonable
secure
readiness
Question 4. 4. (TCO B) Regulations that enforce compliance, including SOX, FERPA, FISMA, and GLB, require protection of ______. (Points : 5)
governments
industries
types of information
personal privacy
computer systems
Question 5. 5. (TCO C) What is a privilege? (Points : 5)
The authority to use an information asset in a particular way
The ability to use an information asset in a particular way
The right to use an information asset in a particular way
The means to use an information asset in a particular way
None of the above
Question 6. 6. (TCO C) Access control can be based on ______. (Points : 5)
roles
location
message routes
time of day
All of the above
Question 7. 7. (TCO D) Physical controls for electromagnetic emanations are called what? (Points : 5)
SPREAD SPECTRUM
SHIELDING
TEMPEST
BLACKOUT
None of the above
Question 8. 8. (TCO E) What threats are most likely to compromise CIA safeguards? (Points : 5)
Viruses
Malicious codes
Spyware
Employees
External hackers
Question 9. 9. (TCO E) What is the name of the phenomenon in which two pieces of information are nonsensitive in isolation but when combined produce highly sensitive information? (Points : 5)
Combinatorics
Synthesis
Aggregation
High-water mark
None of the above
Question 10. 10. (TCO F) Adversaries may be ______. (Points : 5)
competitors
employees
news reporters
thrill seekers
All of the above
Page 2
Question 1. 1. (TCO A) Identify the phases of the Computer System Life Cycle and briefly define at least one role of the CSPM in each phase. (Points : 10)
Question 2. 2. (TCO C) What are the vulnerabilities that (1) confidentiality controls, (2) integrity controls, and (3) availability controls protect information assets against? (Points : 10)
Question 3. 3. (TCO B) If the CSPM finds that his or her company has information that needs protection according to company policy (that is, it is considered proprietary company information), but there is no external law, order, or rule that requires protection of that kind of information, how should the CSPM proceed? (Points : 10)
Question 4. 4. (TCO D) Many CSPMs would argue that CCTV should be installed in storage rooms, wiring closets, and other nonpublic areas of buildings; other CSPMs would argue that those are low-frequency access areas and do not need CCTV. How should such a decision whether to install CCTV in such nonpublic areas be made? Who should make the final decision? (Points : 10)
Question 5. 5. (TCO E) What is the single most likely event that will compromise the confidentiality, integrity, or availability of information assets? Briefly explain why you have chosen your answer. (Points : 10)
Question 6. 6. (TCO F) Explain briefly why privileged users are of concern to the CSPM. (Points : 10)
Page 3
Question 1. 1. (TCO A) Explain why understanding globalism is an important aspect of modern business and why it is also an increasingly important aspect of modern information security. Discuss at least competitive advantage as well as supply-chain issues and legal issues. (Points : 15)
Question 2. 2. (TCO B) Analyze why administrative controls should be documented. (Points : 15)
Question 3. 3. (TCO C) Explain the idea of situation awareness and identify at least five elements that should be part of situation awareness for a wide area network (WAN) environment. (Points : 15)
Question 4. 4. (TCO C) We have looked at compliance legislation for several kinds of information (e.g., health, financial, educational) and have also reviewed requirements for protection of particular kinds of information such as intellectual property (trade secrets, patents, copyrights). Most companies store, process, and handle all of these kinds of information. The number of different compliance statutes written by federal, state, local, and tribal governments and of specialty protection requirements issued by independent commissions (such as riverboat gambling commissions) continue to increase. A CSPM may have to deal with several of these laws or rules. Assuming that the CSPM has identified the rules and laws that apply to his company, how can the CSPM ensure that system controls are sufficient to satisfy all of them? (Points : 15)
Question 5. 5. (TCO D) Evaluate advantages of deploying closed-circuit television (CCTV) in a waiting room. (Points : 15)
Question 6. 6. (TCO E) The SOC was established to measure readiness. However, some components of a computer and network system are more critical for readiness than others. Let’s say that there are three levels of criticality for system components: mission critical, mission essential, and support. Using what you have learned about calculating the security category for information, devise a similar scheme for categorizing computer and network system components for readiness. (Points : 15)
DeVry Courses helps in providing the best essay writing service. If you need 100% original papers for DeVry SEC 578 Week 8 Final Exam Latest, then contact us through call or live chat.
DeVry SEC 578 Week 8 Final Exam Latest
Reviews
There are no reviews yet.