100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
MIS Final Exam Questions And Answers Latest update 2024 CA$14.21   Add to cart
Quickly navigate to
Preview
  2.  
  3. MIS
  4.  
  5. MIS

Exam (elaborations)

MIS Final Exam Questions And Answers Latest update 2024
 10 views  0 purchase
  • Course
  • MIS
  • Institution
  • MIS

MIS Final Exam Questions And Answers Latest update 2024

Preview 4 out of 50  pages

Document information

  • February 24, 2024
  • 50
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers

Subjects

  • mis final exam questions and answers

Written for

  • MIS
  • MIS

Seller

avatar-seller
KGeorge

Reviews received

Content preview

1 MIS 416 Exam 2 Final Exam Question and Answer s A+ Guaranteed 2024 True correct answers The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need -to-know. ____________ Mitigating correct answers Which of the following is NOT a category of access control? InfoSec Governance correct answers The COSO framework is built on five interrelated components. Which of the following is NOT one of them? Nondiscretionary correct answers Which type of access controls can be role -based or task -based? Need to know correct answers The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance. Deterrent correct answers Which control category discourages an incipient incident? Least Privilege correct answers Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary? False correct answers The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege. ____________ Security Model correct answers To design a security program, an organization can use a(n) ____________________, which is a generic outline of the more thorough and organization -
specific blueprint offered by a service organization. TCSEC correct answers Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"? COBIT correct answers Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute? Reference Monitor correct answers Which piece of the Trusted Computing Base's security system manages access controls? 2 Temporal Isolation correct answers A time -release safe is an example of which type of access control? Access Control List correct answers Under lattice -based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following? Need -to-know correct answers Which access control principle limits a user's access to the specific information required to perform the currently assigned task? Corrective correct answers Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following? Covert correct answers ____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system, and include storage and timing channels. Both A and B are correct (Security Model and Framework) correct answers Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed? False correct answers Dumpster delving is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information. ____________ False correct answers A security monitor is a conceptual piece of the system within the trusted computer base that manages access controls —in other words, it mediates all access to objects by subjects. ____________ No changes by authorized subjects without external validation correct answers Which of the following is NOT a change control principle of the Clark -Wilson model? True correct answers A person's security clearance is a personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access. _________ ___ Security Clearances correct answers Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need -
to-know principle? False correct answers The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the development and operation of IT infrastructures. ____________ For official use only correct answers Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information? 3 True correct answers T/F: The risk control strategy that attempts to reduce the impact of the loss caused by a realized incident, disaster, or attack through effective contingency planning and preparation is known as the mitigation risk control strategy. Technical correct answers A logon identifier is a type of ____ control -Functional -Technical -Procedural -Access Risk elimination correct answers Which of the following is NOT a way organizations can respond to risk? -Risk mitigation -Risk transfer -Risk elimination -Risk acceptance True correct answers T/F: A CBA helps determine if you should use a safeguard True correct answers T/F: Access controls testing verifies user rights and permissions False correct answers T/F: how your organization starts its risk mitigation process depends entirely on the type of organization you are working in False correct answers T/F: Asset valuation is a listing or grouping of assets under an assessment False (This is transference) correct answers T/F: The risk control strategy that attempts to shift risk to other assets, other processes, or other organizations is known as the defense risk control strategy -Create a risk mitigation plan correct answers You have created a risk assessment, and management has approved it. What do you do next? -Start assessing risks for a different department -Define the scope of the risk assessment -Gather the stakeholders for a progress meeting -Create a risk mitigation plan -Mitigation correct answers Which of the following describes an organization's efforts to reduce damage caused by a realized incident or disaster? -Acceptance -Mitigation -Avoidance 4 -Transference -Account management controls correct answers what type of controls ensures that account management is secure? -Account controls -Account management controls -Access controls -Access management controls Transference correct answers The ___ risk control strategy attempts to shift the risk to other assets, processes, or organizations. -Purchase insurance to assign or transfer the security risk to another party correct answers What does the assign security risk help with? -Based on business mission and other factors, accept the identified security risk -Purchase insurance to assign or transfer the security risk to another party -All of the above -Reduce specific security risk True correct answers T/F: physical access controls protect valuable assets by restricting physical access to them -CBAs correct answers What is a significant part of the step of evaluating controls and determining which controls to implement? -DRPs -BCPs -CBAs -DMZs False correct answers T/F: If an in -place countermeasure needs to be upgraded or replaces, you should disable or remove the countermeasure until the new upgraded control can be installed in order to best reduce vulnerabilities -Cost benefit analysis correct answers What is the result of subtracting the post -control annualized loss expectancy and the ACS from the pre -control annualized loss expectancy? -Annualized rate of occurrence -Exposure factor -Single loss expectancy

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller KGeorge. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$14.21. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81849 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$14.21
  • (0)
  Add to cart