DeVry SEC578 final exam - 2017

Asked by nerdygirl
Dated: 20th Apr'17 04:12 PM
Bounty offered: $32.00

Page 1


Question 1. 1. (TCO A) What are the goals of information security? (Points : 5)

Administrative, technical, and physical

Confidentiality, accountability, and integrity

Confidentiality, integrity, and accountability

Technical, integrity, and administrative

Confidentiality, integrity, and availability


Question 2. 2. (TCO A) Security controls protect ______. (Points : 5)




computers and networks

All of the above


Question 3. 3. (TCO B) Due care is used as a test to determine whether management has taken precautions that are ______. (Points : 5)







Question 4. 4. (TCO B) Regulations that enforce compliance, including SOX, FERPA, FISMA, and GLB, require protection of ______. (Points : 5)



types of information

personal privacy

computer systems


Question 5. 5. (TCO C) What is a privilege? (Points : 5)

The authority to use an information asset in a particular way

The ability to use an information asset in a particular way

The right to use an information asset in a particular way

The means to use an information asset in a particular way

None of the above


Question 6. 6. (TCO C) Access control can be based on ______. (Points : 5)



message routes

time of day

All of the above


Question 7. 7. (TCO D) Physical controls for electromagnetic emanations are called what? (Points : 5)





None of the above


Question 8. 8. (TCO E) What threats are most likely to compromise CIA safeguards? (Points : 5)


Malicious codes



External hackers


Question 9. 9. (TCO E) What is the name of the phenomenon in which two pieces of information are nonsensitive in isolation but when combined produce highly sensitive information? (Points : 5)




High-water mark

None of the above


Question 10. 10. (TCO F) Adversaries may be ______. (Points : 5)



news reporters

thrill seekers

All of the above

Page 2


Question 1. 1. (TCO A) Identify the phases of the Computer System Life Cycle and briefly define at least one role of the CSPM in each phase. (Points : 10)





Question 2. 2. (TCO C) What are the vulnerabilities that (1) confidentiality controls, (2) integrity controls, and (3) availability controls protect information assets against? (Points : 10)





Question 3. 3. (TCO B) If the CSPM finds that his or her company has information that needs protection according to company policy (that is, it is considered proprietary company information), but there is no external law, order, or rule that requires protection of that kind of information, how should the CSPM proceed? (Points : 10)





Question 4. 4. (TCO D) Many CSPMs would argue that CCTV should be installed in storage rooms, wiring closets, and other nonpublic areas of buildings; other CSPMs would argue that those are low-frequency access areas and do not need CCTV. How should such a decision whether to install CCTV in such nonpublic areas be made? Who should make the final decision? (Points : 10)





Question 5. 5. (TCO E) What is the single most likely event that will compromise the confidentiality, integrity, or availability of information assets? Briefly explain why you have chosen your answer. (Points : 10)





Question 6. 6. (TCO F) Explain briefly why privileged users are of concern to the CSPM. (Points : 10)







Page: 1 2 3

Page 3


Question 1. 1. (TCO A) Explain why understanding globalism is an important aspect of modern business and why it is also an increasingly important aspect of modern information security. Discuss at least competitive advantage as well as supply-chain issues and legal issues. (Points : 15)





Question 2. 2. (TCO B) Analyze why administrative controls should be documented. (Points : 15)





Question 3. 3. (TCO C) Explain the idea of situation awareness and identify at least five elements that should be part of situation awareness for a wide area network (WAN) environment. (Points : 15)





Question 4. 4. (TCO C) We have looked at compliance legislation for several kinds of information (e.g., health, financial, educational) and have also reviewed requirements for protection of particular kinds of information such as intellectual property (trade secrets, patents, copyrights). Most companies store, process, and handle all of these kinds of information. The number of different compliance statutes written by federal, state, local, and tribal governments and of specialty protection requirements issued by independent commissions (such as riverboat gambling commissions) continue to increase. A CSPM may have to deal with several of these laws or rules. Assuming that the CSPM has identified the rules and laws that apply to his company, how can the CSPM ensure that system controls are sufficient to satisfy all of them? (Points : 15)





Question 5. 5. (TCO D) Evaluate advantages of deploying closed-circuit television (CCTV) in a waiting room. (Points : 15)





Question 6. 6. (TCO E) The SOC was established to measure readiness. However, some components of a computer and network system are more critical for readiness than others. Let's say that there are three levels of criticality for system components: mission critical, mission essential, and support. Using what you have learned about calculating the security category for information, devise a similar scheme for categorizing computer and network system components for readiness. (Points : 15)

DeVry SEC578 final exam - 2017
Answered by nerdygirl
Expert Rating: 200 Ratings
Dated: 20th Apr'17 04:12 PM
5 words and 1 attachment(s).
Tutorial Rating: Not Rated
Sold 0 times.
(preview of the tutorial; some sections have been intentionally blurred)


DeVry-SEC578-final-exam---2017.docx (18.88 KB)
Preview of DeVry-SEC578-final-exam---2017.docx
awareness     most   has a     of       sources   yields of     a       circumstances,   and occasions     out       factors   subject can     or       has   recognized as     the       ascribed   human error     mindfulness       in   spaces where     stream       high   poor choices     genuine       condition   frequently observed     a       the   created for     a       assumed   to the     Portable       considered   any means     issues       the   prerequisites of     yet       the   of WAN     giving       not   adequately analysed     paper       on   data in     systems       will   up what     needs       support,   evident in     situationQuestion       C)   have looked     legislation       of   (e g     financial,       also   requirements for     particular       such   intellectual property     patents,       store,   and handle     these       The   of different     written       local,   tribal governments     specialty       by   commissions (such     gambling       increase   CSPM may     deal       these   or rules     the       the   and laws     to       can   CSPM ensure     controls       satisfy   of them?     utilization       approaches,   techniques that     association       data   laws, controls,     approaches       necessities,   far reaching     and       program   Behavioural Outcome:     filling       CSPM   comprehend the     methodology       association   agree to     security       strategy,   broad accepted     will       when   up, organizing,     assessing       authoritative   strategies and     activities       be   to at     least       program:   and control     based       program   locations pertinent     systems,       directions   laws (statutes)     hierarchical       program   incorporate the     and       Coordinate   furnish contact     that       of   security consistence,     enlistment,       reconnaissance   up with     charge       and   of Privacy     Question       D)   advantages of     television       waiting   (Points: 15)     without       points