User Account

All Pages

What are data classifications used by the us government

Assignment Help Business Management
Reference no: EM131680642

Assignment

Part 1

1. You are evaluating assets and come across a server that must be operational 99.99 percent of the time. What would you use to achieve this?

a. Load balancing
b. Cold site
c. Warm site
d. Failover cluster

2. Which of the following is not a valid consideration when determining if a business function must remain available 24 hours a day, 7 days a week?

a. Direct revenue
b. Indirect revenue
c. Replacement value
d. Productivity

3. Which of the following would not be considered an asset?

a. Processes that provide services
b. Hardware
c. Software
d. Costs

4. Job rotation helps employees build skills in different areas of a company. What is a security-related goal of job rotation?

a. Eliminates need to hire new personnel
b. Reduces need for cross training
c. Helps an organization detect fraudulent activities
d. Provides separation of duties

5. What are data classifications used by the U.S. government?

a. Public, Private, and Proprietary
b. Confidential, Secret, and Top Secret
c. Public, Secret, and Top Secret
d. Proprietary, Private, Secret, and Top Secret

6. Which of the following is not a step within a risk assessment?

a. Identify assets
b. Identify threats and vulnerabilities
c. Identify countermeasures
d. Implement countermeasures

7. When evaluating asset values, which of the following is not a valid method?

a. Recovery value
b. Replacement value
c. Revenue generated during peak hours
d. Cost to get an asset operational after a failure

8. Which of the following is known as an approved list of e-mail addresses or e-mail domains?

a. White hat
b. Black hat
c. Whitelist
d. Blacklist

9. During a risk assessment, you determine that a business function must be able to function if a disaster occurs. However, you must minimize costs. What type of site is the least expensive?

a. Cold site
b. Hot site
c. Warm site
d. Clustering site

10. Which of the following methods are not included in a typical vulnerability assessment?

a. Identify IP addresses
b. Identify operating systems
c. Identify users
d. Identify open ports

11. Which of the following statements regarding a risk assessment (RA) is true?

a. An RA is designed to eliminate risk
b. An RA is an ongoing process
c. An RA provides an assessment for a point in time
d. Ideally an RA will not be limited by a scope

12. A company issues laptop computers to 100 employees. The value of each laptop including hardware, software, and data is $1,000. On average, employees lose one laptop a month. Management determines that it can purchase controls for a total of $100 for each computer and reduce the number of lost laptops to four per year. Should they purchase the locks?

a. Yes, because the savings is greater than the cost of the control.
b. Yes, because the cost of the control is greater than the savings.
c. No, because the savings is greater than the cost of the control.
d. No, because the cost of the control is greater than the savings.

13. A company issues laptop computers to 100 employees. The value of each laptop including hardware, software, and data is $1,000. On average, employees lose one laptop a month. What is the ALE?

a. 12
b. 100
c. $1,000
d. $12,000

14. What type of risk assessment uses a subjective method to assess a risk?

a. Quantitative
b. Qualitative
c. Ongoing
d. Probability-based

15. You are analyzing a risk and have determined that the SLE is $1,500 and the ARO is 5. What is the ALE?

a. Unable to determine with information given
b. $300
c. $7,500
d. $90,000

16. What would an organization include in a risk management plan to compare the cost of a recommendation with the projected benefit?

a. POAM
b. TCO
c. CBA
d. RA

17. What is scope?

a. Boundaries of a plan
b. Order of RA steps
c. Analyzing records
d. A list of responsibilities

18. Which of the following will be included in a risk management report?

a. Policies
b. Audit reports
c. Standards
d. Recommendations

19. You are using a cause and effect diagram to identify threats and vulnerabilities. However, you are concerned the focus is to narrow. What elements can you include to ensure the diagram is balanced?

a. Methods, policies, standards, procedures
b. Tangible and intangible costs
c. Methods, machinery, manpower, materials, environment
d. POAM, CBA, and TOC

20. A risk management team decides to identify threats, vulnerabilities, and recommendations using an affinity diagram. Which of the following is not one of the basic steps used to create an affinity diagram?

a. Create a problem statement
b. Identify unacceptable suggestions
c. Generate ideas
d. Mitigate risks

21. A series of events have been recorded in several logs. What is this?

a. System logging
b. Security logging
c. Audit trail
d. Intrusion detection system

22. An authorized person follows an employee into a secure area. The employee used the cipher code to gain access but the unauthorized person did not. What is this?

a. Tailbacking
b. Social trusting
c. Syn Flood
d. Piggybacking

23. What type of attack consumes resources on a server by initiating but not completing TCP sessions?

a. TCP Syn flood
b. UDP Syn flood
c. DDoS
d. MAC flood

24. An organization uses configuration management techniques to ensure that systems are configured similarly. What is used to ensure that these systems are not modified?

a. Compliance auditing
b. Patch management
c. Gap analysis
d. Penetration testing

25. Administrators within an organization routinely modify system configurations during day-to-day work. This has resulted in some IT outages. What can this company implement to reduce these outages?

a. Systems training
b. Patch management
c. Change management
d. Gap analysis requirements

Part 2

Descriptive Questions (Please type your answers in the space provided)

The following questions are about identifying risks, threats and vulnerabilities in an IT infrastructure using tools such as ZeNmapGUI (Nmap) and Nessus.You will need to familiarize yourself with some fundamental knowledge of ZeNmap and Nessus to answer these questions.

1. What are the differences between ZeNmap GUI (Nmap) and Nessus?

2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure?

3. While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability?

4. Are open ports necessarily a risk? Why or why not?

5. When you identify known software vulnerability, where can you go to assess the risk impact of the software vulnerability?

6. If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE- 2009- 3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability.

7. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers.

8. Which tool should be used first if performing an ethical hacking penetration test and why?

Reference no: EM131680642

Questions Cloud

Develop a necessary yearly budget to effectively operate : Develop a necessary yearly budget to effectively operate the institution.
Discussion-om sweet om : In this section, you will embark on a journey of enlightenment and self-discovery with Transcendentalist writers including Ralph Waldo Emerson and Henry David.
What is a sinkhole and how does one form : What is a sinkhole and how does one form, What three conditions make Yellowstone ideal for the development of hydrothermal features
Define physical evidence : Define physical evidence. Using the library, Internet, or any other available materials, research the types of physical evidence.
What are data classifications used by the us government : What are data classifications used by the U.S. government? When evaluating asset values, which of the following is not a valid method?
How would you interpret andrew bmi : 1.) What is Andrew's BMI today and how would you interpret Andrew's BMI?
Describe the physical features identified : Find a blank outline map of the United States adn Canada on line and copy and paste it onto a powerpoint slide or if you prefer a word document
Analyze the criminal behavior of domestic violence : Analyze the criminal behavior of domestic violence and describe how criminal behavior is evaluated towards the formation of new policy.
Discuss about the patrol cabin at the summit of mauna loa : The Patrol Cabin at the summit of Mauna Loa to the TV Relay Station northeast of the summit of Mauna Loa

Reviews

Write a Review

Business Management Questions & Answers

  Caselet on michael porter’s value chain management

The assignment in management is a two part assignment dealing 1.Theory of function of management. 2. Operations and Controlling.

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. Due to increase in the preference for light beer drinkers, Chris Prangel wants to introduce light beer version in Mountain Man. An analysis into the la..

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. An analysis into the launch of Mountain Man Light over the present Mountain Man Lager.

  Analysis of the case using the doing ethics technique

Analysis of the case using the Doing Ethics Technique (DET). Analysis of the ethical issue(s) from the perspective of an ICT professional, using the ACS Code of  Conduct and properly relating clauses from the ACS Code of Conduct to the ethical issue.

  Affiliations and partnerships

Affiliations and partnerships are frequently used to reach a larger local audience? Which options stand to avail for the Hotel manager and what problems do these pose.

  Innovation-friendly regulations

What influence (if any) can organizations exercise to encourage ‘innovation-friendly' regulations?

  Effect of regional and corporate cultural issues

Present your findings as a group powerpoint with an audio file. In addition individually write up your own conclusions as to the effects of regional cultural issues on the corporate organisational culture of this multinational company as it conducts ..

  Structure of business plan

This assignment shows a structure of business plan. The task is to write a business plane about a Diet Shop.

  Identify the purposes of different types of organisations

Identify the purposes of different types of organisations.

  Entrepreneur case study for analysis

Entrepreneur Case Study for Analysis. Analyze Robin Wolaner's suitability to be an entrepreneur

  Forecasting and business analysis

This problem requires you to apply your cross-sectional analysis skills to a real cross-sectional data set with the goal of answering a specific research question.

  Educational instructional leadership

Prepare a major handout on the key principles of instructional leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd