CMGT 431 WEEK 5 LEARNING TEAM ASSIGNMENT CHAPTER 7

CMGT 431 WEEK 5 LEARNING TEAM ASSIGNMENT CHAPTER 7
1 The concept of need to know  states
a. Paths to data containing sensitive information should not be published
b. Documents should be marked as “confidential” and distribution kept to a minimum
c. Individual personnel should have access to only the information they require to perform their jobs
d. Documents should be marked as “restricted” and distribution kept to a minimum


2. The process of periodically changing workers’ assigned tasks is known as:
a. Job rotation
b. Cross-training
c. Privilege rotation
d. Separation of duties



3. The purpose of data classification is:
a. To notify users that documents are subject to special handling procedures
b. To notify users that they may be required to ask permission of a document- owner before sending it to another person
c. To notify users that documents may be subject to restrictions when sending themvia e-mail
d. All of the above



4. Data retention standards specify:
a. The minimum and maximum periods of time that specific types of data should be retained
b. Procedures for retention of backup media
c. Procedures for destruction of backup media
d. Standards for archiving data that resides in databases



5. Data backups are performed:
a. To protect critical data in the event of a disaster
b. To protect critical data in the event of a hardware failure
c. To protect critical data in the event of a disaster, hardware failure, or data corruption
d. To protect critical data in the event of data corruption



6. Data destruction procedures:
a. Ensure that expired backup media are destroyed
b. Ensure that discarded paper documents are shredded
c. Ensure complete and irrecoverable destruction of data
d. Act as a safeguard in the event a user forgets to delete data



7. An organization is considering adding anti-virus software to its email- servers and file servers. This reflects:
a. A defense in depth strategy
b. The fact that anti-virus on workstations is unreliable
c. The need to protect systems that lack anti-virus software
d. The need to protect the organization from malicious code contained in spam



8. A device whose design employs duplication of failure-prone components so as to ensure the greatest possible availability is known as:
a. Optimized
b. Redundant
c. Highly available
d. Fault tolerant



9. A collection of four servers that act in coordination to give the appearance of a single logical server is known as a:
a. Grid
b. Virtual
c. Fault tolerant
d. Cluster



10. A systems engineer is managing a server cluster. A memory fault has occurred in one of the active servers; the cluster software has caused another server in the cluster to become active. The system engineer has witnessed a:
a. Pairing
b. Failover
c. Load balance
d. Synchronization



11. The recovery point objective (RPO) for a critical application is set to two hours for a 4TB database; the recovery time objective (RTO) is set to twenty-four hours. An IT architect needs to design a solution where a server in a remote data center can assume production duties within the RPO and RTO specifications. Which method for data transfer to the alternate data center should the IT architect use?
a. Replication to a warm server
b. Replication to a cold server
c. Recovery from backup tape
d. Recovery from an electronic vault



12. A security manager needs to find a professional services firm to identify exploitable vulnerabilities in a running web application. The security manager should find a professional services firm that can perform:
a. Code reviews
b. Penetration testing
c. Threat modeling
d. Ethical hacking



13. A security engineer is testing a web application for vulnerabilities and has inserted the following characters into a form field: “script OR name LIKE %user%;.” The security engineer is performing:
a. Buffer overflow
b. Cross-site scripting
c. SQL injection
d. Script injection



14. The purpose of a change management process is to:
a. Test the changes made to a system
b. Record the changes made to a system
c. Plan and review the changes made to a system
d. Reduce unplanned downtime



15. The best approach for applying security patches is to:
a. Apply only the security patches that are applicable
b. Apply all available security patches as soon as possible
c. Apply no security patches
d. Apply all available security patches one at a time



Answer Detail

Get This Answer

Invite Tutor