Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

NETSEC 2 EXAM QUESTIONS AND CORRECT ANSWERS!!, Exams of Advanced Education

Stanford UniversityAdvanced Education

NETSEC 2 EXAM QUESTIONS AND CORRECT ANSWERS!!

Typology: Exams

2024/2025

Available from 07/13/2025

lyudmila-hanae
lyudmila-hanae 🇺🇸

1

(2)

8K documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
NETSEC 2 EXAM QUESTIONS AND CORRECT ANSWERS!!
1) This book focuses on ________.
A) offense
B) defense
C) offense and defense about equally
D) None of the above - ANSWER B
2) Closing all routes of attack into an organization's system(s) is called ________.
A) defense in depth
B) comprehensive security
C) total security
D) access control - ANSWER B
3) A ________ occur(s) when a single security element failure defeats the overall security
of a system.
A) spot failure
B) weakest link failure
C) defense in depth departure
D) critical failure - ANSWER B
4) Which of the following is a formal process?
A) Annual corporate planning
B) Planning and developing individual countermeasures
C) Both A and B
D) Neither A nor B - ANSWER C
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download NETSEC 2 EXAM QUESTIONS AND CORRECT ANSWERS!! and more Exams Advanced Education in PDF only on Docsity!

NETSEC 2 EXAM QUESTIONS AND CORRECT ANSWERS!!

  1. This book focuses on ________. A) offense B) defense C) offense and defense about equally D) None of the above - ANSWER B

  2. Closing all routes of attack into an organization's system(s) is called ________. A) defense in depth B) comprehensive security C) total security D) access control - ANSWER B

  3. A ________ occur(s) when a single security element failure defeats the overall security of a system. A) spot failure B) weakest link failure C) defense in depth departure D) critical failure - ANSWER B

  4. Which of the following is a formal process? A) Annual corporate planning B) Planning and developing individual countermeasures C) Both A and B D) Neither A nor B - ANSWER C

  1. A planned series of actions in a corporation is a(n) ________. A) strategy B) sequence C) process D) anomaly - ANSWER C

  2. The growing number of compliance laws and regulations is driving firms to use formal governance frameworks to guide their security processes. - ANSWER TRUE

  3. Many compliance regimes require firms to adopt specific formal governance framework to drive security planning and operational management. - ANSWER TRUE

  4. Planning, protection, and response follow a fairly strict sequence from one stage to another. - ANSWER FALSE

  5. The stage of the plan-protect response cycle that consumes the most time is ________. A) planning B) protection C) response D) each of the above consumes about the same amount of time - ANSWER B

  6. ________ is the plan-based creation and operation of countermeasures. A) Planning B) Protection C) Response D) All of the above - ANSWER B

B) assess the degree to which each is already protected C) enumerate threats to each D) classify them according to sensitivity - ANSWER D

  1. After performing a preliminary security assessment, a company should develop a remediation plan for EVERY security gap identified. - ANSWER TRUE

  2. A company should consider list of possible remediation plans as an investment portfolio. - ANSWER TRUE

  3. The factors that require a firm to change its security planning, protection, and response are called driving forces. - ANSWER TRUE

  4. Compliance laws and regulations ________. A) create requirements to which security must respond B) can be expensive for IT security C) Both A and B D) Neither A nor B - ANSWER C

  5. A ________ is a material deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement in the annual or interim financial statements will not be prevented or detected. A) material control failure B) material control deficiency C) critical control deficiency D) critical control failure - ANSWER B

  6. When companies studied where they stored private information, they found that much of this information was stored inside spreadsheets and word processing documents. - ANSWER TRUE

  1. ________ specifically addresses data protection requirements at financial institutions. A) GLBA B) HIPAA C) The Revised SEC Act D) Sarbanes-Oxley - ANSWER A

  2. ________ specifically addresses data protection requirements at health care institutions. A) GLBA B) HIPAA C) Sarbanes-Oxley D) The SEC Act - ANSWER B

  3. Data breach notification laws typically ________. A) require companies to notify affected people if sensitive personally identifiable information is stolen or even lost B) have caused companies to think more about security C) Both A and B D) Neither A nor B - ANSWER C

  4. The FTC can act against companies that fail to take reasonable precautions to protect privacy information. - ANSWER TRUE

  5. The FTC can ________. A) impose fines B) require annual audits by external auditing firms for many years C) Both A and B

A) creates independence B) is likely to give security stronger backing from the IT department C) Both A and B D) Neither A nor B - ANSWER B

  1. Independence is best provided for IT security by placing it within the IT department.
  • ANSWER FALSE

  1. Most IT security analysts recommend placing IT security functions within the IT department. - ANSWER FALSE

  2. In order to demonstrate support for security, top management must ________. A) ensure that security has an adequate budget B) support security when there are conflicts between the needs of security and the needs of other business functions C) follow security procedures themselves D) All of the above - ANSWER D

  3. ________ examines organizational units for efficiency, effectiveness, and adequate controls. A) Internal auditing B) Financial auditing C) IT auditing D) None of the above - ANSWER A

  4. ________ examines financial processes for efficiency, effectiveness, and adequate controls. A) Internal auditing B) Financial auditing

C) IT auditing D) None of the above - ANSWER B

  1. ________ examines IT processes for efficiency, effectiveness, and adequate controls. A) Internal auditing B) Financial auditing C) IT auditing D) None of the above - ANSWER C

  2. Placing IT auditing in an existing auditing department would give independence from IT security. - ANSWER TRUE

  3. ________ entails investigating the IT security of external companies and the implications of close IT partnerships before implementing interconnectivity. A) Auditing B) Due diligence C) Peer-to-peer security D) Vulnerability testing - ANSWER B

  4. To outsource some security functions, a firm can use an MISP. - ANSWER FALSE

  5. A benefit of using MSSPs is that they provide ________. A) cost savings B) independence C) Both A and B D) Neither A nor B - ANSWER C

  6. What security functions typically are outsourced?

  1. In benefits, costs and benefits are expressed on a per-year basis. - ANSWER TRUE

  2. SLE times APO gives the ________. A) expected per-event loss B) expected annual loss C) expected life cycle loss D) expected per-event benefit - ANSWER B

  3. When risk analysis deals with costs and benefits that vary by year, the computations should use ________. A) NPV B) IRR C) Either A or B D) Neither A nor B - ANSWER C

  4. Which of the following gives the best estimate of the complete cost of a compromise? A) ALE B) ARO C) TCI D) Life cycle cost - ANSWER C

  5. The worst problem with classic risk analysis is that ________. A) protections often protect multiple resources B) resources often are protected by multiple resources C) we cannot estimate the annualized rate of occurrence D) costs and benefits are not the same each year - ANSWER C

  1. The book recommends hard-headed thinking about security ROI analysis. - ANSWER FALSE

  2. Which of the following is a way of responding to risk with active countermeasures? A) Risk reduction B) Risk acceptance C) Risk avoidance D) All of the above - ANSWER A

  3. ________ means implementing no countermeasures and absorbing any damages that occur. A) Risk reduction B) Risk acceptance C) Risk avoidance D) None of the above - ANSWER B

  4. ________ means responding to risk by taking out insurance. A) Risk reduction B) Risk acceptance C) Risk avoidance D) Risk transference - ANSWER D

  5. ________ means responding to risk by not taking a risky action. A) Risk reduction B) Risk acceptance C) Risk avoidance D) Risk transference - ANSWER C

C) Both A and B D) Neither A nor B - ANSWER A

  1. ________ is a single countermeasure composed of multiple interdependent components in series that require all components to succeed if the countermeasure is to succeed. A) Defense in depth B) Weakest link C) Both A and B D) Neither A nor B - ANSWER B

  2. Central security consoles ________. A) are dangerous B) allow policies to be applied consistently C) Both A and B D) Neither A nor B - ANSWER C

  3. Security professionals should minimize burdens on functional departments. - ANSWER TRUE

  4. Having realistic goals for reducing vulnerabilities ________. A) is giving in to the problem B) helps to focus on the most critical threats C) is a cost-saving method D) is risk avoidance - ANSWER B

  5. Border management ________. A) is no longer important because there are so many ways to bypass borders

B) is close to a complete solution to access control C) Both A and B D) Neither A nor B - ANSWER D

  1. A(n) ________ is a statement of what should be done under specific circumstances. A) implementation control B) policy C) policy guidance document D) procedure - ANSWER B

  2. Policies should specify the details of how protections are to be applied. - ANSWER FALSE

  3. Policies should specify implementation in detail. - ANSWER FALSE

  4. When you wish to create a specific firewall, you should create a security policy for that firewall specifically. - ANSWER TRUE

  5. Policies should be written by ________. A) IT security B) corporate teams involving people from multiple departments C) a senior executive D) an outside consultant, to maintain independence - ANSWER B

  6. ________ are mandatory. A) Standards B) Guidelines C) Both A and B

A) reduces risk B) increases risk by creating blind spots C) increases risk by reducing accountability D) can only be done safely through information technology - ANSWER A

  1. When someone requests to take an action that is potentially dangerous, what protection should be put into place? A) Limit the number of people that may request an approval B) Ensure that the approver is the same as the requestor C) Both A and B D) Neither A nor B - ANSWER A

  2. Mandatory vacations should be enforced ________. A) to improve employee diligence to threats B) to reduce the possibility of collusion between employees C) to be in compliance with state and federal law D) for ethical purposes - ANSWER B

  3. ________ are check lists of what should be done in a specific procedure. A) Baselines B) Guidelines C) Standards D) Procedures - ANSWER A

  4. ________ are descriptions of what the best firms in the industry are doing about security. A) Best practices B) Recommended practices

C) Both A and B D) Neither A nor B - ANSWER A

  1. ________ are prescriptive statements about what companies should do and are put together by trade associations and government agencies. A) Best practices B) Recommended practices C) Both A and B D) Neither A nor B - ANSWER B

  2. The party that is ultimately held accountable for a resource or control is ________. A) the owner B) the trustee C) the accredited security officer D) the certified security officer - ANSWER A

  3. The owner can delegate ________ to the trustee. A) the work of implementation of a resource or control B) accountability for a resource or control C) Both A and B D) Neither A nor B - ANSWER A

  4. Different honest people can make different ethical decisions in a given situation. - ANSWER TRUE

  5. Companies create codes of ethics in order to make ethical decision making more predictable. - ANSWER TRUE

  1. It is acceptable for an employee to reveal ________. A) confidential information B) private information C) trade secrets D) None of the above - ANSWER D

  2. Exceptions in policies and procedures should be forbidden. - ANSWER FALSE

  3. Which of the following is a good rule for handling exceptions? A) Only some people should be allowed to request exceptions. B) The requestor and approver should be different people. C) The exception should be documented. D) All of the above. - ANSWER D

  4. Policies drive ________. A) implementation B) oversight C) Both A and B D) Neither A nor B - ANSWER C

  5. Conducting stings on employees ________. A) raises awareness B) raises resentment C) Both A and B D) Neither A nor B - ANSWER C

  6. Electronic employee monitoring is rare. - ANSWER FALSE

  1. Informing employees that monitoring will be done is a bad idea. - ANSWER FALSE

  2. Security metrics allow a company to know if it is improving in its implementation of policies. - ANSWER TRUE

  3. The purpose(s) of auditing is(are) to ________. A) develop opinions on the health of controls B) find punishable instances of noncompliance C) Both A and B D) Neither A nor B - ANSWER A

  4. Audits place special attention on ________. A) compliance avoidance B) noncompliance C) memo log files D) absences from duty - ANSWER A

  5. ________ audits are done by an organization on itself. A) Internal B) External C) Both A and B D) Neither A nor B - ANSWER A

  6. Hotlines for reporting improper behavior are required by law to be non-anonymous.

  • ANSWER FALSE
  1. Internal corporate attackers often have a history of overt unacceptable behavior. -