Chapter 10 and 11 Questions & Answers
.docx
keyboard_arrow_up
School
Indiana University, Purdue University, Indianapolis *
*We aren’t endorsed by this school
Course
45100
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
6
Uploaded by AdmiralParrotPerson970
Chapter 10 & 11 Questions & Answers
Chapter 10:
1.
A _____ is used to identify the impact on an organization if a risk occurs.
A business impact analysis (BIA) is used to identify the impact on an organization if a risk occurs.
2.
MAO is the minimal acceptable outage that a system or service can experience before its mission is affected.
a.
True
b.
False
It is false that the MAO is the minimal acceptable outage that a system or service can experience before its mission is affected.
3.
An organization wants to have an agreement with a vendor for an expected level of performance for a service that includes ensuring that monetary penalties are assessed if the minimum uptime requirements are not met. What should you use?
a.
MAO
b.
BIA
c.
SLA
d.
IDS
What the organization should use if they want to have an agreement with a vendor for an expected level of performance for a service which includes ensuring that monetary penalties are assessed if the minimum uptime requirements are not met is SLA.
4.
What would be used to identify mission-critical systems?
a.
Critical outage times
b.
Critical business functions
c.
PCI DSS review
d.
Disaster recovery plan
Critical business functions would be used to identify mission-critical systems.
5.
What can an organization use to remind users of an AUP’s contents?
a.
Logon banners
b.
Posters
c.
Emails
d.
All of the above
To remind users of an AUP’s contents, an organization can use logon banners, posters, and emails.
6.
Organizations that violate GDPR rules may be fined _____ or ______ of their annual global turnover, whichever is greater.
Organizations that violate GDPR rules may be fined $22 million or 4 percent of their annual global turnover, whichever is greater.
7.
Which of the following strategies helps reduce security gaps even if a security control fails?
a.
Access control implementation
b.
Critical business factor analysis
c.
Defense in depth
d.
Business impact analysis
Defense in depth helps reduce security gaps even if a security control fails.
8.
How much can an organization be fined in a year for HIPPA-related mistakes?
a.
$100
b.
$1,000
c.
$25,000
d.
$250,000
An organization can be fined up to $25,000 in a year for HIPPS-related mistakes.
9.
What determines whether an organization is governed by FISMA?
a.
Whether it is registered with the Securities and Exchange Commission
b.
Whether its employees handle health-related information
c.
Whether it receives E-Rate funding
d.
Whether it is a federal agency
Whether it is a federal agency determines whether an organization is governed by FISMA.
10. What determines whether an organization is governed by HIPPA?
a.
Whether it is registered with the Securities and Exchange Commission
b.
Whether its employees handle health-related information
c.
Whether it receives E-Rate funding
d.
Whether it is a federal agency
Whether its employees handle health-related information determines whether an organization is governed by HIPPA.
11. What determines whether an organization is governed by SOX?
a.
Whether it is registered with the Securities and Exchange Commission
b.
Whether its employees handle health-related information
c.
Whether it receives E-Rate funding
d.
Whether it is a federal agency
Whether it is registered with the Securities and Exchange Commission determines whether an organization is governed by SOX.
12. What determines whether an organization is governed by CIPA?
a.
Whether it is registered with the Securities and Exchange Commission
b.
Whether its employees handle health-related information
c.
Whether it receives E-Rate funding
d.
Whether it is a federal agency
Whether it receives E-Rate funding determines whether an organization is governed by CIPA.
13. A CBA has been performed on a prospective control. The CBA indicates the cost of the control is about the same as the control’s projected benefits. What should be done?
a.
Identify the ROI
b.
Purchase the control
c.
Cancel the purchase of the control
d.
Redo the CBA
A CBA has been performed on a prospective control. The CBA indicates the cost of the control is about the same as the control’s projected benefits, what should be done is to identify the ROI.
14. Which of the following is a valid formula used to identify the projected benefits of a control?
a.
Loss after control – Loss before control
b.
Loss before control – Loss after control
c.
Cost of control + Losses
d.
Cost of control ½
Loss before control – Loss after control is a valid formula used to identify the projected benefits of a control.
15. A CBA can be used to justify the purchase of a control.
a.
True
b.
False
It is false that a CBA can be used to justify the purchase of a control.
Chapter 11:
1.
A(n) _____ countermeasure is one that has been approved and has a date for implementation. An in-place countermeasure is one that has been approved and has a date for implementation.
2.
A single risk can be mitigated by more than one countermeasure.
a.
True
b.
False
It is true that a single risk can be mitigated by more than one countermeasure.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help