Chapter 7, 8, and 9 Questions and Answers

.docx

School

Indiana University, Purdue University, Indianapolis *

*We aren’t endorsed by this school

Course

45100

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

9

Uploaded by AdmiralParrotPerson970

Chapter 7, 8 & 9 Questions & Answers Chapter 7: 1. Ensuring that a service is operational 99.999 percent of the time is possible even if a server needs to be regularly rebooted. a. True b. False It is true that ensuring that a service is operational 99.999 percent of the time is possible even if a server needs to be regularly rebooted. 2. What is a single point of failure? a. Any single part of a system that can fail b. Any single part of a system that can cause the entire system to fail if it fails c. Any single part of a system that has been protected with redundancy d. Any single part of a system A single point of failure is any single part of a system that can cause the entire system to fail if it fails. 3. When identifying the assets in an organization, what would be included? a. Hardware b. Software c. Personnel d. Only A and B e. A, B, and C When identifying the assets in an organization, hardware, software, and personnel would be included. 4. When identifying hardware assets in an organization, what information should be included? a. Model number and manufacturer b. Serial number c. Location d. Only A and C e. A, B, and C Model number and manufacturer, serial number and location should be included when identifying hardware assets in an organization. 5. An organization may use a ____ rotation policy to help discover dangerous shortcuts or fraudulent activity.
An organization may use a job rotation policy to help discover dangerous shortcuts or fraudulent activity. 6. What type of data should be included when identifying an organization’s data or information assets? a. Organizational data b. Customer data c. Intellectual property d. A and B only e. A, B, and C Organizational data, customer data, and intellectual property should be included when identifying an organization’s data or information assets. 7. What is a data warehouse? a. A database used in a warehouse b. A database used to identify the location of products in a warehouse c. A database created by combining multiple databases into a central database d. One of several databases used to create a central database for data mining A database created by combining multiple databases into a central database is a data warehouse. 8. What is data mining? a. The process of retrieving relevant data from a data warehouse b. A database used in metal mining operations c. A database created by combining multiple databases into a central database d. A process used to extract, load, and transform a data warehouse The process of retrieving relevant data from a data warehouse is data mining. 9. What can asset management system be compared with to ensure an entire organization is covered? a. Hardware and software assets b. Software assets c. Personnel and data assets d. The seven domains of a typical IT infrastructure What an asset management system can be compared with to ensure an entire organization is covered is the seven domains of a typical IT infrastructure. 10. When updating an organization’s business continuity plans, only _____ systems should be included. When updating an organization's business continuity plans, only mission-critical systems should be included.
11. Which of the following is a privacy regulation that may impact data sourced from the European Economic Area? a. HIPPA b. GDPR c. PCI DSS d. FOIP The GDPR is a privacy regulation that may impact data sourced from the European Economic Area. 12. What should an organization use if it wants to determine what the impact would be if a specific IT server fails? a. BIA b. BCP c. DRP d. BCC What an organization should use if it wants to determine what impact would be if a specific IT server fails is to use BIA. 13. What should an organization use if it wants to ensure it can continue mission-critical operations in the event of a disaster? a. BIA b. BCP c. DRP d. BCC What an organization should use if it wants to ensure it can continue mission-critical operations in the event of a disaster is to use BCP. 14. What should an organization use if it wants to ensure it can recover a system in the event of a disaster? a. BIA b. BCP c. DRP d. BCC What an organization should use if it wants to ensure it can recover a system in the event of a disaster is to use DRP. 15. A BCP and a DRP are two different things. a. True b. False It is true that a BCP and a DRP are two different things. Chapter 8:
1. The two major categories of threats are human and ____. The two major categories of threats are human and natural. 2. A threat is any activity that represents a possible danger, with the potential to affect confidentiality, integrity, or accessibility. a. True b. False It is true that a threat is any activity that represents a possible danger, with the potential to affect confidentiality, integrity, or accessibility. 3. Which of the following methods can be used to identify threats? a. Reviewing historical data b. Performing threat modeling c. Both A and B d. Neither A or B Reviewing historical data and performing threat modeling are methods that can be used to identify threats. 4. What are some sources of internal threats? (Select all that apply) a. Disgruntled employee b. Equipment failure c. Software failure d. Data loss A disgruntled employee, equipment failure, software failure, and data loss are sources of internal threats. 5. Which of the following choices is not considered a best practice when identifying threats? a. Verifying systems operate and are controlled as expected b. Limiting the scope of the assessment c. Considering threats to confidentiality, integrity, and availability d. Assuming the systems have not changed since the last threat assessment Assuming the systems have not changed since the last threat assessment is not considered a best practice when identifying threats. 6. A ______ assessment is used to identify vulnerabilities within an organization. A vulnerability assessment is used to identify vulnerabilities within an organization. 7. Who should perform vulnerability assessment? a. Internal security professionals working as employees b. External security professionals hired as consultants
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help