Module 6 Knowledge Check
docx
keyboard_arrow_up
School
DeVry University, Chicago *
*We aren’t endorsed by this school
Course
440
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
3
Uploaded by bmendoza7980
Score for this attempt:
30
out of 30
Submitted Nov 30 at 1:51pm
This attempt took less than 1 minute.
Question 1
5 / 5 pts
_______ is employed whenever there is an investigation, including forensics and
security incidents, where evidence needs to be collected and retained for later legal
proceedings.
Asset management
Chain of custody
Correct. Chain of custody is employed whenever there is an investigation where evidence
needs to be collected and retained for later legal proceedings.
Asset protection auditing
Access management
Question 2
5 / 5 pts
The best time to establish and assign roles and responsibilities for computer security
incident response is during the ______ phase.
planning and plan development
Correct. The best time to establish and assign roles and responsibilities for computer security
incident response is at the time of incident response plan development.
detection
evaluation
initiation
Question 3
5 / 5 pts
A powered down laptop computer has been delivered to a forensic expert. To make a
forensically identical copy of its hard drive for analysis, what is the first thing the forensic
expert should do?
Disassemble the laptop
Photograph the laptop
Correct. Prior to removing the hard drive to make a forensically identical copy for analysis, the
forensic expert should first photograph the laptop to show its state prior to any disassembly.
Remove the hard drive
Power up the laptop
Question 4
5 / 5 pts
Auditing _______ requires knowledge of building mechanical and electrical systems as
well as fire codes.
network access controls
physical security controls
environmental controls
Correct. Auditing environmental controls requires knowledge of building mechanical and
electrical systems as well as fire codes.
vulnerability management
Question 5
5 / 5 pts
The executives of a company are notified of minor incidents that should be of little or no
concern to them on a regular basis. This is most likely due to _____.
users clicking on too many phishing e-mails
improper access controls
lack of a security incident severity classification scheme
Correct. Without a severity classification scheme, all incidents are treated as equal, regardless
of their actual severity. In this case, the result is executives being notified of minor security
events occurring in the organization.
ineffective defenses allowing frequent attacks
Question 6
5 / 5 pts
Under the European General Data Protection Regulation (GDPR), organizations are
permitted to market to individual citizens unless the citizens explicitly opt out.
True
False
True. Organizations are not permitted to market to individual citizens unless the citizens first opt
in.
Quiz Score:
30
out of 30
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help