FINAL EXAM: Study Guide
1. Which of the following is an action that could damage an asset? (Page 6)
-Threat - Any action that could damage an asset.
2. Which law requires all types of financial institutions to protect customers’ private financial information? (Page 9)
-Gramm-Leach Bliley Act(GLBA - Passed in 1999,
3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality? (Page 14)
Protecting Private Data - The process of ensuring data confidentiality.
4. Which of the following is a detailed written definition of how software and hardware are to be used? (Page 40)
-Standard - A detailed written definition for hardware and software and how it is to be used.
5. Which of the following is not a common type of data classification standard? (Page 42)
Data Classification Standards - Four Major Categories:
• Private data
• Confidential
• Internal use only
• Public domain data
6. What does a lapse in a security control or policy create? (Page 133)
-Closing Security Gaps - A laps in a security control in a policy creates a gap.
7. Which of the following is any weakness in a system that makes it possible for a threat to cause it harm? (Page 96)
Vulnerabilities and Threats - any weakness in a system that makes it possible for a threat to cause harm.
8. Which of the following terms refers to the likelihood of exposure to danger? (Page 119, 121)
Risk - Refers to the likely hood of exposure to danger.
9. Which type of attacker intends to be helpful? (Page 88)
White-hat hackers - Ethical hacking...Intending to be helpful.
10. Which domain is primarily affected by weak endpoint security on a VPN client? (Page 97-98)
- Remote Access Domain - Primarily affected by endpoint security on VPN clients.
11. Identify two phases of the access control Process. (Page 146, 147)
Authentication types : Knowledge and Ownership and characteristics
Identification Methods - The first