08:34 23/02/2024 IAP301-Midterm Test

IAP301-Midterm Test
Scope of knowledge in the lectures 1-5. Attempts allowed: 2.

[email protected] Switch accounts

Draft saved
Not shared

* Indicates required question

38.True or false? Policies are best defined as high-level statements, beliefs, * 1 point
goals, and objectives.

True

False

28.True or false? A segmented network acts as a guard, filtering out * 1 point

unauthorized network traffic.

True

False

37.What are items that a policy’s scope usually includes? (Choose three) * 1 point

Resources

Information

Personnel

Cost

Data

Facilitiies

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 1/17
08:34 23/02/2024 IAP301-Midterm Test

36.True or false? Risk tolerance relates how much variance in the process * 1 point
an organization will accept.

True

False

7.What is the common of confidentiality, integrity and availability? * 1 point

Concerning authorized users

Concerning the identity of users

Concerning owner’s permission of users

40.What are the two common forms that standards can come in? (Choose * 1 point
two)

control or issue-specific standards

system-specific technical or baseline standards

uncontrolled or tissue-specific standards

operation-specific technical or benchmark standards.

29. Where is a DMZ usually located? * 1 point

Inside the private LAN

Within the WAN

Between the private LAN and public WAN

Within the mail server

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 2/17
08:34 23/02/2024 IAP301-Midterm Test

47.Which of the following is not an IT security policy framework? * 1 point

COBIT

ISO

ERM

OCTAVE

24.True or false? PCI DSS strongly encourages isolating credit card * 1 point

systems at a network layer.

True

False

9.True or false? A Policy is the "who does what to whom and when" * 1 point
document.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 3/17
08:34 23/02/2024 IAP301-Midterm Test

34.What are the components that were included in an IT policy framework? * 1 point

(Choose six)

Policies

Standards

Baselines

Procedures

Guidelines

Taxonomy

Metrics

Controls

31. What are three basic elements of motivation? (Choose three) * 1 point

Pride

Self-interest

Success

Proud

Morality

Achievement

20. A firewall is generally considered an example of a ________ control. * 1 point

Preventive

Detective

Corrective

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 4/17
08:34 23/02/2024 IAP301-Midterm Test

16.True or false? A corrective control prevents incidents or breaches * 1 point

immediately.

True

False

1.What are the keys to implementing policies? (Choose two) * 1 point

employee acceptance

management enforcement

employer acceptance

compliance enforcement

32.True or false? An employee who is apathetic often "goes through the * 1 point
motions."

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 5/17
08:34 23/02/2024 IAP301-Midterm Test

10. David has developed a document on how to operate and back up the * 1 point
new human resource sections storage area network. In it, he lists the steps
required for powering up and down the system as well as configuring the
backup tape unit. David has written a ________.

Procedure

Standard

Guideline

Policy

48. Which of the following are common IT framework characteristics? * 1 point

(Choose four)

Risk-based management

Aligned business risk appetite

Reduced operation disruption and losses

Established path from requirements to control

Control-based management

Access-based management

41.True or false? A procedure is a written instruction on how to comply with * 1 point

a standard.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 6/17
08:34 23/02/2024 IAP301-Midterm Test

15.True or false? A detective control does not prevent incidents or breaches * 1 point
immediately.

True

False

Enter your student name - member code - class name (for example: Le Van An- *
anlvhe556677-SE1801)

Nguyen An Ninh-ninhnase151416-IA1702

45. which of the flowing are important to consider before a policy? (Choose * 1 point
two)

Architecture operating model

Intent

Policy change control board

Training and awareness programs

19.True or false? The most important relationship between controls and * 1 point

policy is the business requirement.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 7/17
08:34 23/02/2024 IAP301-Midterm Test

33.True or false? Security policies must be well grounded within HR * 1 point

policies.

True

False

21. What is an information security policy? * 1 point

A policy that defines acceptable behavior of a customer

A policy that defines what hardware to purchase

A policy that defines how to protect information in any form

A policy that defines the type of uniforms guards should wear

23. Which of the following is not a guideline to be considered when * 1 point

developing policy to secure PII date?

Educate

Limit

Encrypt

Non-repudiation

4.True or false? An (Service Level Agreement) SLA is a stated commitment * 1 point

to provide a specific service level.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 8/17
08:34 23/02/2024 IAP301-Midterm Test

50. Which of the following does an acceptable use policy relate to? * 1 point

Server-to-server communication

Users accessing the Internet

Encryption when transmitting files

Firewall-to-firewall communication

3. What is the difference between COBIT 5.0 from another framework? * 1 point

COBIT put emphasis on what enables processes to work well.

COBIT is just a life cycle.

COBIT is just a framework for managing IT processes.

COBIT is just a framework for governing IT processes.

27.True or false? Attribute based access control (ABAC) relies on dynamic * 1 point
roles, rather than the static roles found in the RBAC model.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 9/17
08:34 23/02/2024 IAP301-Midterm Test

6.What are the following lists most common types of assessments and * 1 point
audits (Choose four)

Self-Assessment

Internal Audit

External Audit

Regulator Audit

External Assessment

Private Audit

Public Audit

Statutory Audit

30.True or false? In hierarchical organizations, the leaders are close to the * 1 point
workers that deliver products and services.

True

False

18.True or false? If the policy is not clear, you can still build reliable security * 1 point
controls.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 10/17
08:34 23/02/2024 IAP301-Midterm Test

17.True or false? Without security controls, you could not enforce security * 1 point
policies.

True

False

2.True or false? Information systems security (ISS) is the act of protecting * 1 point
information and the systems that store and process it.

True

False

13.What of information that security controls ensure? (Choose three) * 1 point

Confidentiality

Integrity

Availability

Authentication

Authorization

Accounting

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 11/17
08:34 23/02/2024 IAP301-Midterm Test

46. The principle that states security is improved when it is implemented as * 1 point
a series of overlapping controls is called ________

Defense in depth

Security in depth

Detect in depth

Monitor in depth

44. Which of the following are generally accepted and widely used policy * 1 point
frameworks? (Choose three.)

COBIT

ISO/IEC 27002

NIST SP 800-53

NIPP

8.True or false? Governance is both a concept and a set of specific actions * 1 point
an organization takes to ensure compliance with its policies, processes,
standards, and guidelines.

True

False

26.True or false? The huge advantage of RBAC is speed of deployment and * 1 point
clarity of access rights.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 12/17
08:34 23/02/2024 IAP301-Midterm Test

5. Which of the following are generally accepted as IA tenets but not ISS * 1 point
tenets? (Choose two.)

Confidentiality

Integrity

Availability

Authentication

Nonrepudiation

11. What are competing drivers that a business must find a way to balance? * 1 point
(Choose four)

Cost

Customer satisfaction

Compliance

Measurement

Benefit

Employee satisfaction

Discipline

Evaluation

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 13/17
08:34 23/02/2024 IAP301-Midterm Test

43. Which of the following is the first step in establishing an information * 1 point
security program?

Adoption of an information security policy framework or charter

Development and implementation of an information security standards manual

Development of a security awareness-training program for employees

Purchase of security access control software

12.True or false? Security controls are the means of enforcing security * 1 point
policies that reflect the organization's business requirements.

True

False

49. True or false? A privileged-level access agreement (PAA) prevents an * 1 point

administrator from abusing elevated rights.

True

False

39.True or false? Security standards provide guidance towards achieving * 1 point

specific security policies.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 14/17
08:34 23/02/2024 IAP301-Midterm Test

42.True or false? Guidelines, or guidance documents, to help interpret a * 1 point

policy or a standard.

True

False

14.What are the three most common classifications that can be applied to * 1 point
security controls? (Choose three)

Physical control

Logical control

Administrative control

Operational control

Technical control

Human control

25.True or false? You should always write new security policies each time a * 1 point
new regulation is issued.

True

False

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 15/17
08:34 23/02/2024 IAP301-Midterm Test

22. Which of the following is not a type of security control? * 1 point

Preventative

Correlative

Detective

Corrective

35.True or false? Risk appetite generally refers to how much risk an * 1 point
organization is willing to accept to achieve its goal.

True

False

Submit Page 1 of 1 Clear form

Never submit passwords through Google Forms.

This form was created inside FPT University. Report Abuse

Forms

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 16/17
08:34 23/02/2024 IAP301-Midterm Test

https://docs.google.com/forms/d/e/1FAIpQLSfqbkt-kmj-3qWu2cPHTDOcGG-dDuEYAU3Dh-z2ZXoqGGhuFQ/viewform?vc=0&c=0&w=1&flr=0 17/17