SlideShare a Scribd company logo

CIS 349 RANK Introduction Education--cis349rank.com

Download as DOCX, PDF
C
claric263

The document includes various study materials and assignments related to information security, focusing specifically on topics like access controls, risk assessment, and compliance laws. It features exam guides, tutorials, and assignments designed for a course on information systems security, addressing key concepts like business drivers, penetration testing, security policies, and compliance with regulations such as FERPA. Each section is structured to guide students through important security principles and practical applications relevant to real-world scenarios in organizations.

Education
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
CIS 349 Final Exam Guide Set 1 FOR MORE CLASSES VISIT www.cis349rank.com CIS 349 Final Exam Guide Set 1 1) ___________ are the components, including people, information, and conditions, that support business objectives. 2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of: 3) What is meant by business drivers? 4) Which law defines national standards for all consumer reports, including background checks? 5) ___________ isthe process of providing additional credentials that match the user ID or username. 6) What is meant by availability?
7) Which of the following is the definition of authorization? 8) An organization wants to determine how well it adheres to its security policy and determine if any “holes” exist. What type of analysis or assessment does it perform? 9) Which of the following is not a step to ensuring only authorized users can see confidential data in the LAN Domain? 10) Which of the following is not typically a LAN Domain component? 11) Which control is used in the LAN Domain to protect the confidentiality of data? 12) The following are LAN Domain controls except: 13) Here is a common flow a penetration tester follows to develop attacks: This step collects as much information about the target environment as possible. At this stage, the attacker is collecting both technical and nontechnical information. Both types of information can help the attacker determine how the organization operates, where it operates, and which characteristics the organization and its customers’ value. This is:
14) A nonintrusive penetration test ____________. 15) One particular type of network security testing simulates actions an attacker would take to attack your network. This is known as: 16) You have the least amount of control over who accesses data in the ______ Domain. 17) What is the primary type of control used to protect data in the WAN Domain? 18) What is a best practice for compliance in the WAN Domain? 19) The Remote Access Domain server components also generally reside in the ___________ environment, even though they still belong to the Remote Access Domain. 20) Which of the following is primarily a corrective control in the Remote Access Domain? 21) The most common control for protecting data privacy in untrusted environments is encryption. There are three main strategies for
encrypting data to send to remote users. One strategy does not require any application intervention or changes at all. The connection with the remote user handles the encryption. The most common way to implement system connection encryption is by setting up a secure virtual private network (VPN). This is: 22) An important step in securing applications is to remove the _____________. 23) Security controls in the System/Application Domain generally fall into salient categories. The need to create backup copies of data or other strategies to protect the organization from data or functionality loss. 24) Which of the following is true of a hot site? 25) What name is given to an IIA certification that tests audit knowledge unique to the public sector? ------------------------------------------------------------------------------ CIS 349 Final Exam Guide Set 2 FOR MORE CLASSES VISIT www.cis349rank.com
CIS 349 Final Exam Guide Set 2 1) Which type of access control defines permissions based on roles, or groups, and allows object owners and administrators to grant access rights at their discretion? 2) What is meant by business drivers? 3) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of: 4) ___________ are the components, including people, information, and conditions, that support business objectives. 5) ___________ is the process of providing additional credentials that match the user ID or username. 6) Which of the following is the definition of authorization? 7) An organization wants to determine how well it adheres to its security policy and determine if any “holes” exist. What type of analysis or assessment does it perform?
8) What is meant by availability? 9) There are two common types of monitoring tools available for monitoring LANs, __________ and network software log files. 10) Which control is used in the LAN Domain to protect the confidentiality of data? 11) Which of the following is not typically a LAN Domain component? 12) Which of the following is not a step to ensuring only authorized users can see confidential data in the LAN Domain? 13) A nonintrusive penetration test ____________. 14) What is a corrective control in the LAN-to-WAN Domain? 15) One particular type of network security testing simulates actions an attacker would take to attack your network. This is known as:
16) The __________ is a generic description for how computers use seven layers of protocol rules to communicate across a network. 17) Although __________ are not optimal for high bandwidth, large- volume network transfers, they work very well in most environments where you need to maintain connections between several other networks. 18) What is the primary type of control used to protect data in the WAN Domain? 19) The Remote Access Domain server components also generally reside in the ___________ environment, even though they still belong to the Remote Access Domain. 20) The most common control for protecting data privacy in untrusted environments is encryption. There are three main strategies for encrypting data to send to remote users. One strategy does not require any application intervention or changes at all. The connection with the remote user handles the encryption. The most common way to implement system connection encryption is by setting up a secure virtual private network (VPN). This is: 21) You want to configure devices to send an alert to the network manager when remote users connect to your network. Which protocol is the best choice for monitoring network devices?
22) Security controls in the System/Application Domain generally fall into salient categories. The need to create backup copies of data or other strategies to protect the organization from data or functionality loss. 23) From the perspective of application architectures, which of the following is generally not considered a critical application resource? 24) Which plan would address steps to take when a water main break interrupts water flow to your main office? 25) Who is responsible for verifying and testing an organization’s code of conduct? ------------------------------------------------------------------------------ CIS 349 Week 2 Assignment 1 Designing Ferpa Technical Safeguards (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic
Imagine you are an Information Security consultant for a small college registrar’s office consisting of the registrar and two (2) assistant registrars, two (2) student workers, and one (1) receptionist. The office is physically located near several other office spaces. The assistant registrars utilize mobile devices over a wireless network to access student records, with the electronic student records being stored on a server located in the building. Additionally, each registrar’s office has a desktop computer that utilizes a wired network to access the server and electronic student records. The receptionist station has a desktop computer that is used to schedule appointments, but cannot access student records. In 1974, Congress enacted the Family Educational Rights and Privacy Act (FERPA) to help protect the integrity of student records. The college has hired you to ensure technical safeguards are appropriately designed to preserve the integrity of the student records maintained in the registrar’s office. Write a three to five (3-5) page paper in which you: Analyze proper physical access control safeguards and provide sound recommendations to be employed in the registrar’s office. Recommend the proper audit controls to be employed in the registrar’s office. Suggest three (3) logical access control methods to restrict unauthorized entities from accessing sensitive information, and explain why you suggested each method.
Analyze the means in which data moves within the organization and identify techniques that may be used to provide transmission security safeguards. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. ------------------------------------------------------------------------------ CIS 349 Week 2 Discussion FOR MORE CLASSES VISIT www.cis349rank.com
Select an organization with which you are familiar. Identify the compliance laws that you believe would be most relevant to this organization. Justify your response. Define the scope of an IT compliance audit that would verify whether or not this organization is in compliance with the laws you identified. ------------------------------------------------------------------------------ CIS 349 Week 4 Assignment 2 Organizational Risk Appetite and Risk Assessment (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic Assignment 2: Organizational Risk Appetite and Risk Assessment Due Week 4 and worth 100 points Imagine that a software development company has just appointed you to lead a risk assessment project. The Chief Information Officer (CIO) of the organization has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual
property and highly sensitive data maintained by your organization. The CIO has asked you to prepare a short document before your team begins working. She would like for you to provide an overview of what the term “risk appetite” means and a suggested process for determining the risk appetite for the company. Also, she would like for you to provide some information about the method(s) you intend to use in performing a risk assessment. Write a two to three (2-3) page paper in which you: 1. Analyze the term “risk appetite”. Then, suggest at least one (1) practical example in which it applies. 2. Recommend the key method(s) for determining the risk appetite of the company. 3. Describe the process of performing a risk assessment. 4. Elaborate on the approach you will use when performing the risk assessment. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: · Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. · Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are: · Describe the components and basic requirements for creating an audit plan to support business and system considerations. · Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance. · Use technology and information resources to research issues in security strategy and policy formation. · Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. ------------------------------------------------------------------------------ CIS 349 Week 5 Discussion FOR MORE CLASSES VISIT www.cis349rank.com "Monitoring the User Domain" Please respond to the following: It is common knowledge that employees are a necessary part of any business. Identify three (3) best practices in the user domain and suggest the control type(s) (technical or manual) that are best suited to monitor each best practice Describe how the implementation process for such controls might vary based on the business type. Determine the impact that other factors such
as physical security, device type, and connectivity (wireless or wired) might have on the choices that are made. ------------------------------------------------------------------------------ CIS 349 Week 6 Assignment 3 Evaluating Access Control Methods (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic CIS 349 Week 6 Assignment 3 Evaluating Access Control Methods Imagine you are an Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization’s current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next
meeting. Further, the CSO would like your help in determining the best access control method for the organization. Write a three to five (3-5) page paper in which you: Explain in your own words the elements of the following methods of access control:Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC. Mandatory access control (MAC) Discretionary access control (DAC) Role-based access control (RBAC) Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC. Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response. Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s). Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: Analyze information security systems compliance requirements within the User Domain. Use technology and information resources to research issues in security strategy and policy formation. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. ------------------------------------------------------------------------------ CIS 349 Week 6 Discussion FOR MORE CLASSES VISIT www.cis349rank.com Many companies, large and small, have implemented Bring Your Own Device (BYOD) policies allowing employees to use their personal
smartphones and tablets to conduct business while at work. Debate the major pros and cons of implementing such a policy. Identify three (3) risks that might result from implementing a BYOD policy. Suggest a method for mitigating each risk you have identified. Provide a rationale for your response. ------------------------------------------------------------------------------ CIS 349 Week 8 Assignment 4 Designing Compliance Within The Lan- To-Wan Domain (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic CIS 349 Week 8 Assignment 4 Designing Compliance Within The Lan- To-Wan Domain Assignment 4: Designing Compliance within the LAN-to-WAN Domain
Note: Review the page requirements and formatting instructions for this assignment closely. Graphically depicted solutions, as well as the standardized formatting requirements, do NOT count toward the overall page length. Imagine you are an Information Systems Security Officer for a medium- sized financial services firm that has operations in four (4) states (Virginia, Florida, Arizona, and California). Due to the highly sensitive data created, stored, and transported by your organization, the CIO is concerned with implementing proper security controls for the LAN-to- WAN domain. Specifically, the CIO is concerned with the following areas: Protecting data privacy across the WAN Filtering undesirable network traffic from the Internet Filtering the traffic to the Internet that does not adhere to the organizational acceptable use policy (AUP) for the Web Having a zone that allows access for anonymous users but aggressively controls information exchange with internal resources Having an area designed to trap attackers in order to monitor attacker activities Allowing a means to monitor network traffic in real time as a means to identify and block unusual activity Hiding internal IP addresses Allowing operating system and application patch management
The CIO has tasked you with proposing a series of hardware and software controls designed to provide security for the LAN-to-WAN domain. The CIO anticipates receiving both a written report and diagram(s) to support your recommendations. Write a three to five (3-5) page paper in which you: Use MS Visio or an open source equivalent to graphically depict a solution for the provided scenario that will:Identify the fundamentals of public key infrastructure (PKI). filter undesirable network traffic from the Internet filter Web traffic to the Internet that does not adhere to the organizational AUP for the Web allow for a zone for anonymous users but aggressively controls information exchange with internal resources allow for an area designed to trap attackers in order to monitor attacker activities offer a means to monitor network traffic in real time as a means to identify and block unusual activity hide internal IP addresses Describe the manner in which your solution will protect the privacy of data transmitted across the WAN. Analyze the requirements necessary to allow for proper operating system and application patch management and describe a solution that would be effective.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Note: The graphically depicted solution is not included in the required page length. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. Include charts or diagrams created in Visio or an equivalent such as Dia or OpenOffice. The completed diagrams / charts must be imported into the Word document before the paper is submitted. The specific course learning outcomes associated with this assignment are: Analyze information security systems compliance requirements within the Workstation and LAN Domains. Use technology and information resources to research issues in security strategy and policy formation.
Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions ------------------------------------------------------------------------------ CIS 349 Week 8 Discussion FOR MORE CLASSES VISIT www.cis349rank.com Remote access to corporate resources is becoming commonplace. From an auditing perspective, suggest two (2) or more controls that should be in place to prevent the loss or theft of confidential information. Give your opinion on what you believe are the essential elements of an acceptable use policy for remote access. Elaborate on each item and justify its importance. ------------------------------------------------------------------------------ CIS 349 Week 9 Discussion FOR MORE CLASSES VISIT www.cis349rank.com
Data Center Management" Please respond to the following: Imagine you are an IT security specialist of a large organization which is opening a new data center. Recommend a minimum of three (3) controls, other than door locks, you would utilize to secure the new data center physically. Support your recommendations. Recommend a process to govern obtaining, testing, and distributing patches for operating systems and applications within the new data center. Provide your rationale ------------------------------------------------------------------------------ CIS 349 Week 10 Discussion FOR MORE CLASSES VISIT www.cis349rank.com "IT Auditor" Please respond to the following: Take a position on whether or not you would want to pursue a career as an IT auditor. Explain the key reasons why or why not. Determine if you would recommend this job to your family and friends. Provide a rationale for your response. Imagine you are working as an IT auditor. Identify the three (3) best practices you believe would be most useful when conducting audits for various businesses. Justify your choices
------------------------------------------------------------------------------ CIS 349 Week 10 Term Paper Planning An It Infrastructure Audit For Compliance (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic CIS 349 Week 10 Term Paper Planning An It Infrastructure Audit For Compliance erm Paper: Planning an IT Infrastructure Audit for Compliance Due Week 10 and worth 200 points The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines what’s supposed to be achieved as well as what procedures will be followed and the required resources to carry out the procedures. Considering your current or previous organization or an organization
you are familiar with, develop an IT infrastructure audit for compliance. Chapter 5 of the required textbook may be helpful in the completion of the term paper. Write a ten to fifteen (10-15) page paper in which you: Define the following items for an organization in which you are familiar with: Scope Goals and objectives Frequency of the audit Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
Develop a plan for assessing IT security for your chosen organization by conducting the following: Risk management Threat analysis Vulnerability analysis Risk assessment analysis Explain how to obtain information, documentation, and resources for the audit. Analyze how each of the seven (7) domains aligns within your chosen organization. Develop a plan that: Examines the existence of relevant and appropriate security policies and procedures.
Verifies the existence of controls supporting the policies. Verifies the effective implementation and ongoing monitoring of the controls. Identify all critical security control points that must be verified throughout the IT infrastructure, and develop a plan that include adequate controls to meet high-level defined control objectives within this organization. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are: Explain the use of standards and frameworks in a compliance audit of an IT infrastructure. Describe the components and basic requirements for creating an audit plan to support business and system considerations. Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance. Analyze information security systems compliance requirements within the User Domain. Analyze information security systems compliance requirements within the Workstation and LAN Domains. Design and implement ISS compliance within the LAN-to-WAN and WAN domains with an appropriate framework.
Explain information security systems compliance requirements within the Remote Access Domain. Explain information security systems compliance requirements within the System / Application Domain. Use technology and information resources to research issues in security strategy and policy formation. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions ------------------------------------------------------------------------------

More Related Content

DOCX
CIS 349 RANK Become Exceptional--cis349rank.com
claric103
 
DOCX
CIS 349 RANK Achievement Education--cis349rank.com
claric154
 
PDF
Cis 349 Teaching Effectively--tutorialrank.com
Soaps82
 
DOC
Cis 349 Education Specialist-snaptutorial.com
robertlesew95
 
DOC
Cis 349 Exceptional Education-snaptutorial.com
robertleses8
 
DOCX
CIS 349 Enhance teaching / snaptutorial.com
donaldzs55
 
DOC
Cis 349 Effective Communication-snaptutorial.com
jhonklinz9
 
PDF
Cis 349 Inspiring Innovation--tutorialrank.com
PrescottLunt371
 
CIS 349 RANK Become Exceptional--cis349rank.com
claric103
 
CIS 349 RANK Achievement Education--cis349rank.com
claric154
 
Cis 349 Teaching Effectively--tutorialrank.com
Soaps82
 
Cis 349 Education Specialist-snaptutorial.com
robertlesew95
 
Cis 349 Exceptional Education-snaptutorial.com
robertleses8
 
CIS 349 Enhance teaching / snaptutorial.com
donaldzs55
 
Cis 349 Effective Communication-snaptutorial.com
jhonklinz9
 
Cis 349 Inspiring Innovation--tutorialrank.com
PrescottLunt371
 

What's hot (12)

DOCX
CIS 349 RANK Lessons in Excellence--cis349rank.com
RoelofMerwe139
 
DOCX
CIS 349 RANK Inspiring Innovation--cis349rank.com
KeatonJennings91
 
DOCX
CIS 349 Entire Course NEW
shyamuopuop
 
DOCX
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan37
 
DOCX
CIS 349 Effective Communication/tutorialrank.com
jonhson185
 
DOC
CIS 349 Imagine Your Future/newtonhelp.com   
bellflower46
 
DOCX
Cis 349 Extraordinary Success/newtonhelp.com
amaranthbeg147
 
DOC
Stayer cis 349 final exam guide set 1 new
shyaminfo17
 
DOC
Stayer cis 349 final exam guide set 1 new
Tristanmillerr
 
DOC
Uop cis 349 final exam guide set 1 new
matthewtaylorliam12
 
DOC
Uop cis 349 final exam guide set 1 new
uopassignment
 
DOC
Uop cis 349 final exam guide set 1 new
eyavagal
 
CIS 349 RANK Lessons in Excellence--cis349rank.com
RoelofMerwe139
 
CIS 349 RANK Inspiring Innovation--cis349rank.com
KeatonJennings91
 
CIS 349 Entire Course NEW
shyamuopuop
 
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan37
 
CIS 349 Effective Communication/tutorialrank.com
jonhson185
 
CIS 349 Imagine Your Future/newtonhelp.com   
bellflower46
 
Cis 349 Extraordinary Success/newtonhelp.com
amaranthbeg147
 
Stayer cis 349 final exam guide set 1 new
shyaminfo17
 
Stayer cis 349 final exam guide set 1 new
Tristanmillerr
 
Uop cis 349 final exam guide set 1 new
matthewtaylorliam12
 
Uop cis 349 final exam guide set 1 new
uopassignment
 
Uop cis 349 final exam guide set 1 new
eyavagal
 
Ad

Similar to CIS 349 RANK Introduction Education--cis349rank.com (18)

DOCX
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan38
 
PDF
Cis 349 final exam guide set 2
appleee1234
 
DOC
Stayer cis 349 final exam guide set 2 new
shyaminfo17
 
PDF
CIS 349 Final Exam Guide Set 2
critter04
 
DOC
Stayer cis 349 final exam guide set 2 new
Tristanmillerr
 
DOC
Strayer cis 349 final exam guide set 2 new
shyaminfo30
 
PDF
Cis 349 final exam guide set 2
lifesgood13
 
DOC
Uop cis 349 final exam guide set 2 new
eyavagal
 
DOC
Uop cis 349 final exam guide set 2 new
uopassignment
 
DOC
Uop cis 349 final exam guide set 2 new
uopassignment
 
DOC
Uop cis 349 final exam guide set 2 new
chanduruc123
 
DOC
Uop cis 349 final exam guide set 2 new
matthewtaylorliam12
 
DOC
Cis 349 final exam guide set 2 new
shyaminfo4
 
DOC
Uop cis 349 final exam guide set 1 new
eyavagal
 
DOC
Uop cis 349 final exam guide set 1 new
uopassignment
 
DOC
Cis 349 final exam guide set 1 new
shyaminfo4
 
DOC
Uop cis 349 final exam guide set 1 new
chanduruc123
 
DOC
Uop cis 349 final exam guide set 1 new
uopassignment
 
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan38
 
Cis 349 final exam guide set 2
appleee1234
 
Stayer cis 349 final exam guide set 2 new
shyaminfo17
 
CIS 349 Final Exam Guide Set 2
critter04
 
Stayer cis 349 final exam guide set 2 new
Tristanmillerr
 
Strayer cis 349 final exam guide set 2 new
shyaminfo30
 
Cis 349 final exam guide set 2
lifesgood13
 
Uop cis 349 final exam guide set 2 new
eyavagal
 
Uop cis 349 final exam guide set 2 new
uopassignment
 
Uop cis 349 final exam guide set 2 new
uopassignment
 
Uop cis 349 final exam guide set 2 new
chanduruc123
 
Uop cis 349 final exam guide set 2 new
matthewtaylorliam12
 
Cis 349 final exam guide set 2 new
shyaminfo4
 
Uop cis 349 final exam guide set 1 new
eyavagal
 
Uop cis 349 final exam guide set 1 new
uopassignment
 
Cis 349 final exam guide set 1 new
shyaminfo4
 
Uop cis 349 final exam guide set 1 new
chanduruc123
 
Uop cis 349 final exam guide set 1 new
uopassignment
 
Ad

Recently uploaded (20)

PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
master seminar digital applications in india
ananyaray35
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 

CIS 349 RANK Introduction Education--cis349rank.com

  • 1. CIS 349 Final Exam Guide Set 1 FOR MORE CLASSES VISIT www.cis349rank.com CIS 349 Final Exam Guide Set 1 1) ___________ are the components, including people, information, and conditions, that support business objectives. 2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of: 3) What is meant by business drivers? 4) Which law defines national standards for all consumer reports, including background checks? 5) ___________ isthe process of providing additional credentials that match the user ID or username. 6) What is meant by availability?
  • 2. 7) Which of the following is the definition of authorization? 8) An organization wants to determine how well it adheres to its security policy and determine if any “holes” exist. What type of analysis or assessment does it perform? 9) Which of the following is not a step to ensuring only authorized users can see confidential data in the LAN Domain? 10) Which of the following is not typically a LAN Domain component? 11) Which control is used in the LAN Domain to protect the confidentiality of data? 12) The following are LAN Domain controls except: 13) Here is a common flow a penetration tester follows to develop attacks: This step collects as much information about the target environment as possible. At this stage, the attacker is collecting both technical and nontechnical information. Both types of information can help the attacker determine how the organization operates, where it operates, and which characteristics the organization and its customers’ value. This is:
  • 3. 14) A nonintrusive penetration test ____________. 15) One particular type of network security testing simulates actions an attacker would take to attack your network. This is known as: 16) You have the least amount of control over who accesses data in the ______ Domain. 17) What is the primary type of control used to protect data in the WAN Domain? 18) What is a best practice for compliance in the WAN Domain? 19) The Remote Access Domain server components also generally reside in the ___________ environment, even though they still belong to the Remote Access Domain. 20) Which of the following is primarily a corrective control in the Remote Access Domain? 21) The most common control for protecting data privacy in untrusted environments is encryption. There are three main strategies for
  • 4. encrypting data to send to remote users. One strategy does not require any application intervention or changes at all. The connection with the remote user handles the encryption. The most common way to implement system connection encryption is by setting up a secure virtual private network (VPN). This is: 22) An important step in securing applications is to remove the _____________. 23) Security controls in the System/Application Domain generally fall into salient categories. The need to create backup copies of data or other strategies to protect the organization from data or functionality loss. 24) Which of the following is true of a hot site? 25) What name is given to an IIA certification that tests audit knowledge unique to the public sector? ------------------------------------------------------------------------------ CIS 349 Final Exam Guide Set 2 FOR MORE CLASSES VISIT www.cis349rank.com
  • 5. CIS 349 Final Exam Guide Set 2 1) Which type of access control defines permissions based on roles, or groups, and allows object owners and administrators to grant access rights at their discretion? 2) What is meant by business drivers? 3) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of: 4) ___________ are the components, including people, information, and conditions, that support business objectives. 5) ___________ is the process of providing additional credentials that match the user ID or username. 6) Which of the following is the definition of authorization? 7) An organization wants to determine how well it adheres to its security policy and determine if any “holes” exist. What type of analysis or assessment does it perform?
  • 6. 8) What is meant by availability? 9) There are two common types of monitoring tools available for monitoring LANs, __________ and network software log files. 10) Which control is used in the LAN Domain to protect the confidentiality of data? 11) Which of the following is not typically a LAN Domain component? 12) Which of the following is not a step to ensuring only authorized users can see confidential data in the LAN Domain? 13) A nonintrusive penetration test ____________. 14) What is a corrective control in the LAN-to-WAN Domain? 15) One particular type of network security testing simulates actions an attacker would take to attack your network. This is known as:
  • 7. 16) The __________ is a generic description for how computers use seven layers of protocol rules to communicate across a network. 17) Although __________ are not optimal for high bandwidth, large- volume network transfers, they work very well in most environments where you need to maintain connections between several other networks. 18) What is the primary type of control used to protect data in the WAN Domain? 19) The Remote Access Domain server components also generally reside in the ___________ environment, even though they still belong to the Remote Access Domain. 20) The most common control for protecting data privacy in untrusted environments is encryption. There are three main strategies for encrypting data to send to remote users. One strategy does not require any application intervention or changes at all. The connection with the remote user handles the encryption. The most common way to implement system connection encryption is by setting up a secure virtual private network (VPN). This is: 21) You want to configure devices to send an alert to the network manager when remote users connect to your network. Which protocol is the best choice for monitoring network devices?
  • 8. 22) Security controls in the System/Application Domain generally fall into salient categories. The need to create backup copies of data or other strategies to protect the organization from data or functionality loss. 23) From the perspective of application architectures, which of the following is generally not considered a critical application resource? 24) Which plan would address steps to take when a water main break interrupts water flow to your main office? 25) Who is responsible for verifying and testing an organization’s code of conduct? ------------------------------------------------------------------------------ CIS 349 Week 2 Assignment 1 Designing Ferpa Technical Safeguards (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic
  • 9. Imagine you are an Information Security consultant for a small college registrar’s office consisting of the registrar and two (2) assistant registrars, two (2) student workers, and one (1) receptionist. The office is physically located near several other office spaces. The assistant registrars utilize mobile devices over a wireless network to access student records, with the electronic student records being stored on a server located in the building. Additionally, each registrar’s office has a desktop computer that utilizes a wired network to access the server and electronic student records. The receptionist station has a desktop computer that is used to schedule appointments, but cannot access student records. In 1974, Congress enacted the Family Educational Rights and Privacy Act (FERPA) to help protect the integrity of student records. The college has hired you to ensure technical safeguards are appropriately designed to preserve the integrity of the student records maintained in the registrar’s office. Write a three to five (3-5) page paper in which you: Analyze proper physical access control safeguards and provide sound recommendations to be employed in the registrar’s office. Recommend the proper audit controls to be employed in the registrar’s office. Suggest three (3) logical access control methods to restrict unauthorized entities from accessing sensitive information, and explain why you suggested each method.
  • 10. Analyze the means in which data moves within the organization and identify techniques that may be used to provide transmission security safeguards. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. ------------------------------------------------------------------------------ CIS 349 Week 2 Discussion FOR MORE CLASSES VISIT www.cis349rank.com
  • 11. Select an organization with which you are familiar. Identify the compliance laws that you believe would be most relevant to this organization. Justify your response. Define the scope of an IT compliance audit that would verify whether or not this organization is in compliance with the laws you identified. ------------------------------------------------------------------------------ CIS 349 Week 4 Assignment 2 Organizational Risk Appetite and Risk Assessment (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic Assignment 2: Organizational Risk Appetite and Risk Assessment Due Week 4 and worth 100 points Imagine that a software development company has just appointed you to lead a risk assessment project. The Chief Information Officer (CIO) of the organization has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual
  • 12. property and highly sensitive data maintained by your organization. The CIO has asked you to prepare a short document before your team begins working. She would like for you to provide an overview of what the term “risk appetite” means and a suggested process for determining the risk appetite for the company. Also, she would like for you to provide some information about the method(s) you intend to use in performing a risk assessment. Write a two to three (2-3) page paper in which you: 1. Analyze the term “risk appetite”. Then, suggest at least one (1) practical example in which it applies. 2. Recommend the key method(s) for determining the risk appetite of the company. 3. Describe the process of performing a risk assessment. 4. Elaborate on the approach you will use when performing the risk assessment. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: · Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. · Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
  • 13. The specific course learning outcomes associated with this assignment are: · Describe the components and basic requirements for creating an audit plan to support business and system considerations. · Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance. · Use technology and information resources to research issues in security strategy and policy formation. · Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. ------------------------------------------------------------------------------ CIS 349 Week 5 Discussion FOR MORE CLASSES VISIT www.cis349rank.com "Monitoring the User Domain" Please respond to the following: It is common knowledge that employees are a necessary part of any business. Identify three (3) best practices in the user domain and suggest the control type(s) (technical or manual) that are best suited to monitor each best practice Describe how the implementation process for such controls might vary based on the business type. Determine the impact that other factors such
  • 14. as physical security, device type, and connectivity (wireless or wired) might have on the choices that are made. ------------------------------------------------------------------------------ CIS 349 Week 6 Assignment 3 Evaluating Access Control Methods (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic CIS 349 Week 6 Assignment 3 Evaluating Access Control Methods Imagine you are an Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization’s current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next
  • 15. meeting. Further, the CSO would like your help in determining the best access control method for the organization. Write a three to five (3-5) page paper in which you: Explain in your own words the elements of the following methods of access control:Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC. Mandatory access control (MAC) Discretionary access control (DAC) Role-based access control (RBAC) Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC. Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response. Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s). Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA
  • 16. or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: Analyze information security systems compliance requirements within the User Domain. Use technology and information resources to research issues in security strategy and policy formation. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. ------------------------------------------------------------------------------ CIS 349 Week 6 Discussion FOR MORE CLASSES VISIT www.cis349rank.com Many companies, large and small, have implemented Bring Your Own Device (BYOD) policies allowing employees to use their personal
  • 17. smartphones and tablets to conduct business while at work. Debate the major pros and cons of implementing such a policy. Identify three (3) risks that might result from implementing a BYOD policy. Suggest a method for mitigating each risk you have identified. Provide a rationale for your response. ------------------------------------------------------------------------------ CIS 349 Week 8 Assignment 4 Designing Compliance Within The Lan- To-Wan Domain (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic CIS 349 Week 8 Assignment 4 Designing Compliance Within The Lan- To-Wan Domain Assignment 4: Designing Compliance within the LAN-to-WAN Domain
  • 18. Note: Review the page requirements and formatting instructions for this assignment closely. Graphically depicted solutions, as well as the standardized formatting requirements, do NOT count toward the overall page length. Imagine you are an Information Systems Security Officer for a medium- sized financial services firm that has operations in four (4) states (Virginia, Florida, Arizona, and California). Due to the highly sensitive data created, stored, and transported by your organization, the CIO is concerned with implementing proper security controls for the LAN-to- WAN domain. Specifically, the CIO is concerned with the following areas: Protecting data privacy across the WAN Filtering undesirable network traffic from the Internet Filtering the traffic to the Internet that does not adhere to the organizational acceptable use policy (AUP) for the Web Having a zone that allows access for anonymous users but aggressively controls information exchange with internal resources Having an area designed to trap attackers in order to monitor attacker activities Allowing a means to monitor network traffic in real time as a means to identify and block unusual activity Hiding internal IP addresses Allowing operating system and application patch management
  • 19. The CIO has tasked you with proposing a series of hardware and software controls designed to provide security for the LAN-to-WAN domain. The CIO anticipates receiving both a written report and diagram(s) to support your recommendations. Write a three to five (3-5) page paper in which you: Use MS Visio or an open source equivalent to graphically depict a solution for the provided scenario that will:Identify the fundamentals of public key infrastructure (PKI). filter undesirable network traffic from the Internet filter Web traffic to the Internet that does not adhere to the organizational AUP for the Web allow for a zone for anonymous users but aggressively controls information exchange with internal resources allow for an area designed to trap attackers in order to monitor attacker activities offer a means to monitor network traffic in real time as a means to identify and block unusual activity hide internal IP addresses Describe the manner in which your solution will protect the privacy of data transmitted across the WAN. Analyze the requirements necessary to allow for proper operating system and application patch management and describe a solution that would be effective.
  • 20. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Note: The graphically depicted solution is not included in the required page length. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. Include charts or diagrams created in Visio or an equivalent such as Dia or OpenOffice. The completed diagrams / charts must be imported into the Word document before the paper is submitted. The specific course learning outcomes associated with this assignment are: Analyze information security systems compliance requirements within the Workstation and LAN Domains. Use technology and information resources to research issues in security strategy and policy formation.
  • 21. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions ------------------------------------------------------------------------------ CIS 349 Week 8 Discussion FOR MORE CLASSES VISIT www.cis349rank.com Remote access to corporate resources is becoming commonplace. From an auditing perspective, suggest two (2) or more controls that should be in place to prevent the loss or theft of confidential information. Give your opinion on what you believe are the essential elements of an acceptable use policy for remote access. Elaborate on each item and justify its importance. ------------------------------------------------------------------------------ CIS 349 Week 9 Discussion FOR MORE CLASSES VISIT www.cis349rank.com
  • 22. Data Center Management" Please respond to the following: Imagine you are an IT security specialist of a large organization which is opening a new data center. Recommend a minimum of three (3) controls, other than door locks, you would utilize to secure the new data center physically. Support your recommendations. Recommend a process to govern obtaining, testing, and distributing patches for operating systems and applications within the new data center. Provide your rationale ------------------------------------------------------------------------------ CIS 349 Week 10 Discussion FOR MORE CLASSES VISIT www.cis349rank.com "IT Auditor" Please respond to the following: Take a position on whether or not you would want to pursue a career as an IT auditor. Explain the key reasons why or why not. Determine if you would recommend this job to your family and friends. Provide a rationale for your response. Imagine you are working as an IT auditor. Identify the three (3) best practices you believe would be most useful when conducting audits for various businesses. Justify your choices
  • 23. ------------------------------------------------------------------------------ CIS 349 Week 10 Term Paper Planning An It Infrastructure Audit For Compliance (2 Papers) FOR MORE CLASSES VISIT www.cis349rank.com This Tutorial contains 2 Papers on the Below Mentioned Topic CIS 349 Week 10 Term Paper Planning An It Infrastructure Audit For Compliance erm Paper: Planning an IT Infrastructure Audit for Compliance Due Week 10 and worth 200 points The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines what’s supposed to be achieved as well as what procedures will be followed and the required resources to carry out the procedures. Considering your current or previous organization or an organization
  • 24. you are familiar with, develop an IT infrastructure audit for compliance. Chapter 5 of the required textbook may be helpful in the completion of the term paper. Write a ten to fifteen (10-15) page paper in which you: Define the following items for an organization in which you are familiar with: Scope Goals and objectives Frequency of the audit Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
  • 25. Develop a plan for assessing IT security for your chosen organization by conducting the following: Risk management Threat analysis Vulnerability analysis Risk assessment analysis Explain how to obtain information, documentation, and resources for the audit. Analyze how each of the seven (7) domains aligns within your chosen organization. Develop a plan that: Examines the existence of relevant and appropriate security policies and procedures.
  • 26. Verifies the existence of controls supporting the policies. Verifies the effective implementation and ongoing monitoring of the controls. Identify all critical security control points that must be verified throughout the IT infrastructure, and develop a plan that include adequate controls to meet high-level defined control objectives within this organization. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
  • 27. The specific course learning outcomes associated with this assignment are: Explain the use of standards and frameworks in a compliance audit of an IT infrastructure. Describe the components and basic requirements for creating an audit plan to support business and system considerations. Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance. Analyze information security systems compliance requirements within the User Domain. Analyze information security systems compliance requirements within the Workstation and LAN Domains. Design and implement ISS compliance within the LAN-to-WAN and WAN domains with an appropriate framework.
  • 28. Explain information security systems compliance requirements within the Remote Access Domain. Explain information security systems compliance requirements within the System / Application Domain. Use technology and information resources to research issues in security strategy and policy formation. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions ------------------------------------------------------------------------------