1. Once authenticated to one Active Directory Domain then the user can access the other domains on the network. Group of answer choices True False

2. Database logs are normally migrated to a separate server and reviewed by: Group of answer choices Database administrators, Security Administration, Operations Supervisor, CIO

3. How does Halon fight fires? Group of answer choices It reduces the fire's intake, It reduces the temperature of the area and cools the fire out, It disrupts the chemical reactions of a fire, It reduces the oxygens in the area

4. When is a security guard the best choice for a physical access control mechanism? Group of answer choices When discriminating judgment is required, When intrusion detection is required, When the security budget is low, When access controls are in place

5. Which problems may be caused by humidity in an area with electrical devices? Group of answer choices High humidity causes excess electricity, and low humidity causes corrosion High humidity causes corrosion, and low humidity causes static electricity High humidity causes power fluctuations, and low humidity causes static electricity High humidity causes corrosion, and low humidity causes power fluctuations

6. Security controls are most significant for which IT layer? Group of answer choices Network layer, Operating system, layer Database layer, All of the above

7. Dry pipe system reduced the accidental discharge of water because the water does not enter the pipes until an automatic fire sensor indicates there is an actual fire. Group of answer choices True False

8. What is the standard manner to control users with privileged access capability? Group of answer choices Restrict access, Limit number privileged users, Monitor activity, Segment the network

9. Logical security can occur at which levels of the IT infrastructure: Group of answer choices Operating system, System software, application Database management system, All of the above

10. The least risk manner to ensure access is set up correctly is using the principle of: Group of answer choices Least permissions, All permissions, Limited permissions, Restricted permissions

11. Access is assigned based on data classification and _____? Group of answer choices Object, Role, Functionality, Field level

12. Database security is sufficiently dynamic that it does not need network security and host operating system security to appropriately protect database resources. Group of answer choices True False

13. In logical security, credentialing is based on 4 questions. These include all the following except: Group of answer choices What you know? What you have? Where are you? What you do?

14. A password is a form of: Group of answer choices Authorization, Authentication, Monitoring, both A and B

15. Which act is the first-ever federal privacy standard to protect medical records? Group of answer choices Encrypted Communications Privacy Act of 1996, Privacy Act of 1974, HIPAA of 1996, All of the above

16. The control to periodically monitor user access is what type of control? Group of answer choices Preventative, Detective, Manual, Automated

17. Disabling the network ID should prohibit use of an active application account when which feature is deployed: Group of answer choices Passwords, Single Sign on Network, authentication, None of the above

18. Password features that comply with organization policy are part of which security concept? Group of answer choices Authentication, Authorization Access, management, Monitoring

19. SSO is a form of ______ Group of answer choices Authorization Authentication Monitoring A and B

20. The Company has an excellent password policy, including using a password phrase (includes 18-character length, alpha numeric and at least one special character) and requiring a 90-day password change interval. Specific senior executives decided they need not comply with the 90-day password change interval, so the Company excluded their network accounts from the password change policy. The internal auditors identified this item and noted it in their audit report. Senior executive management determined that they would accept the risk of not changing their password. a. Discuss the pros and cons of management's decision not to comply, including the ethical considerations. b. What could be the impact upon a data breach occurring? c. What can the Internal Auditor do if management accepts the risk? d. What happens if the written password policy allows the CIO to wave policy compliance for specific individuals? Is this still ethical?