Cis 349 - Study guides, Class notes & Summaries

CIS 349 - Information Technology Audit and Control - Final Exam V3.Many organizations use a RACI matrix to document tasks and the personnel responsible for the assignments. RACI stands for , , consulted, and informed.Regarding user security clearances, in addition to possessing a clearance level that matches or exceeds the classification label of an object, a subject must have the for the object as well.Which of the following is the best tool for uncovering evidence of past behavior that might i...

CIS 349 - Information Technology Audit and Control - Final Exam V2CIS 349 - Information Technology Audit and Control - Final Exam V2are mechanisms that repair damage caused by an undesired action and limit further damage, such as the procedure to remove viruses or using a firewall t'o block an attacking system.'Which of the following best describes corrective controls?When hiring personnel, you should communicate your organization's security policy clearly. The employee's or contractor's is...

What is generally NOT a negative effect of noncompliance with regulations?What term is given to the practice of mitigating risks through controls?Organizations are expected to abide by any laws that apply to them. What is this commonly called?Which of the following requires organizations to have an annual assessment by a Qualified Security Assessor (QSA)?Which of the following best describes Certification and Accreditation (C&A)?Which law requires consent to disclose educational records othe...

CIS 349 Week 5 Midterm Exam 1. This is an assessment method that attempts to bypass controls and gain access to a specific system by simulating the actions of a would-be attacker. 2. ________ seeks to better run an organization using complete and accurate information and management processes or controls. 3. What term is given to the practice of mitigating risks through controls? 4. What is the Public Company Accounting Oversight Board (PCAOB)? 5. What is the name of the process, b...

CIS 349 Final Exam - Question and Answers 1. Many organizations use a RACI matrix to document tasks and the personnel responsible for the assignments. RACI stands for ___________, ___________, consulted, and informed. 2. Regarding user security clearances, in addition to possessing a clearance level that matches or exceeds the classification label of an object, a subject must have the ___________ for the object as well. 3. Company A has a project plan for a new product under development...

CIS 349|Information Technology Audit And Control Midterm exam Review

CIS 349 - Information Technology Audit and Control-FInal Exam V1CIS 349 - Information Technology Audit and Control-FInal Exam V1A systems administrator sets permissions to prevent unauthorized data access by certain users. Each user can perform his or her job but not access data that their job doesn't require. This is known as the principle of:A high-level statement defines an organization's commitment to security and the definition of a secure system, such as the importance of changing passwo...

CIS 349 - Information Technology Audit and Control - Final Exam V3 CIS 349 - Information Technology Audit and Control - Final Exam V3.Many organizations use a RACI matrix to document tasks and the personnel responsible for the assignments. RACI stands for , , consulted, and informed.Regarding user security clearances, in addition to possessing a clearance level that matches or exceeds the classification label of an object, a subject must have the for the object as well.Which of the following ...

CIS 349 - Information Technology Audit and Control-FInal Exam V1CIS 349 - Information Technology Audit and Control-FInal Exam V1A systems administrator sets permissions to prevent unauthorized data access by certain users. Each user can perform his or her job but not access data that their job doesn't require. This is known as the principle of:A high-level statement defines an organization's commitment to security and the definition of a secure system, such as the importance of changing passwo...

CIS 349 - Information Technology Audit and Control - Final Exam V2CIS 349 - Information Technology Audit and Control - Final Exam V2are mechanisms that repair damage caused by an undesired action and limit further damage, such as the procedure to remove viruses or using a firewall t'o block an attacking system.'Which of the following best describes corrective controls?When hiring personnel, you should communicate your organization's security policy clearly. The employee's or contractor's is...