For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
internship ppt on smartinternz platform as salesforce developer
Cis 349 Exceptional Education-snaptutorial.com
1. CIS 349 Final Exam Guide Set 1
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information,
and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is
to use access controls to prevent unauthorized data access. The
ultimate goal is to define access control where each user has the
permissions to carry out assigned tasks and nothing else. This is
known as the principle of:
3) What is meant by business drivers?
2. 4) Which law defines national standards for all consumer reports,
including background checks?
5) ___________ is the process of providing additional
credentials that match the user ID or username.
6) What is meant by availability?
7) Which of the following is the definition of
authorization?
8) An organization wants to determine how well it adheres to its
security policy and determine if any “holes” exist. What type of
analysis or assessment does it perform?
9) Which of the following is not a step to ensuring only
authorized users can see confidential data in the LAN
Domain?
10) Which of the following is not typically a LAN Domain
component?
11) Which control is used in the LAN Domain to protect the
confidentiality of data?
12) The following are LAN Domain controls
except:
3. 13) Here is a common flow a penetration tester follows to develop
attacks: This step collects as much information about the target
environment as possible. At this stage, the attacker is collecting both
technical and nontechnical information. Both types of information can
help the attacker determine how the organization operates, where it
operates, and which characteristics the organization and its customers’
value. This is:
14) A nonintrusive penetration test
____________.
15) One particular type of network security testing simulates
actions an attacker would take to attack your network. This is known
as:
16) You have the least amount of control over who accesses data
in the ______ Domain.
17) What is the primary type of control used to protect data in the
WAN Domain?
18) What is a best practice for compliance in the WAN
Domain?
19) The Remote Access Domain server components also generally
reside in the ___________ environment, even though they still belong
to the Remote Access Domain.
4. 20) Which of the following is primarily a corrective control in the
Remote Access Domain?
21) The most common control for protecting data privacy in untrusted
environments is encryption. There are three main strategies for
encrypting data to send to remote users. One strategy does not require
any application intervention or changes at all. The connection with the
remote user handles the encryption. The most common way to
implement system connection encryption is by setting up a secure
virtual private network (VPN). This is:
22) An important step in securing applications is to remove the
_____________.
23) Security controls in the System/Application Domain generally fall
into salient categories. The need to create backup copies of data or
other strategies to protect the organization from data or functionality
loss.
24) Which of the following is true of a hot site?
25) What name is given to an IIA certification that tests audit
knowledge unique to the public sector?
5. *******************************************************
CIS 349 Final Exam Guide Set 2
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 2
1) Which type of access control defines permissions based on roles, or
groups, and allows object owners and administrators to grant access
rights at their discretion?
2) What is meant by business drivers?
3) The first step in the implementation of separation of duties is to use
access controls to prevent unauthorized data access. The ultimate
goal is to define access control where each user has the permissions to
carry out assigned tasks and nothing else. This is known as the
principle of:
4) ___________ are the components, including people, information,
and conditions, that support business objectives.
6. 5) ___________ is the process of providing additional credentials that
match the user ID or username.
6) Which of the following is the definition of authorization?
7) An organization wants to determine how well it adheres to its
security policy and determine if any “holes” exist. What type of
analysis or assessment does it perform?
8) What is meant by availability?
9) There are two common types of monitoring tools available for
monitoring LANs, __________ and network software log files.
10) Which control is used in the LAN Domain to protect the
confidentiality of data?
11) Which of the following is not typically a LAN Domain
component?
12) Which of the following is not a step to ensuring only authorized
users can see confidential data in the LAN Domain?
13) A nonintrusive penetration test ____________.
7. 14) What is a corrective control in the LAN-to-WAN Domain?
15) One particular type of network security testing simulates actions
an attacker would take to attack your network. This is known as:
16) The __________ is a generic description for how computers use
seven layers of protocol rules to communicate across a network.
17) Although __________ are not optimal for high bandwidth, large-
volume network transfers, they work very well in most environments
where you need to maintain connections between several other
networks.
18) What is the primary type of control used to protect data in the
WAN Domain?
19) The Remote Access Domain server components also generally
reside in the ___________ environment, even though they still belong
to the Remote Access Domain.
20) The most common control for protecting data privacy in
untrusted environments is encryption. There are three main strategies
for encrypting data to send to remote users. One strategy does not
require any application intervention or changes at all. The connection
with the remote user handles the encryption. The most common way
to implement system connection encryption is by setting up a secure
virtual private network (VPN). This is:
8. 21) You want to configure devices to send an alert to the network
manager when remote users connect to your network. Which protocol
is the best choice for monitoring network devices?
22) Security controls in the System/Application Domain generally fall
into salient categories. The need to create backup copies of data or
other strategies to protect the organization from data or functionality
loss.
23) From the perspective of application architectures, which of the
following is generally not considered a critical application resource?
24) Which plan would address steps to take when a water main break
interrupts water flow to your main office?
25) Who is responsible for verifying and testing an organization’s
code of conduct?
*******************************************************
CIS 349 Week 2 Assignment 1 Designing
Ferpa Technical Safeguards (2 Papers)
9. For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers on the Below Mentioned Topic
Imagine you are an Information Security consultant for a small
college registrar’s office consisting of the registrar and two (2)
assistant registrars, two (2) student workers, and one (1) receptionist.
The office is physically located near several other office spaces. The
assistant registrars utilize mobile devices over a wireless network to
access student records, with the electronic student records being
stored on a server located in the building. Additionally, each
registrar’s office has a desktop computer that utilizes a wired network
to access the server and electronic student records. The receptionist
station has a desktop computer that is used to schedule appointments,
but cannot access student records. In 1974, Congress enacted the
Family Educational Rights and Privacy Act (FERPA) to help protect
the integrity of student records. The college has hired you to ensure
technical safeguards are appropriately designed to preserve the
integrity of the student records maintained in the registrar’s office.
Write a three to five (3-5) page paper in which you:
Analyze proper physical access control safeguards and provide sound
recommendations to be employed in the registrar’s office.
Recommend the proper audit controls to be employed in the
registrar’s office.
10. Suggest three (3) logical access control methods to restrict
unauthorized entities from accessing sensitive information, and
explain why you suggested each method.
Analyze the means in which data moves within the organization and
identify techniques that may be used to provide transmission security
safeguards.
Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for
any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
*******************************************************
CIS 349 Week 2 Discussion
For more classes visit
www.snaptutorial.com
11. Select an organization with which you are familiar. Identify the
compliance laws that you believe would be most relevant to this
organization.
Justify your response.
Define the scope of an IT compliance audit that would verify whether
or not this organization is in compliance with the laws you identified.
*******************************************************
CIS 349 Week 4 Assignment 2 Organizational
Risk Appetite and Risk Assessment (2 Papers)
For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers on the Below Mentioned Topic
Assignment 2: Organizational Risk Appetite and Risk Assessment
Due Week 4 and worth 100 points
Imagine that a software development company has just appointed you
to lead a risk assessment project. The Chief Information Officer (CIO)
of the organization has seen reports of malicious activity on the rise
and has become extremely concerned with the protection of the
intellectual property and highly sensitive data maintained by your
12. organization. The CIO has asked you to prepare a short document
before your team begins working. She would like for you to provide
an overview of what the term “risk appetite” means and a suggested
process for determining the risk appetite for the company. Also, she
would like for you to provide some information about the method(s)
you intend to use in performing a risk assessment.
Write a two to three (2-3) page paper in which you:
1. Analyze the term “risk appetite”. Then, suggest at least one (1)
practical example in which it applies.
2. Recommend the key method(s) for determining the risk appetite
of the company.
3. Describe the process of performing a risk assessment.
4. Elaborate on the approach you will use when performing the
risk assessment.
5. Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your
professor for any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Describe the components and basic requirements for creating an
audit plan to support business and system considerations.
13. • Describe the parameters required to conduct and report on IT
infrastructure audit for organizational compliance.
• Use technology and information resources to research issues in
security strategy and policy formation.
• Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics
and technical style conventions.
• ***************************************************
****
CIS 349 Week 5 Discussion
For more classes visit
www.snaptutorial.com
"Monitoring the User Domain" Please respond to the following:
It is common knowledge that employees are a necessary part of any
business. Identify three (3) best practices in the user domain and
suggest the control type(s) (technical or manual) that are best suited to
monitor each best practice
Describe how the implementation process for such controls might
vary based on the business type. Determine the impact that other
factors such as physical security, device type, and connectivity
(wireless or wired) might have on the choices that are made.
*******************************************************
14. CIS 349 Week 6 Assignment 3 Evaluating
Access Control Methods (2 Papers)
For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers on the Below Mentioned Topic
CIS 349 Week 6 Assignment 3 Evaluating Access Control Methods
Imagine you are an Information Systems Security Specialist for a
medium-sized federal government contractor. The Chief Security
Officer (CSO) is worried that the organization’s current methods of
access control are no longer sufficient. In order to evaluate the
different methods of access control, the CSO requested that you
research: mandatory access control (MAC), discretionary access
control (DAC), and role-based access control (RBAC). Then, prepare
a report addressing positive and negative aspects of each access
control method. This information will be presented to the Board of
Directors at their next meeting. Further, the CSO would like your help
in determining the best access control method for the organization.
Write a three to five (3-5) page paper in which you:
15. Explain in your own words the elements of the following methods of
access control:Compare and contrast the positive and negative aspects
of employing a MAC, DAC, and RBAC.
Mandatory access control (MAC)
Discretionary access control (DAC)
Role-based access control (RBAC)
Suggest methods to mitigate the negative aspects for MAC, DAC, and
RBAC.
Evaluate the use of MAC, DAC, and RBAC methods in the
organization and recommend the best method for the organization.
Provide a rationale for your response.
Speculate on the foreseen challenge(s) when the organization applies
the method you chose. Suggest a strategy to address such
challenge(s).
Use at least three (3) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for
any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this
assignment are:
16. Analyze information security systems compliance requirements
within the User Domain.
Use technology and information resources to research issues in
security strategy and policy formation.
Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions.
*******************************************************
CIS 349 Week 6 Discussion
For more classes visit
www.snaptutorial.com
Many companies, large and small, have implemented Bring Your
Own Device (BYOD) policies allowing employees to use their
personal smartphones and tablets to conduct business while at work.
Debate the major pros and cons of implementing such a policy.
Identify three (3) risks that might result from implementing a BYOD
policy. Suggest a method for mitigating each risk you have identified.
Provide a rationale for your response.
*******************************************************
17. CIS 349 Week 8 Assignment 4 Designing
Compliance Within The LanToWan Domain
(2 Papers)
For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers on the Below Mentioned Topic
CIS 349 Week 8 Assignment 4 Designing Compliance Within The
Lan-To-Wan Domain
Assignment 4: Designing Compliance within the LAN-to-WAN
Domain
Note: Review the page requirements and formatting instructions for
this assignment closely. Graphically depicted solutions, as well as the
standardized formatting requirements, do NOT count toward the
overall page length.
18. Imagine you are an Information Systems Security Officer for a
medium-sized financial services firm that has operations in four (4)
states (Virginia, Florida, Arizona, and California). Due to the highly
sensitive data created, stored, and transported by your organization,
the CIO is concerned with implementing proper security controls for
the LAN-to-WAN domain. Specifically, the CIO is concerned with
the following areas:
Protecting data privacy across the WAN
Filtering undesirable network traffic from the Internet
Filtering the traffic to the Internet that does not adhere to the
organizational acceptable use policy (AUP) for the Web
Having a zone that allows access for anonymous users but
aggressively controls information exchange with internal resources
Having an area designed to trap attackers in order to monitor attacker
activities
Allowing a means to monitor network traffic in real time as a means
to identify and block unusual activity
Hiding internal IP addresses
Allowing operating system and application patch management
The CIO has tasked you with proposing a series of hardware and
software controls designed to provide security for the LAN-to-WAN
domain. The CIO anticipates receiving both a written report and
diagram(s) to support your recommendations.
Write a three to five (3-5) page paper in which you:
19. Use MS Visio or an open source equivalent to graphically depict a
solution for the provided scenario that will:Identify the fundamentals
of public key infrastructure (PKI).
filter undesirable network traffic from the Internet
filter Web traffic to the Internet that does not adhere to the
organizational AUP for the Web
allow for a zone for anonymous users but aggressively controls
information exchange with internal resources
allow for an area designed to trap attackers in order to monitor
attacker activities
offer a means to monitor network traffic in real time as a means to
identify and block unusual activity
hide internal IP addresses
Describe the manner in which your solution will protect the privacy of
data transmitted across the WAN.
Analyze the requirements necessary to allow for proper operating
system and application patch management and describe a solution that
would be effective.
Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Note: The graphically depicted solution is not included in the required
page length.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
20. follow APA or school-specific format. Check with your professor for
any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
Include charts or diagrams created in Visio or an equivalent such as
Dia or OpenOffice. The completed diagrams / charts must be
imported into the Word document before the paper is submitted.
The specific course learning outcomes associated with this
assignment are:
Analyze information security systems compliance requirements
within the Workstation and LAN Domains.
Use technology and information resources to research issues in
security strategy and policy formation.
Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions
*******************************************************
CIS 349 Week 8 Discussion
For more classes visit
www.snaptutorial.com
21. Remote access to corporate resources is becoming commonplace.
From an auditing perspective, suggest two (2) or more controls that
should be in place to prevent the loss or theft of confidential
information.
Give your opinion on what you believe are the essential elements of
an acceptable use policy for remote access. Elaborate on each item
and justify its importance.
*******************************************************
CIS 349 Week 9 Discussion
For more classes visit
www.snaptutorial.com
Data Center Management" Please respond to the following:
Imagine you are an IT security specialist of a large organization
which is opening a new data center. Recommend a minimum of three
(3) controls, other than door locks, you would utilize to secure the
new data center physically. Support your recommendations.
Recommend a process to govern obtaining, testing, and distributing
patches for operating systems and applications within the new data
center. Provide your rationale
*******************************************************
22. CIS 349 Week 10 Discussion
For more classes visit
www.snaptutorial.com
"IT Auditor" Please respond to the following:
Take a position on whether or not you would want to pursue a career
as an IT auditor. Explain the key reasons why or why not. Determine
if you would recommend this job to your family and friends. Provide
a rationale for your response.
Imagine you are working as an IT auditor. Identify the three (3) best
practices you believe would be most useful when conducting audits
for various businesses. Justify your choices
*******************************************************
CIS 349 Week 10 Term Paper Planning An It
Infrastructure Audit For Compliance (2
Papers)
For more classes visit
www.snaptutorial.com
23. This Tutorial contains 2 Papers on the Below Mentioned Topic
CIS 349 Week 10 Term Paper Planning An It Infrastructure Audit For
Compliance
erm Paper: Planning an IT Infrastructure Audit for Compliance
Due Week 10 and worth 200 points
The audit planning process directly affects the quality of the outcome.
A proper plan ensures that resources are focused on the right areas
and that potential problems are identified early. A successful audit
first outlines what’s supposed to be achieved as well as what
procedures will be followed and the required resources to carry out
the procedures. Considering your current or previous organization or
an organization you are familiar with, develop an IT infrastructure
audit for compliance. Chapter 5 of the required textbook may be
helpful in the completion of the term paper.
Write a ten to fifteen (10-15) page paper in which you:
Define the following items for an organization in which you are
familiar with:
Scope
24. Goals and objectives
Frequency of the audit
Identify the critical requirements of the audit for your chosen
organization and explain why you consider them to be critical
requirements.
Choose privacy laws that apply to the organization, and suggest who
is responsible for privacy within the organization.
Develop a plan for assessing IT security for your chosen organization
by conducting the following:
Risk management
Threat analysis
Vulnerability analysis
Risk assessment analysis
25. Explain how to obtain information, documentation, and resources for
the audit.
Analyze how each of the seven (7) domains aligns within your chosen
organization.
Develop a plan that:
Examines the existence of relevant and appropriate security policies
and procedures.
Verifies the existence of controls supporting the policies.
Verifies the effective implementation and ongoing monitoring of the
controls.
Identify all critical security control points that must be verified
throughout the IT infrastructure, and develop a plan that include
adequate controls to meet high-level defined control objectives within
this organization.
Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
26. Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for
any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this
assignment are:
Explain the use of standards and frameworks in a compliance audit of
an IT infrastructure.
Describe the components and basic requirements for creating an audit
plan to support business and system considerations.
Describe the parameters required to conduct and report on IT
infrastructure audit for organizational compliance.
Analyze information security systems compliance requirements
within the User Domain.
27. Analyze information security systems compliance requirements
within the Workstation and LAN Domains.
Design and implement ISS compliance within the LAN-to-WAN and
WAN domains with an appropriate framework.
Explain information security systems compliance requirements within
the Remote Access Domain.
Explain information security systems compliance requirements within
the System / Application Domain.
Use technology and information resources to research issues in
security strategy and policy formation.
Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions
*******************************************************