This document provides study materials for the CIS 349 final exam, including guides with questions and answers on various topics related to information security. It covers concepts like business drivers, compliance laws, authentication methods, availability, logical access controls, penetration testing steps, network security testing, controls for different network domains (LAN, WAN, remote access, system/application), and audit certifications. The materials are organized into multiple sets that could be used to prepare for the exam. Key topics assessed include technical and administrative controls for different network environments, compliance requirements, security assessments, and access control methods.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
CIS 349 Imagine Your Future/newtonhelp.com bellflower46
For more course tutorials visit
www.newtonhelp.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
CIS 349 Final Exam Guide Set 1
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
CIS 349 RANK Become Exceptional--cis349rank.comclaric103
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of:
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of:
3) What is meant by business drivers?
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of:
For more course tutorials visit
www.newtonhelp.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use
For more course tutorials visit
uophelp.com is now newtonhelp.com
www.newtonhelp.com
If the evaluator respects that inside controls are inadequately supporting organization's assertions, the inspector must form and execute moreover tests to give an all around examination of each part, along these lines laying out in more important detail any misrepresentations that may have happened.
CIS 349 Final Exam Guide Set 2
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
CIS 349 Imagine Your Future/newtonhelp.com bellflower46
For more course tutorials visit
www.newtonhelp.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
CIS 349 Final Exam Guide Set 1
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
CIS 349 RANK Become Exceptional--cis349rank.comclaric103
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of:
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of:
3) What is meant by business drivers?
FOR MORE CLASSES VISIT
www.cis349rank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known as the principle of:
For more course tutorials visit
www.newtonhelp.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use
For more course tutorials visit
uophelp.com is now newtonhelp.com
www.newtonhelp.com
If the evaluator respects that inside controls are inadequately supporting organization's assertions, the inspector must form and execute moreover tests to give an all around examination of each part, along these lines laying out in more important detail any misrepresentations that may have happened.
CIS 349 Final Exam Guide Set 2
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
1. CIS 349 Final Exam Guide Set 1
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people,
information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties
is to use access controls to prevent unauthorized data access. The
ultimate goal is to define access control where each user has the
permissions to carry out assigned tasks and nothing else. This is
known as the principle of:
3) What is meant by business drivers?
4) Which law defines national standards for all consumer reports,
including background checks?
2. 5) ___________ is the process of providing additional
credentials that match the user ID or username.
6) What is meant by availability?
7) Which of the following is the definition of authorization?
8) An organization wants to determine how well it adheres to
its security policy and determine if any “holes” exist. What type of
analysis or assessment does it perform?
9) Which of the following is not a step to ensuring only
authorized users can see confidential data in the LAN Domain?
10) Which of the following is not typically a LAN Domain
component?
11) Which control is used in the LAN Domain to protect the
confidentiality of data?
12) The following are LAN Domain controls except:
3. 13) Here is a common flow a penetration tester follows to
develop attacks: This step collects as much information about the
target environment as possible. At this stage, the attacker is
collecting both technical and nontechnical information. Both types
of information can help the attacker determine how the
organization operates, where it operates, and which characteristics
the organization and its customers’ value. This is:
14) A nonintrusive penetration test ____________.
15) One particular type of network security testing simulates
actions an attacker would take to attack your network. This is
known as:
16) You have the least amount of control over who accesses
data in the ______ Domain.
17) What is the primary type of control used to protect data in the
WAN Domain?
18) What is a best practice for compliance in the WAN Domain?
19) The Remote Access Domain server components also generally
reside in the ___________ environment, even though they still
belong to the Remote Access Domain.
20) Which of the following is primarily a corrective control in
the Remote Access Domain?
4. 21) The most common control for protecting data privacy in
untrusted environments is encryption. There are three main
strategies for encrypting data to send to remote users. One strategy
does not require any application intervention or changes at all. The
connection with the remote user handles the encryption. The most
common way to implement system connection encryption is by
setting up a secure virtual private network (VPN). This is:
22) An important step in securing applications is to remove the
_____________.
23) Security controls in the System/Application Domain generally
fall into salient categories. The need to create backup copies of
data or other strategies to protect the organization from data or
functionality loss.
24) Which of the following is true of a hot site?
25) What name is given to an IIA certification that tests audit
knowledge unique to the public sector?
************************************
CIS 349 Final Exam Guide Set 2
5. For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 2
1) Which type of access control defines permissions based on roles,
or groups, and allows object owners and administrators to grant
access rights at their discretion?
2) What is meant by business drivers?
3) The first step in the implementation of separation of duties is to
use access controls to prevent unauthorized data access. The
ultimate goal is to define access control where each user has the
permissions to carry out assigned tasks and nothing else. This is
known as the principle of:
4) ___________ are the components, including people,
information, and conditions, that support business objectives.
5) ___________ is the process of providing additional credentials
that match the user ID or username.
6) Which of the following is the definition of authorization?
6. 7) An organization wants to determine how well it adheres to its
security policy and determine if any “holes” exist. What type of
analysis or assessment does it perform?
8) What is meant by availability?
9) There are two common types of monitoring tools available
for monitoring LANs, __________ and network software log files.
10) Which control is used in the LAN Domain to protect the
confidentiality of data?
7. 11) Which of the following is not typically a LAN Domain
component?
12) Which of the following is not a step to ensuring only
authorized users can see confidential data in the LAN Domain?
13) A nonintrusive penetration test ____________.
14) What is a corrective control in the LAN-to-WAN Domain?
15) One particular type of network security testing simulates
actions an attacker would take to attack your network. This is
known as:
16) The __________ is a generic description for how computers
use seven layers of protocol rules to communicate across a network.
8. 17) Although __________ are not optimal for high bandwidth,
large-volume network transfers, they work very well in most
environments where you need to maintain connections between
several other networks.
18) What is the primary type of control used to protect data in the
WAN Domain?
19) The Remote Access Domain server components also generally
reside in the ___________ environment, even though they still
belong to the Remote Access Domain.
20) The most common control for protecting data privacy in
untrusted environments is encryption. There are three main
strategies for encrypting data to send to remote users. One strategy
does not require any application intervention or changes at all. The
connection with the remote user handles the encryption. The most
common way to implement system connection encryption is by
setting up a secure virtual private network (VPN). This is:
21) You want to configure devices to send an alert to the network
manager when remote users connect to your network. Which
protocol is the best choice for monitoring network devices?
22) Security controls in the System/Application Domain generally
fall into salient categories. The need to create backup copies of
data or other strategies to protect the organization from data or
functionality loss.
9. 23) From the perspective of application architectures, which of
the following is generally not considered a critical application
resource?
24) Which plan would address steps to take when a water main
break interrupts water flow to your main office?
25) Who is responsible for verifying and testing an organization’s
code of conduct?
************************************
CIS 349 Week 2 Assignment 1 Designing Ferpa Technical
Safeguards (2 Papers)
For more course tutorials visit
www.tutorialrank.com
Imagine you are an Information Security consultant for a small
college registrar’s office consisting of the registrar and two (2)
10. assistant registrars, two (2) student workers, and one (1)
receptionist. The office is physically located near several other
office spaces. The assistant registrars utilize mobile devices over a
wireless network to access student records, with the electronic
student records being stored on a server located in the building.
Additionally, each registrar’s office has a desktop computer that
utilizes a wired network to access the server and electronic student
records. The receptionist station has a desktop computer that is
used to schedule appointments, but cannot access student records.
In 1974, Congress enacted the Family Educational Rights and
Privacy Act (FERPA) to help protect the integrity of student
records. The college has hired you to ensure technical safeguards
are appropriately designed to preserve the integrity of the student
records maintained in the registrar’s office.
Write a three to five (3-5) page paper in which you:
Analyze proper physical access control safeguards and provide
sound recommendations to be employed in the registrar’s office.
Recommend the proper audit controls to be employed in the
registrar’s office.
11. Suggest three (3) logical access control methods to restrict
unauthorized entities from accessing sensitive information, and
explain why you suggested each method.
Analyze the means in which data moves within the organization
and identify techniques that may be used to provide transmission
security safeguards.
Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor
for any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the
required assignment page length.
************************************
CIS 349 Week 2 Discussion
12. For more course tutorials visit
www.tutorialrank.com
Select an organization with which you are familiar. Identify the
compliance laws that you believe would be most relevant to this
organization.
Justify your response.
Define the scope of an IT compliance audit that would verify whether or
not this organization is in compliance with the laws you identified.
************************************
CIS 349 Week 4 Assignment 2 Organizational Risk Appetite and
Risk Assessment (2 Papers)
For more course tutorials visit
www.tutorialrank.com
Assignment 2: Organizational Risk Appetite and Risk Assessment
13. Due Week 4 and worth 100 points
Imagine that a software development company has just appointed
you to lead a risk assessment project. The Chief Information
Officer (CIO) of the organization has seen reports of malicious
activity on the rise and has become extremely concerned with the
protection of the intellectual property and highly sensitive data
maintained by your organization. The CIO has asked you to
prepare a short document before your team begins working. She
would like for you to provide an overview of what the term “risk
appetite” means and a suggested process for determining the risk
appetite for the company. Also, she would like for you to provide
some information about the method(s) you intend to use in
performing a risk assessment.
Write a two to three (2-3) page paper in which you:
Analyze the term “risk appetite”. Then, suggest at least one (1)
practical example in which it applies.
Recommend the key method(s) for determining the risk appetite of
the company.
Describe the process of performing a risk assessment.
Elaborate on the approach you will use when performing the risk
assessment.
14. Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor
for any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the
required assignment page length.
The specific course learning outcomes associated with this
assignment are:
Describe the components and basic requirements for creating an
audit plan to support business and system considerations.
Describe the parameters required to conduct and report on IT
infrastructure audit for organizational compliance.
Use technology and information resources to research issues in
security strategy and policy formation.
Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions.
************************************
15. CIS 349 Week 5 Discussion
For more course tutorials visit
www.tutorialrank.com
"Monitoring the User Domain" Please respond to the following:
It is common knowledge that employees are a necessary part of any
business. Identify three (3) best practices in the user domain and suggest
the control type(s) (technical or manual) that are best suited to monitor
each best practice
Describe how the implementation process for such controls might vary
based on the business type. Determine the impact that other factors such
as physical security, device type, and connectivity (wireless or wired)
might have on the choices that are made.
************************************
CIS 349 Week 6 Assignment 3 Evaluating Access Control
Methods (2 Papers)
For more course tutorials visit
www.tutorialrank.com
16. CIS 349 Week 6 Assignment 3 Evaluating Access Control
Methods
Imagine you are an Information Systems Security Specialist for a
medium-sized federal government contractor. The Chief Security
Officer (CSO) is worried that the organization’s current methods
of access control are no longer sufficient. In order to evaluate the
different methods of access control, the CSO requested that you
research: mandatory access control (MAC), discretionary access
control (DAC), and role-based access control (RBAC). Then,
prepare a report addressing positive and negative aspects of each
access control method. This information will be presented to the
Board of Directors at their next meeting. Further, the CSO would
like your help in determining the best access control method for
the organization.
Write a three to five (3-5) page paper in which you:
Explain in your own words the elements of the following methods
of access control:Compare and contrast the positive and negative
aspects of employing a MAC, DAC, and RBAC.
17. Mandatory access control (MAC)
Discretionary access control (DAC)
Role-based access control (RBAC)
Suggest methods to mitigate the negative aspects for MAC, DAC,
and RBAC.
Evaluate the use of MAC, DAC, and RBAC methods in the
organization and recommend the best method for the organization.
Provide a rationale for your response.
Speculate on the foreseen challenge(s) when the organization
applies the method you chose. Suggest a strategy to address such
challenge(s).
Use at least three (3) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
18. Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor
for any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the
required assignment page length.
The specific course learning outcomes associated with this
assignment are:
Analyze information security systems compliance requirements
within the User Domain.
Use technology and information resources to research issues in
security strategy and policy formation.
Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions.
************************************
CIS 349 Week 6 Discussion
19. For more course tutorials visit
www.tutorialrank.com
Many companies, large and small, have implemented Bring Your Own
Device (BYOD) policies allowing employees to use their personal
smartphones and tablets to conduct business while at work. Debate the
major pros and cons of implementing such a policy.
Identify three (3) risks that might result from implementing a BYOD
policy. Suggest a method for mitigating each risk you have identified.
Provide a rationale for your response.
************************************
CIS 349 Week 8 Assignment 4 Designing Compliance Within
The LanToWan Domain (2 Papers)
For more course tutorials visit
www.tutorialrank.com
20. CIS 349 Week 8 Assignment 4 Designing Compliance Within The
Lan-To-Wan Domain
Assignment 4: Designing Compliance within the LAN-to-WAN
Domain
Note: Review the page requirements and formatting instructions
for this assignment closely. Graphically depicted solutions, as well
as the standardized formatting requirements, do NOT count toward
the overall page length.
are an Information Systems Security Officer for a medium-sized
financial services firm that has operations in four (4) states
(Virginia, Florida, Arizona, and California). Due to the highly
sensitive data created, stored, and transported by your organization,
the CIO is concerned with implementing proper security controls
for the LAN-to-WAN domain. Specifically, the CIO is concerned
with the following areas:
Protecting data privacy across the WAN
Filtering undesirable network traffic from the Internet
Filtering the traffic to the Internet that does not adhere to the
organizational acceptable use policy (AUP) for the Web
21. Having a zone that allows access for anonymous users but
aggressively controls information exchange with internal resources
Having an area designed to trap attackers in order to monitor
attacker activities
Allowing a means to monitor network traffic in real time as a
means to identify and block unusual activity
Hiding internal IP addresses
Allowing operating system and application patch management
The CIO has tasked you with proposing a series of hardware and
software controls designed to provide security for the LAN-to-
WAN domain. The CIO anticipates receiving both a written report
and diagram(s) to support your recommendations.
Write a three to five (3-5) page paper in which you:
22. Use MS Visio or an open source equivalent to graphically depict a
solution for the provided scenario that will:Identify the
fundamentals of public key infrastructure (PKI).
filter undesirable network traffic from the Internet
filter Web traffic to the Internet that does not adhere to the
organizational AUP for the Web
allow for a zone for anonymous users but aggressively controls
information exchange with internal resources
allow for an area designed to trap attackers in order to monitor
attacker activities
offer a means to monitor network traffic in real time as a means to
identify and block unusual activity
hide internal IP addresses
23. Describe the manner in which your solution will protect the
privacy of data transmitted across the WAN.
Analyze the requirements necessary to allow for proper operating
system and application patch management and describe a solution
that would be effective.
Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Note: The graphically depicted solution is not included in the
required page length.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor
for any additional instructions.
24. Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the
required assignment page length.
Include charts or diagrams created in Visio or an equivalent such
as Dia or OpenOffice. The completed diagrams / charts must be
imported into the Word document before the paper is submitted.
The specific course learning outcomes associated with this
assignment are:
Analyze information security systems compliance requirements
within the Workstation and LAN Domains.
Use technology and information resources to research issues in
security strategy and policy formation.
Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions
25. ************************************
CIS 349 Week 8 Discussion
For more course tutorials visit
www.tutorialrank.com
Remote access to corporate resources is becoming commonplace. From
an auditing perspective, suggest two (2) or more controls that should be
in place to prevent the loss or theft of confidential information.
Give your opinion on what you believe are the essential elements of an
acceptable use policy for remote access. Elaborate on each item and
justify its importance.
************************************
CIS 349 Week 9 Discussion
For more course tutorials visit
www.tutorialrank.com
26. Data Center Management" Please respond to the following:
Imagine you are an IT security specialist of a large organization which is
opening a new data center. Recommend a minimum of three (3) controls,
other than door locks, you would utilize to secure the new data center
physically. Support your recommendations.
Recommend a process to govern obtaining, testing, and distributing
patches for operating systems and applications within the new data
center. Provide your rationale
************************************
CIS 349 Week 10 Discussion
For more course tutorials visit
www.tutorialrank.com
"IT Auditor" Please respond to the following:
Take a position on whether or not you would want to pursue a career as
an IT auditor. Explain the key reasons why or why not. Determine if you
would recommend this job to your family and friends. Provide a
rationale for your response.
27. Imagine you are working as an IT auditor. Identify the three (3) best
practices you believe would be most useful when conducting audits for
various businesses. Justify your choices
************************************
CIS 349 Week 10 Term Paper Planning An It
Infrastructure Audit For Compliance (2 Papers)
For more course tutorials visit
www.tutorialrank.com
CIS 349 Week 10 Term Paper Planning An It Infrastructure Audit For
Compliance
erm Paper: Planning an IT Infrastructure Audit for Compliance
Due Week 10 and worth 200 points