The document is a guide for a final exam in a course related to computer information systems, covering a variety of topics such as access controls, security policies, and data confidentiality. It includes specific questions that address business drivers, legal standards, penetration testing, and controls in different network domains. The content appears to be designed to prepare students for questions they may encounter during the exam.

1. STRAYER CIS 349 Final Exam Guide Set 1 NEW
Check this A+ tutorial guideline at
http://www.assignmentclick.com/cis-349-stayer/cis-349-
final-exam-guide-set-1-latest
For more classes visit
http://www.assignmentclick.com
1) ___________ are the components, including people, information,
and conditions, that support business objectives.
2) The first step in the implementation of separation of
duties is to use access controls to prevent unauthorized data
access. The ultimate goal is to define access control where each
user has the permissions to carry out assigned tasks and
nothing else. This is known as the principle of:
3) What is meant by business drivers?
4) Which law defines national standards for all consumer
reports, including background checks?
5) ___________ is the process of providing additional
credentials that match the user ID or username.

2. 6) What is meant by availability?
7) Which of the following is the definition of authorization?
8) An organization wants to determine how well it adheres
to its security policy and determine if any “holes” exist. What
type of analysis or assessment does it perform?
9) Which of the following is not a step to ensuring only
authorized users can see confidential data in the LAN Domain?
10) Which of the following is not typically a LAN Domain
component?
11) Which control is used in the LAN Domain to protect the
confidentiality of data?
12) The following are LAN Domain controls except:
13) Here is a common flow a penetration tester follows to
develop attacks: This step collects as much information about
the target environment as possible. At this stage, the attacker is
collecting both technical and nontechnical information. Both
types of information can help the attacker determine how the
organization operates, where it operates, and which
characteristics the organization and its customers’ value. This
is:
14) A nonintrusive penetration test ____________.
15) One particular type of network security testing

3. simulates actions an attacker would take to attack your
network. This is known as:
16) You have the least amount of control over who accesses
data in the ______ Domain.
17) What is the primary type of control used to protect data in
the WAN Domain?
18) What is a best practice for compliance in the WAN Domain?
19) The Remote Access Domain server components also
generally reside in the ___________ environment, even though they
still belong to the Remote Access Domain.
20) Which of the following is primarily a corrective control
in the Remote Access Domain?
21) The most common control for protecting data privacy in
untrusted environments is encryption. There are three main
strategies for encrypting data to send to remote users. One
strategy does not require any application intervention or
changes at all. The connection with the remote user handles the
encryption. The most common way to implement system
connection encryption is by setting up a secure virtual private
network (VPN). This is:
22) An important step in securing applications is to remove the
_____________.

4. 23) Security controls in the System/Application Domain
generally fall into salient categories. The need to create backup
copies of data or other strategies to protect the organization
from data or functionality loss.
24) Which of the following is true of a hot site?
25) What name is given to an IIA certification that tests audit
knowledge unique to the public sector?