The document is a guide for a final exam in a CIS course, featuring questions related to access control, business drivers, security policies, and network monitoring tools. It emphasizes concepts like the principle of least privilege, various types of controls, and security assessment methods. Additionally, it discusses specific security strategies such as encryption and creating backup copies to protect data.

1. STRAYER CIS 349 Final Exam Guide Set 2 NEW
Check this A+ tutorial guideline at
http://www.assignmentclick.com/cis-349-stayer/cis-349-
final-exam-guide-set-2-latest
For more classes visit
http://www.assignmentclick.com
1) Which type of access control defines permissions based on
roles, or groups, and allows object owners and administrators
to grant access rights at their discretion?
2) What is meant by business drivers?
3) The first step in the implementation of separation of duties
is to use access controls to prevent unauthorized data access.
The ultimate goal is to define access control where each user
has the permissions to carry out assigned tasks and nothing
else. This is known as the principle of:
4) ___________ are the components, including people, information,
and conditions, that support business objectives.
5) ___________ is the process of providing additional credentials
that match the user ID or username.
6) Which of the following is the definition of authorization?

2. 7) An organization wants to determine how well it adheres to
its security policy and determine if any “holes” exist. What type
of analysis or assessment does it perform?
8) What is meant by availability?
9) There are two common types of monitoring tools
available for monitoring LANs, __________ and network software
log files.
10) Which control is used in the LAN Domain to protect the
confidentiality of data?
11) Which of the following is not typically a LAN Domain
component?
12) Which of the following is not a step to ensuring only
authorized users can see confidential data in the LAN Domain?
13) A nonintrusive penetration test ____________.
14) What is a corrective control in the LAN-to-WAN Domain?
15) One particular type of network security testing simulates
actions an attacker would take to attack your network. This is
known as:
16) The __________ is a generic description for how computers use
seven layers of protocol rules to communicate across a
network.
17) Although __________ are not optimal for high bandwidth,
large-volume network transfers, they work very well in most
environments where you need to maintain connections

3. between several other networks.
18) What is the primary type of control used to protect data in
the WAN Domain?
19) The Remote Access Domain server components also
generally reside in the ___________ environment, even though they
still belong to the Remote Access Domain.
20) The most common control for protecting data privacy in
untrusted environments is encryption. There are three main
strategies for encrypting data to send to remote users. One
strategy does not require any application intervention or
changes at all. The connection with the remote user handles the
encryption. The most common way to implement system
connection encryption is by setting up a secure virtual private
network (VPN). This is:
21) You want to configure devices to send an alert to the
network manager when remote users connect to your network.
Which protocol is the best choice for monitoring network
devices?
22) Security controls in the System/Application Domain
generally fall into salient categories. The need to create backup
copies of data or other strategies to protect the organization
from data or functionality loss.
23) From the perspective of application architectures, which
of the following is generally not considered a critical
application resource?
24) Which plan would address steps to take when a water main
break interrupts water flow to your main office?

4. 25) Who is responsible for verifying and testing an
organization’s code of conduct?