CIS 462 Midterm Exam (2 Set) CIS 462 Midterm Exam (2 Set) | Page 2

(12) Authentication and encryption of intranet traffic is a _______ Domain issue. (13) __________ is the ability to reasonably ensure conformity and adherence to both internal and external policies, standards, procedures, laws, and regulations. (14) What is included in an IT policy framework? (15) Incident reporting, incident management, and user ID addition/removal are examples of which of the following? (16) Which of the following are written instructions on how to comply with standards? (17) What is something you can measure against to demonstrate value, such as gauging if you’ve reasonably covered risks in your organization? (18) Which personality type tends to be best suited for delivering security awareness training? (19) In Kotter’s change model, which step is generally part of informal discussions rather than part of the formal implementation process? (20) A primary reason why security policies often fail is ___________. (21) Which of the following is not true of security policy enforcement? (22) In Kotter’s change model, in which step does the ISO work with line management to collect metrics for assessing the policies’ effectiveness and ensure metrics are meaningful? (23) Which personality type tends to be associated with good leaders? (24) The basic elements of motivation include pride, success, and __________. (25) Disaster recovery and tape backups are examples of which type of security control? (26) What is the primary role of a security policy evangelist? (27) Before you begin security policy awareness training, what is the first step you should take to help ensure success? (28) Which of the following is not a security awareness training best practice? (29) When publishing an internal security policy or standard, which role or department usually gives final approval? (30) One of the key factors of a successful implementation of an organization-wide security policy