CIS 502 Midterm Set 2 CIS 502 Midterm Set 2 | Page 2

•
6
A qualitative risk assessment is used to identify:
•
7
An employee with a previous criminal history was terminated. The former
employee leaked several sensitive documents to the news media. To prevent this, the
organization should have:
• 8 CIA is known as:
• 9 The options for risk treatment are:
•
10 The statement, “Information systems should be configured to require strong
passwords”, is an example of a/an:
•
11 An organization has a strong, management-driven model of security related
activities such as policy, risk management, standards, and processes. This model is better
known as:
•
12 An organization wishes to purchase an application, and is undergoing a formal
procurement process to evaluate and select a product. What documentation should the
organization use to make sure that the application selected has the appropriate security-related
characteristics?
•
13
The statement, “Promote professionalism among information system security
practitioners through the provisioning of professional certification and training.” is an example
of a/an:
•
14One disadvantage of the use of digital certificates as a means for two-factor
authentication is NOT: