IT Governance and Compliance
Exam Materials
Course Introduction
IT Governance and Compliance explores the frameworks, policies, and strategies organizations use to ensure their information technology aligns with business objectives, manages risks, and complies with relevant laws and regulations. The course delves into global standards such as COBIT, ISO/IEC 38500, and ITIL, examining how effective IT governance enhances accountability, transparency, and performance. Students learn to identify regulatory requirements, design compliance programs, and balance organizational agility with security and ethical considerations. Practical case studies and real-world scenarios provide insights into implementing governance structures, audit processes, and compliance controls within diverse industries.
Recommended Textbook
Information Security and IT Risk Management 1st Edition by Manish Agrawal
Available Study Resources on Quizplus
14 Chapters
349 Verified Questions
349 Flashcards
Source URL: https://quizplus.com/study-set/3541
2
Chapter 1: Introduction
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70324
Sample Questions
Q1) The war between Russia and Georgia in 2008 is important to information security for A) Its impact on global warming
B) The use of nuclear weapons
C) Making people aware of the possibility of state-sponsored cyber-attacks
D) The heavy loss of life
Answer: C
Q2) Information security is becoming increasingly important because of
A) The increasing criticality of information to individuals and organizations
B) There is a general increase in criminal behavior in society
C) People are greedier these days
D) Organizations are wealthier these days
Answer: A
Q3) The Internet is relevant for information security because
A) It exposed computers to attacks from around the world
B) It caused one of the most significant Internet outages ever
C) It led to exploits from weakness is wireless networks
D) It caused falsification of financial records at publicly traded companies
Answer: A
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: System Administration
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70325
Sample Questions
Q1) Selecting one among many possible combinations of features of a system is called
A) User management
B) Access control
C) Installation
D) Configuration
Answer: D
Q2) A Linux distribution is
A) A collection of open source utilities and software packaged with the Linux OS
B) An older version of Linux
C) A specific version of Linux, focused on competing with Microsoft
D) The "official" version of Linux
Answer: A
Q3) The system security officer is the person responsible for
A) Day-to-day operation of a technology system
B) Writing , enforcing , and reviewing security-operating procedures
C) Developing new technology systems
D) Upgrading existing technology systems
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: System Administration 2
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70326
Sample Questions
Q1) The current folder is represented in Linux by A) /
B) .
C) ..
D) $
Answer: B
Q2) The command used to copy files in Unix/ Linus is
A) cp
B) copy
C) pwd
D) rm
Answer: A
Q3) An example of a relative path is
A) /temp.txt
B) /usr/temp.txt
C) ~/temp.txt
D) /home/joe/temp.txt
Answer: C
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: Basic Information Security Model
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70327
Sample Questions
Q1) Malware refers to
A) Programs that propagate through the network without a user's consent
B) Unauthorized prevention of access to resources
C) Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication
D) Code specifically designed to exploit a computer or data, without the user's consent
Q2) Zeus and Spyeye are examples of
A) Viruses
B) Vulnerabilities
C) IDEs to create new attacks
D) Systems to defend against attacks
Q3) Physical controls
A) Use non-technical methods of preventing harm
B) Are the security measures built into the information system itself
C) Perform malicious tasks at the direction of a remote controller
D) Manipulate people into performing desired actions
Q4) Vulnerabilities in IT systems can be eliminated through secure coding practices
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Asset Identification and Characterization
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70328
Sample Questions
Q1) In most organizations, the most important assets from the perspective of information security are
A) Hardware assets
B) Information assets
C) Software assets
D) Personnel assets
Q2) The parameters used to characterize assets are
A) Asset sensitivity and asset criticality
B) Asset confidentiality and asset restrictions
C) Restricted and unrestricted assets
D) Essential, required and deferrable assets
Q3) Checklist based approaches can be used to identify
A) Asset priorities
B) Idiosyncratic assets
C) General assets
D) Assets
To view all questions and flashcards with answers, click on the resource link above.
Page 7
Chapter 6: Threats and Vulnerabilities
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70329
Sample Questions
Q1) Threat models are
A) Capabilities, intentions and attack methods of adversaries
B) Interactions between relevant agents, actions
C) Individuals, organizations or groups that originate a particular threat action
D) Activist groups
Q2) Unapproved software can be a threat action because
A) The software may be exploited by hackers
B) Organizations do not like employees or users to pay for software
C) The software may take up hard disk space
D) The software may have been developed by a competitor
Q3) In the context of internal security, partners are
A) People external to the organization
B) People directly associated with the organization, often as employees
C) Third parties sharing a business relationship with the organization
D) All of the above
To view all questions and flashcards with answers, click on the resource link above.
8
Chapter 7: Encryption Controls
Available Study Resources on Quizplus for this Chatper
24 Verified Questions
24 Flashcards
Source URL: https://quizplus.com/quiz/70330
Sample Questions
Q1) Public key encryption techniques used in practice are based heavily on A) Division operations
B) Set operations
C) Extraction operations
D) Modulus operations
Q2) The most common technologies used for secure network communication are
A) VPN and SSL
B) AES and DES
C) PKI and RSA
D) Diffusion and confusion
Q3) The word Cipher is based on an Arabic word, cifr, that means
A) Sender
B) Secret
C) Nothing
D) Receiver
Q4) Block encryption uses both
A) Relational and Procedural operations
B) Substitution and permutation
C) Keys and hashes
D) Data and storage
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Identity and Access Management
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70331
Sample Questions
Q1) Identity enrichment involves
A) Locating all new and updated identities in the organization
B) Comparing each discovered identity to a master record of all individuals in the organization
C) Collecting data about each individual's relationship to the organization
D) Making decisions about granting users access to resources
Q2) Kerberos has been very useful in securing corporate desktop infrastructures
A)True
B)False
Q3) Authentication is
A) The process of proving that a user is the owner of the identity being used
B) A secret series of characters known only to the user
C) The use of minute differences in physical traits to prove identity
D) A protocol that allows nodes in an insecure network to securely identify themselves to each other using tokens
Q4) An individual's affiliation with the organization is called their
A) Access
B) Role
C) Account
D) Password
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Hardware and Software Controls
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70332
Sample Questions
Q1) Password guessing is
A) Passwords on the system known to unauthorized users
B) Acquiring passwords from storage, network transmission or user knowledge
C) Repeated attempts to authenticate using possible passwords
D) Generating character strings to match existing passwords
Q2) The merits of firewalls include all the following except
A) Costs
B) Complexity
C) Wide availability
D) Vulnerability to poor configuration
Q3) A firewall is
A) A list of permissions attached to specified objects
B) The process of defining, implementing, and maintaining password policies throughout an enterprise
C) A form of protection that allows one network to connect to another network while maintaining some amount of protection
D) Passwords on the system known to unauthorized users
Q4) PINs are useful in high security systems
A)True
B)False
11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Shell Scripting
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70333
Sample Questions
Q1) Shell scripts are used for
A) Serving as firewalls
B) Automating processes in operating systems
C) End-point protection
D) Detecting intrusions
Q2) Consider the following script. The output will be newlines replaced by spaces for brevity): #! /bin/bash for number in \(\{ 5 \ldots 1 \}\) do echo snumber done
A) 5 .. 1
B) 5 4 3 2 1
C) 1 2 3 4 5
D) 5 3 1
Q3) Environment variables are
A) Variables describing the user's access to the computer environment
B) Variables describing the local climate
C) Variables describing the state of the host system
D) Variables created automatically when a user starts a new terminal window
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Incident Handling
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70334
Sample Questions
Q1) According to the need-to-know principle of information management, information provided
A) Is limited to what is necessary to perform the job
B) Satisfies the information seeker's curiosity need-to-know
C) Is guided by state-mandated legal guidelines
D) Information is kept secret by default
Q2) The stages of incident handling include
A) Planning, detection, maintenance, retirement
B) Preparation, detection, containment, post-incident analysis
C) Planning, acquisition, deployment, post-incident analysis
D) Preparation, acquisition, deployment, post-incident analysis
Q3) The leader of the IRT is preferably
A) Someone from the senior leadership of the organization
B) A technically competent professional with high credibility within the organization
C) The functional leader of the business unit affected by the incident
D) The leader of the IT function within the organization
To view all questions and flashcards with answers, click on the resource link above.
13
Chapter 12: Incident Analysis
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70335
Sample Questions
Q1) Security administrators use logs to
A) Analyze security incidents
B) Ensure that the application is behaving as expected
C) Monitor disk space requirements of applications
D) Ensure optimum performance of the application
Q2) File timestamps are known as MAC timestamps, where MAC stands for
A) Medium access control
B) Modification, access, creation
C) Multiple account creation
D) Media, agent and creativity
Q3) Event criticality in Windows logs is indicated by labels including A) Urgent, notice
B) Notice, warning
C) Critical, urgent
D) Information, warning
Q4) Syslog facilities include all of the following except
A) auth
B) cron
C) kern
D) debug
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Policies, Standards and Guidelines
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70336
Sample Questions
Q1) The need for the policy is specified in the A) Scope
B) Statement
C) Overview
D) Enforcement
Q2) Security policies serve all the following functions except
A) Conveying organizational priorities
B) Obtaining managerial backing
C) Evading responsibility
D) Ensuring organizational consistency
Q3) From the perspective of information security, the Sarbanes-Oxley SOX act defines A) Requirements for financial institutions to protect the privacy of their customers' non-public, personal information
B) Protections for the privacy of student education records
C) The responsibilities of top executives of publicly traded companies for the accuracy and timeliness of financial data
D) Safeguards that covered entities must use to protect the confidentiality, integrity and availability of electronic protected health information
To view all questions and flashcards with answers, click on the resource link above.
15
Chapter 14: It Risk Analysis and Risk Management
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70337
Sample Questions
Q1) The management model that guides the ISO risk management methodology is
A) Toyota's Muda, Kaizen, Jidoka, Muri
B) Juran's planning, control, improvement
C) Shewart's mean, range, standard error
D) Deming's Plan-Do-Check-Act
Q2) A certain risk has a 1% likelihood of occurrence in the coming year. If the risk is observed, the organization estimates a loss of $1million. A second risk has a 15% likelihood of occurrence in the coming year. If the second risk is observed, the organization estimates a loss of $100,000. Comparing the two risks
A) Risk 2 is greater than risk 1
B) Risk 1 is greater than risk 2
C) Risk 2 is equal to risk 1
D) Risk 2 is negligible
Q3) Risk is
A) A quantified measure of the potential damage caused by a specified threat
B) Capabilities, intentions and attack methods of adversaries to cause harm to assets
C) Resource or information that is to be protected
D) Weaknesses in an information system that can lead to a compromise of an asset
To view all questions and flashcards with answers, click on the resource link above. Page 16