1. John works in the accounting department but travels to other company locations. He must present the past quarter’s figures to the chief executive officer (CEO) in the morning. He forgot to update the PowerPoint presentation on his desktop computer at the main office. What is at issue here?
   1. Unauthorized access to the system
   2. Integrity of the data
   3. Availability of the data
   4. Nonrepudiation of the data
   5. Unauthorized use of the system
2. Governance is the practice of ensuring an entity is in conformance to policies, regulations, ________, and procedures.
3. COBIT is a widely accepted international best practices policy framework.
   1. True
   2. False
4. Which of the following are generally accepted as IA tenets but not ISS tenets? (Select two.)
   1. Confidentiality
   2. Integrity
   3. Availability
   4. Authentication
   5. Nonrepudiation
5. Greg has developed a document on how to operate and back up the new financial section’s storage area network. In it, he lists the steps required for powering up and down the system as well as configuring the backup tape unit. Greg has written a ________.
6. When should a wireless security policy be initially written?
   1. When the industry publishes new wireless standards
   2. When a vendor presents wireless solutions to the business
   3. When the next generation of wireless technology is launched
   4. After a company decides to implement wireless and before it is installed
7. A toy company is giving its website a much-needed facelift. The new website is ready to be deployed. It’s late October, and the company wants to have the site ready for the holiday rush. The year-end holiday season accounts for 80 percent of its annual revenue. What process would be of particular importance to the toy company at this time?
   1. Continuous improvement
   2. Business process reengineering
   3. Change management
   4. Information security system life cycle
8. Implementation and enforcement of policies is a challenge. The biggest hindrance to implementation of policies is the ________ factor.
9. Information systems security policies should support business operations. These policies focus on providing consistent protection of information in the system. This happens by controlling multiple aspects of the information system that directly or indirectly affect normal operations at some point. Although there are many different benefits to supporting operations, some are more prevalent than others. Which of the following are aspects of ISS policies that extend to support business operations?
   1. Controlling change to the IT infrastructure
   2. Protecting data at rest and in transit
   3. Protecting systems from the insider threat
   4. B and C only
   5. A, B, and C
10. Trina is an administrator in the server backup area. She is reviewing the contract for the offsite storage facility for validity. This contract includes topics such as the amount of storage space required, the pickup and delivery of media, response times during an outage, and security of media within the facility. This contract is an example of information security.
    1. True
    2. False
11. A weakness is found in a system’s configuration that could expose client data to unauthorized users. Which of the following best describes the problem?
    1. A new threat was discovered.
    2. A new vulnerability was discovered.
    3. A new risk was discovered.
    4. A and B
    5. B and C
    6. A, B, and C

1. Fadilpašić, Sead, “DDoS Attacks Are Getting Even Larger,” ITProPortal, September 13, 2018, https://www.itproportal.com/news/ddos-attacks-are-getting-even-larger/, accessed April 14, 2020.

2. Help Net Security, “Average DDoS Attack Sizes Decrease 85% Due to FBI’s Shutdown of DDoS-for-Hire Websites,” March 21, 2019, https://www.helpnetsecurity.com/2019/03/21/average-ddos-attack-sizes-decrease/, accessed April 14, 2020.