Question 1

Hacker tools are becoming increasingly sophisticated and easier to use allowing hackers to outsmart the countermeasures used by companies to protect themselves.

Accepted Answer

This statement reflects the current reality of cybersecurity. As technology evolves and becomes more advanced, so do the tools and techniques used by hackers. Many of these tools are now available on the dark web, making it easier for attackers to gain access to them. This has made it extremely challenging for companies to keep up with the evolving threat landscape and defend against these attacks.

Question 2

A common profile of an insider criminal is a poor performance review.

Accepted Answer

Insider criminals often do not fit a single profile and can include individuals with various performance levels, including those with good performance reviews. Poor performance is not a reliable indicator of insider threat risk.

Question 3

The trend in computer security is toward policy-based management.

Accepted Answer

Policy-based management allows for more efficient and effective security measures by implementing rules and guidelines for access, permissions, and other security protocols. This approach is becoming increasingly popular as it helps organizations better manage and protect their IT systems and data.

Question 4

Identification services can prove that someone was the actual sender of a message.

Accepted Answer

The answer of Identification services can prove that someone was...

Question 5

A malicious program can be housed inside an innocent program that appears to be helpful.

Accepted Answer

This technique is known as "Trojan horse" in which a malicious program is hidden inside a seemingly harmless program. When the innocent program is executed, the Trojan horse is activated and can cause damage to the system.

Question 6

The overarching goal of information security is to ensure data integrity, availability,&#10;and confidentiality.

Accepted Answer

The statement is true. Data integrity, availability, and confidentiality are the three pillars of information security. The primary objective of information security is to protect the organization's sensitive or valuable data and ensure that it is secure from unauthorized access, modification, or theft. Data integrity ensures that data is complete, accurate, and consistent, availability guarantees that data is accessible when needed, and confidentiality protects the data from unauthorized access or disclosure.

Question 7

Virtual Private Networks are hardware or software that controls access between networks.

Accepted Answer

Virtual Private Networks (VPNs) are primarily software-based technologies used to secure internet connections and protect online privacy by creating a private network from a public internet connection. They do not control access between networks but rather encrypt and secure data transfers over the internet.

Question 8

All business executives need to understand threats and countermeasures and continually fund security work to protect their businesses.

Accepted Answer

As cyber threats continue to evolve, it is important for all business executives to understand the risks and potential impact on their business. In order to protect their assets, they need to fund security work and implement countermeasures to prevent cyber attacks.

Question 9

Mobile computing and telecommuting actually decrease the possibility for cybercrime because the greater number of network openings provides more opportunities for law enforcement.

Accepted Answer

This statement is false. Mobile computing and telecommuting may actually increase the possibility for cybercrime as these technologies can create new vulnerabilities and increase the attack surface for cybercriminals. Additionally, the remote nature of these technologies can make it more difficult for law enforcement to investigate and prevent cybercrime.

Question 10

Authentication is a means of providing proof of data transmission or receipt so that the occurrence of a transaction cannot later be refused.

Accepted Answer

Authentication is a process used to verify the identity of a user or entity, ensuring that they are who they claim to be, rather than providing proof of data transmission or receipt.

Question 11

The Internet does not have intrinsic security protocols.

Accepted Answer

The answer of The Internet does not have intrinsic security...

Question 12

Tunneling creates a temporary connection between to remote computer which blocks access to anyone trying to intercept messages sent over that link.

Accepted Answer

The answer of Tunneling creates a temporary connection between to...

Question 13

The most expensive cybercrime are computer viruses.

Accepted Answer

The answer of The most expensive cybercrime are computer viruses....

Question 14

Nonrepudiation is moving toward application-level security, requiring authentication for each application a user wants to access.

Accepted Answer

The answer of Nonrepudiation is moving toward application-level security, requiring...

Question 15

For digital signatures to work, a trusted third party must issue the keys to individuals and firms.

Accepted Answer

The answer of For digital signatures to work, a trusted...

Question 16

A certificate is a mechanism to verify an identity on a computer system over a computer network.

Accepted Answer

The answer of A certificate is a mechanism to verify...

Question 17

Vein-viewing technology can be used to replace signatures, keys, and passwords.

Accepted Answer

The answer of Vein-viewing technology can be used to replace...

Question 18

Managing security refers to a comprehensive set of activities that develop, implement, direct, and monitor the organization's security strategy and activities.

Accepted Answer

The answer of Managing security refers to a comprehensive set...

Question 19

Computer attacks by insiders can be among the most expensive and most damaging security treats.

Accepted Answer

The answer of Computer attacks by insiders can be among...

Question 20

Biometrics are the most widely used security technology.

Accepted Answer

The answer of Biometrics are the most widely used security...

Question 21

Which of the following areas are considered important to maintaining a safe computing environment?&#10;A) Egress security&#10;B) Facility security&#10;C) Network security&#10;D) All of the above

Accepted Answer

The answer of Which of the following areas are considered...

Question 22

To protect against hacking, companies install ______ which controls access between networks.&#10;A) Virtual Private Networks&#10;B) Encryption&#10;C) firewalls&#10;D) Intrusion detection&#10;E) None of the above

Accepted Answer

The answer of To protect against hacking, companies install ______...

Question 23

Security is often thought by many to be a(n):&#10;A) business problem.&#10;B) staff problem.&#10;C) IT problem.&#10;D) technological problem.

Accepted Answer

The answer of Security is often thought by many to...

Question 24

________ remain the source of the largest financial losses.&#10;A) Virus attacks&#10;B) Denial of service attacks&#10;C) Trojan horse attacks&#10;D) Application vulnerabilities

Accepted Answer

The answer of ________ remain the source of the largest...

Question 25

An estimation by the Computer Security Institute suggests that losses caused by insider attacks account for between________ percent of the entire organization's losses related to computer crimes.&#10;A) 10 and 20&#10;B) 30 and 50&#10;C) 40 and 60&#10;D) 20 and 80

Accepted Answer

The answer of An estimation by the Computer Security Institute...

Question 26

Which of the following hacker tricks involves placing oneself between two communicating parties and either substituting one's own information in place of one of the parties' information or denying one party access to a session?

A) Man-in-the-middle
B) Denial of service
C) Trojan horse
D) Network sniffing

Accepted Answer

The answer of Which of the following hacker tricks involves...

Question 27

To protect against spoofing, firms need a way to:&#10;A) authenticate the identity of an individual.&#10;B) repudiate the identity of an individual.&#10;C) dispute the identity of an individual.&#10;D) All of the above

Accepted Answer

The answer of To protect against spoofing, firms need a...

Question 28

The security technique that prevents parties from denying actions they have taken is known as:&#10;A) Authentication&#10;B) Nonrepudiation&#10;C) Identification&#10;D) Indemnification&#10;E) None of the above

Accepted Answer

The answer of The security technique that prevents parties from...

Question 29

Which of the following hacker tricks involves placing oneself between two communicating parties and either substituting one's own information in place of one of the parties' information or denying one party access to a session?

A) Man-in-the-middle
B) Denial of service
C) Trojan horse
D) Network sniffing

Accepted Answer

The answer of Which of the following hacker tricks involves...

Question 30

The most common public key encryption method is:&#10;A) RSA&#10;B) DES&#10;C) AES&#10;D) SSL

Accepted Answer

The answer of The most common public key encryption method...

Question 31

The security technique used to protect systems against sniffing is called:&#10;A) Virtual Private Networks&#10;B) Encryption&#10;C) firewalls&#10;D) Intrusion detection&#10;E) None of the above

Accepted Answer

The answer of The security technique used to protect systems...

Question 32

The core challenge of security management is:&#10;A) finding the right balance between shielding the organization's main assets from potential harm.&#10;B) finding the right balance between shielding the organization's main processes from potential harm.&#10;C) enabling staff to do their jobs.&#10;D) All of the above

Accepted Answer

The answer of The core challenge of security management is:&#10;A)...

Question 33

Business continuity is a(n):&#10;A) business issue.&#10;B) IT issue.&#10;C) disaster recovery issue&#10;D) All of the above

Accepted Answer

The answer of Business continuity is a(n):&#10;A) business issue.&#10;B) IT...

Question 34

Which of the following hacker tricks involves placing oneself between two communicating parties and either substituting one's own information in place of one of the parties' information or denying one party access to a session?

A) Man-in-the-middle
B) Denial of service
C) Trojan horse
D) Network sniffing

Accepted Answer

The answer of Which of the following hacker tricks involves...

Question 35

The security technique that protects information from being seen is known as:&#10;A) Authentication&#10;B) Nonrepudiation&#10;C) Identification&#10;D) Indemnification&#10;E) None of the above

Accepted Answer

The answer of The security technique that protects information from...

Question 36

A common credit card fraud is called:&#10;A) application fraud.&#10;B) network fraud.&#10;C) impersonation.&#10;D) None of the above

Accepted Answer

The answer of A common credit card fraud is called:&#10;A)...

Question 37

The top security concern among all organizations is:&#10;A) computer viruses.&#10;B) identity theft.&#10;C) data theft.&#10;D) password breachs.

Accepted Answer

The answer of The top security concern among all organizations...

Question 38

Which of the following strategies involves creating a culture for enforcing IT security?&#10;A) Creating and communicating an enterprise software security framework.&#10;B) Knowledge management training.&#10;C) Assuring internal security policy and external regulator compliance.&#10;D) Governance in the design and implementation process of system development or maintenance.

Accepted Answer

The answer of Which of the following strategies involves creating...

Question 39

Memory management, access to I/O devices, file management, and hardware configuration are all examples of:&#10;A) Application security&#10;B) Operating systems security&#10;C) Network security&#10;D) Middleware and Web services security&#10;E) None of the above

Accepted Answer

The answer of Memory management, access to I/O devices, file...

Question 40

Defining security policies and then centrally managing and enforcing those policies via security management products and services is known as:&#10;A) intrusion-based management.&#10;B) policy-based management.&#10;C) incident-based management.&#10;D) None of the above

Accepted Answer

The answer of Defining security policies and then centrally managing...

Question 41

List five steps that can be taken to protect from credit card fraud.

Accepted Answer

The answer of List five steps that can be taken...

Question 42

Describe a VPN and how a VPN can be used for secure organizational communications.

Accepted Answer

The answer of Describe a VPN and how a VPN...

Question 43

List five areas exposed to threats and vulnerabilities where security must be applied.

Accepted Answer

The answer of List five areas exposed to threats and...

Question 44

List three requirements noted by Tucker associated with business continuity.

Accepted Answer

The answer of List three requirements noted by Tucker associated...

Question 45

Name five types of security threats.

Accepted Answer

The answer of Name five types of security threats....

Question 46

Describe the management/business issues around both business continuity and IT disaster recovery.

Accepted Answer

The answer of Describe the management/business issues around both business...

Question 47

List five fundamental pillars that make up all security countermeasures and techniques.

Accepted Answer

The answer of List five fundamental pillars that make up...

Question 48

What is a digital certificate?

Accepted Answer

The answer of What is a digital certificate?...

Question 49

List four common profiles of an &#34;insider&#34; criminal.

Accepted Answer

The answer of List four common profiles of an &#34;insider&#34;...

Question 50

Describe three steps required for an organization to develop and information-centric security strategy.

Accepted Answer

The answer of Describe three steps required for an organization...

Deck 11: Managing Information Security