Question 1

A ____ attempts to protect internal systems from outside threats.&#10;A) security perimeter&#10;B) botnet&#10;C) risk management strategy&#10;D) buffer overflow

Accepted Answer

A security perimeter, also known as a network perimeter, is a boundary that surrounds the internal IT infrastructure of an organization. It is designed to prevent unauthorized access and protect the internal systems from outside threats such as hackers, malware, and other malicious activities. Therefore, option A is the correct answer. Botnet is a network of infected computers that can be used by hackers to launch attacks. Risk management strategy refers to the process of identifying, assessing, and controlling risks that may affect an organization. Buffer overflow is a type of software vulnerability that can be exploited by attackers to gain unauthorized access to a system.

Question 2

The ____ would typically NOT be a member of the security project team.&#10;A) CIO&#10;B) systems adminstrator&#10;C) CISO&#10;D) All of these could be a member of the security project team

Accepted Answer

All of these roles, including the Chief Information Officer (CIO), systems administrator, and Chief Information Security Officer (CISO), could be members of a security project team, as they each play crucial roles in an organization's information security.

Question 3

Acceptance is a viable solution only if the organization has evaluated the risk and determined that the implementation of additional controls or strategies is not justified, due to cost or other organizational issues.

Accepted Answer

Acceptance is a valid risk management strategy when the organization has determined that additional controls or strategies are not justified. This decision is often based on cost or other organizational issues, and acceptance allows the organization to proceed with the risk while being fully aware of the potential consequences. However, it is important to note that acceptance should only be used after a thorough evaluation of the risks involved.

Question 4

A virus that is embedded in the automatically executing scipts commonly found in word processors, spreadsheets, and database applications is called a ____.&#10;A) worm&#10;B) boot virus&#10;C) Trojan horse&#10;D) macro virus

Accepted Answer

A macro virus is a type of virus that is embedded in the automatically executing scripts commonly found in word processors, spreadsheets, and database applications. It has the ability to replicate itself within documents and spreadsheets, and spread to other computers through infected files. Worms replicate themselves and spread independently, while boot viruses infect the boot sector of a disk and Trojan horses disguise themselves as harmless programs.

Question 5

An individual who hacks the public telephone network to make free calls or disrupt services is called a ____.&#10;A) phreaker&#10;B) hactivist&#10;C) packet monkey&#10;D) cyberterrorist

Accepted Answer

A phreaker is an individual who hacks into the public telephone network to make free calls or disrupt services. Hactivist refers to a hacker who uses their skills for political or social activism. Packet monkey refers to someone who works with data packets and network protocols. Cyberterrorist is a more extreme term used for individuals who use hacking as a means of causing damage and harm on a larger scale.

Question 6

To make sound decisions about information security, management must be informed about the various threats facing the organization, its people, applications, data, and information systems.

Accepted Answer

Management needs to be informed about threats in order to make informed decisions about information security. Ignorance of threats can lead to poor decision-making and leave the organization vulnerable to attack.

Question 7

To achieve the maximum confidentiality and integrity found in a completely secure information system would require that the system not allow access (or availability) to anyone.

Accepted Answer

Maximum confidentiality and integrity can only be guaranteed if nobody has access to the system, which means that the system must not allow access or availability to anyone.

Question 8

According the to CSI/FBI Computer Crime and Security Survey, the most dominant type of attack for the last decade was ____.&#10;A) insider abuse&#10;B) denial of service&#10;C) physical loss (theft)&#10;D) malware infection

Accepted Answer

Malware infection has consistently been among the most dominant types of cyber attacks over the last decade, as it encompasses a wide range of malicious software designed to harm or exploit any programmable device, service, or network.

Question 9

The ____ is based on a model developed by the U.S.Committee on National Systems Security (CNSS).&#10;A) TVA worksheet&#10;B) C.I.A. triangle&#10;C) McCumber Cube&#10;D) man-in-the-middle attack

Accepted Answer

The McCumber Cube is a widely used approach for analyzing information security. It’s based on the model developed by the U.S. Committee on National Systems Security (CNSS). The TVA worksheet is a tool used to assign values to assets and calculate the overall risk to the system. The C.I.A. triangle stands for confidentiality, integrity, and availability, which are the three main objectives of any security program. A man-in-the-middle attack is an attack where the attacker intercepts communication between two parties.

Question 10

A(n) ____ is a weakness or fault in the mechanisms that are intended to protect information and information assets from attack or damage.&#10;A) threat&#10;B) exploit&#10;C) vulnerability&#10;D) risk

Accepted Answer

A vulnerability refers to a weakness or flaw in the security mechanisms put in place to protect information and information assets from potential harm. It creates the possibility for an attacker to exploit the system and gain unauthorized access to data. A threat, on the other hand, is any circumstance or event that has the potential to cause harm to the system, while an exploit refers to taking advantage of a vulnerability to gain access to a system or cause damage. A risk is the likelihood and impact of harm occurring due to a threat exploiting a vulnerability.

Question 11

End users are ____.&#10;A) not important to the security of an organization&#10;B) a part of the security project team&#10;C) all risk assessment specialists&#10;D) often considered data custodians

Accepted Answer

The answer of End users are ____.&#10;A) not important to...

Question 12

A(n) ____ attack is when a system is compromised and used to attack other systems.&#10;A) direct&#10;B) indirect&#10;C) object&#10;D) subject

Accepted Answer

The answer of A(n) ____ attack is when a system...

Question 13

A data ____ might be a specifically identified role or part of the duties of a systems administrator.&#10;A) owner&#10;B) custodian&#10;C) manager&#10;D) user

Accepted Answer

The answer of A data ____ might be a specifically...

Question 14

A(n) ____ is a category of object, person, or other entity that poses a potential risk of loss to an asset.&#10;A) risk&#10;B) exploit&#10;C) threat&#10;D) attack

Accepted Answer

The answer of A(n) ____ is a category of object,...

Question 15

Brute force attacks are often successful against systems that have adopted the usual security practices recommended by manufacturers.

Accepted Answer

The answer of Brute force attacks are often successful against...

Question 16

When a computer is the ____ of an attack, it is used as an active tool to conduct the attack.&#10;A) subject&#10;B) victim&#10;C) object&#10;D) direction

Accepted Answer

The answer of When a computer is the ____ of...

Question 17

A majority of organizations use information systems primarily to support their strategic planning.

Accepted Answer

The answer of A majority of organizations use information systems...

Question 18

____ means that information is free from mistakes or errors.&#10;A) Accuracy&#10;B) Availability&#10;C) Confidentiality&#10;D) Integrity

Accepted Answer

The answer of ____ means that information is free from...

Question 19

____ refers to multiple layers of security controls and safeguards is called.&#10;A) A DMZ&#10;B) A security perimeter&#10;C) Defense in depth&#10;D) Layered redundancy

Accepted Answer

The answer of ____ refers to multiple layers of security...

Question 20

The threat of ____ involves a malicious individual observing another's password by watching the victim while they are performing system login activities.&#10;A) packet monkeys&#10;B) intellectual property&#10;C) shoulder surfing&#10;D) script kiddies

Accepted Answer

The answer of The threat of ____ involves a malicious...

Question 21

Attempting to determine a password that is not known to the attacker is often called ____.&#10;A) brute force&#10;B) hacking&#10;C) cracking&#10;D) spamming

Accepted Answer

The answer of Attempting to determine a password that is...

Question 22

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Information remains whole, complete, and uncorrupted.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 23

____ is a technique used to gain unauthorized access to computers, wherein the attacker assumes or simulates an address that indicate to the victim that the messages are coming from the address of a trusted host.

A) Sniffing
B) Spoofing
C) Spamming
D) DDoS

Accepted Answer

The answer of ____ is a technique used to gain...

Question 24

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Component in a system that allows the attacker to access the system at will, bypassing standard login controls.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 25

____ attacks may involve individuals posing as new employees or as current employees desperately requesting assistance to avoid getting fired.&#10;A) Buffer overflow&#10;B) Cracking&#10;C) Social engineering&#10;D) Spoofing

Accepted Answer

The answer of ____ attacks may involve individuals posing as...

Question 26

The ____________________ is primarily responsible for advising the chief executive officer, president, or company owner on the strategic planning that affects the management of information in the organization.

Accepted Answer

The answer of The ____________________ is primarily responsible for advising...

Question 27

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Software programs that reveals its designed behavior only when activated.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 28

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Malicious program that replicates itself constantly.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 29

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Responsible for the storage, maintenance, and protection of the information.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 30

A(n) ____________________ is an application error that occurs when more data is sent to a buffer than it can handle.

Accepted Answer

The answer of A(n) ____________________ is an application error that...

Question 31

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Responsible for the security and use of a particular set of information.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 32

In a(n) ____________________ attack, the attacker monitors (or sniffs) packets from the network, modifies them using Internet Protocol spoofing techniques, and then inserts them back into the network.

Accepted Answer

The answer of In a(n) ____________________ attack, the attacker monitors...

Question 33

A prolonged increase in power is called a ____.&#10;A) spike&#10;B) surge&#10;C) sag&#10;D) fault

Accepted Answer

The answer of A prolonged increase in power is called...

Question 34

In a ____ attack, the attacker sends a large number of connection or information requests to a target in an attempt to overwhelm its capacity and make it unavailable for legitimate users.&#10;A) man-in-the-middle&#10;B) sniffer&#10;C) dictionary&#10;D) denial-of-service (DoS)

Accepted Answer

The answer of In a ____ attack, the attacker sends...

Question 35

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Information is free from mistakes or errors.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 36

An organization will often create a network security ____________________, which defines the boundary between the outer limit of an organization's security and the beginning of the outside network.

Accepted Answer

The answer of An organization will often create a network...

Question 37

A ____ is an e-mail attack in which the attacker routes large quantities of e-mail to the target system hoping to overwhelm the target with so much irrelevant email that legitimate email cannot be used.

A) spam attack
B) mail bomb
C) sniffer
D) cracker

Accepted Answer

The answer of A ____ is an e-mail attack in...

Question 38

The most common Intellectual Property breach is ____________________.

Accepted Answer

The answer of The most common Intellectual Property breach is...

Question 39

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Information is protected from disclosure or exposure to unauthorized individuals or systems.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 40

Match each item with a statement below.&#10;a.data custodian&#10;b.Trojan horse&#10;c.integrity&#10;d.back door&#10;e.balance&#10;f.worm&#10;g.accuracy&#10;h.data owner&#10;i.confidentiality&#10;Involves operating an information system that meets the high level of availability sought by system users as well as the confidentiality and integrity needs of system owners and security professionals

Accepted Answer

The answer of Match each item with a statement below.&#10;a.data...

Question 41

Describe the balance between information security and access.

Accepted Answer

The answer of Describe the balance between information security and...

Question 42

Provide an example of a social engineering attack.

Accepted Answer

The answer of Provide an example of a social engineering...

Question 43

What is the role of the chief information security officer (CISO)?

Accepted Answer

The answer of What is the role of the chief...

Question 44

What is defense in depth?

Accepted Answer

The answer of What is defense in depth?...

Question 45

Describe a dictionary attack.

Accepted Answer

The answer of Describe a dictionary attack....

Question 46

Describe the importance of enabling the safe operation of applications.

Accepted Answer

The answer of Describe the importance of enabling the safe...

Question 47

Describe the difference between direct and indirect attacks.

Accepted Answer

The answer of Describe the difference between direct and indirect...

Question 48

Describe characteristic of utility as it relates to information.

Accepted Answer

The answer of Describe characteristic of utility as it relates...

Question 49

What are the responsibilities of a data custodian?

Accepted Answer

The answer of What are the responsibilities of a data...

Question 50

What important organizational functions are performed by Information Security?

Accepted Answer

The answer of What important organizational functions are performed by...

Deck 1: Introduction to Information Security