Question 1

A(n)____ is a category of objects,persons,or other entities that pose a potential risk of loss to an asset.&#10;A)payload&#10;B)intellectual property&#10;C)Trojan horse&#10;D)threat

Accepted Answer

A threat is a potential danger or risk that could result in harm to an asset. This can include anything that could cause damage, loss, theft, or other negative consequences to a person, organization, or system. Examples of threats include hackers, malware, natural disasters, and human error. Identifying and evaluating threats is a key part of risk management and cybersecurity planning.

Question 2

The ____ has been the industry standard for computer security since the development of the mainframe.&#10;A)disaster recovery plan&#10;B)C.I.A.triangle&#10;C)strategic plan&#10;D)asset classification

Accepted Answer

The C.I.A. (Confidentiality, Integrity, Availability) triangle has been the industry standard for computer security since the development of the mainframe. It represents the three main areas of concern in computer security and helps guide the development of security strategies and measures. Disaster recovery plans, strategic plans, and asset classification are related but distinct concepts in computer security.

Question 3

____ is the control approach that attempts to shift the risk to other assets,other processes,or other organizations.&#10;A)Transference&#10;B)Mitigation&#10;C)Acceptance&#10;D)Avoidance

Accepted Answer

Transference is a control approach that attempts to shift the risk to other assets, processes, or organizations. This can be achieved through insurance policies, outsourcing, or contracts that transfer the risk to another party. Mitigation involves reducing the impact and likelihood of a risk, while acceptance acknowledges the risk but chooses not to take any action. Avoidance involves eliminating the risk altogether by avoiding the activity or asset that poses the risk. In this context, transference is the best choice for addressing the risk by transferring it to another party who is better equipped to handle it.

Question 4

____ ensures that only those with the rights and privileges to access information are able to do so.&#10;A)Confidentiality&#10;B)Availability&#10;C)Integrity&#10;D)Risk assessment

Accepted Answer

Confidentiality refers to the protection of sensitive data from unauthorized access, use, or disclosure. It ensures that only those with the proper permissions are able to view, modify, or access sensitive information. The other options, availability, integrity, and risk assessment, are important aspects of information security as well but do not directly relate to controlling access to information.

Question 5

An asset can be logical,such as a Web site,information,or data;or an asset can be physical,such as a person,computer system,or other tangible object.

Accepted Answer

This statement is true. Assets can be either logical or physical.

Question 6

A ____ attack seeks to deny legitimate users access to services by either tying up a server's available resources or causing it to shut down.&#10;A)Trojan horse&#10;B)DoS&#10;C)social engineering&#10;D)spyware

Accepted Answer

A Denial-of-Service (DoS) attack is intended to prevent legitimate users from accessing a service. These attacks can target various services, including web servers, email servers, and even phone services. The attacker seeks to either tie up a server's resources or cause it to crash or shut down entirely, thus rendering the service unavailable to legitimate users.

Question 7

____ enables authorized users - persons or computer systems - to access information without interference or obstruction,and to receive it in the required format.&#10;A)Integrity&#10;B)Availability&#10;C)Confidentiality&#10;D)Risk assessment

Accepted Answer

Availability refers to authorized users being able to access information without interference or obstruction, and receive it in the required format. Integrity refers to ensuring that information is not tampered with or altered. Confidentiality refers to ensuring that information is kept private and not disclosed to unauthorized parties. Risk assessment is a process used to identify, analyze, and evaluate risks to an organization's information and systems.

Question 8

A(n)____ is prepared by the organization to anticipate,react to,and recover from events that threaten the security of information and information assets in the organization,and,subsequently,to restore the organization to normal modes of business operations.

A)threat
B)social plan
C)contingency plan
D)asset

Accepted Answer

A contingency plan is specifically designed to address potential threats to information security and outlines how the organization will react and recover from these incidents. It includes a plan for restoring normal business operations as quickly and efficiently as possible. A threat is a potential danger or risk to information security. A social plan is a plan for managing social media accounts or interactions. An asset is something of value to the organization, including information and information systems.

Question 9

An information security policy provides rules for the protection of the information assets of the organization.

Accepted Answer

An information security policy is a formal document that outlines an organization's rules, guidelines, and responsibilities to protect its information assets from unauthorized access, use, disclosure, modification or destruction. It provides a framework to prevent, detect, and respond to security incidents. Thus, the given statement is true.

Question 10

____ hack systems to conduct terrorist activities through network or Internet pathways.&#10;A)Cyberterrorists&#10;B)Script kiddies&#10;C)Programmers&#10;D)Social engineers

Accepted Answer

Cyberterrorists specifically use hacking techniques to carry out acts of terror through digital means, while script kiddies, programmers, and social engineers may use hacking techniques for other purposes such as personal gain or espionage.

Question 11

____ is the process of examining and documenting the security posture of an organization's information technology and the risks it faces.&#10;A)Risk identification&#10;B)Data classification&#10;C)Security clearance&#10;D)DR

Accepted Answer

The answer of ____ is the process of examining and...

Question 12

____ of risk is the choice to do nothing to protect a vulnerability,and to accept the outcome of its exploitation.&#10;A)Inheritance&#10;B)Acceptance&#10;C)Avoidance&#10;D)Mitigation

Accepted Answer

The answer of ____ of risk is the choice to...

Question 13

IRP focuses more on preparations completed before and actions taken after the incident,whereas DRP focuses on intelligence gathering,information analysis,coordinated decision making,and urgent,concrete actions.

Accepted Answer

The answer of IRP focuses more on preparations completed before...

Question 14

The vision of an organization is a written statement of an organization's purpose.

Accepted Answer

The answer of The vision of an organization is a...

Question 15

____ is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.&#10;A)Avoidance&#10;B)Transference&#10;C)Acceptance&#10;D)Mitigation

Accepted Answer

The answer of ____ is the control approach that attempts...

Question 16

____ is defined as &#34;the ownership of ideas and control over the tangible or virtual representation of those ideas&#34;.&#10;A)Avoidance&#10;B)Trojan horse&#10;C)Malware&#10;D)Intellectual property

Accepted Answer

The answer of ____ is defined as &#34;the ownership of...

Question 17

____ assigns a risk rating or score to each information asset.While this number does not mean anything in absolute terms,it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.

A)BC
B)Risk assessment
C)DR
D)Avoidance

Accepted Answer

The answer of ____ assigns a risk rating or score...

Question 18

____ is the risk control strategy that attempts to prevent the exploitation of the vulnerability.&#10;A)Acceptance&#10;B)Transference&#10;C)Avoidance&#10;D)Mitigation

Accepted Answer

The answer of ____ is the risk control strategy that...

Question 19

Once intellectual property (IP)has been defined and properly identified,breaches in the controls that have been placed around the IP constitute a threat to the security of this information.

Accepted Answer

The answer of Once intellectual property (IP)has been defined and...

Question 20

The threat of corruption can occur while information is being stored or transmitted.____ is the prevention of that corruption.&#10;A)Risk assessment&#10;B)Availability&#10;C)Integrity&#10;D)Confidentiality

Accepted Answer

The answer of The threat of corruption can occur while...

Question 21

A(n)____ is a plan or course of action used by an organization to convey instructions from its senior-most management to those who make decisions,take actions,and perform other duties on behalf of the organization.

A)policy
B)assessment
C)asset
D)residual risk

Accepted Answer

The answer of A(n)____ is a plan or course of...

Question 22

Match each statement with an item below.

-The risk that remains to the information asset even after the existing control has been applied.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -The...

Question 23

Match each statement with an item below.

-The probability that a specific vulnerability within an organization will be successfully attacked.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -The...

Question 24

Match each statement with an item below.

-Segments of code that perform malicious actions.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -Segments...

Question 25

Information has the characteristic of ____________________ when disclosure or exposure to unauthorized individuals or systems is prevented.

Accepted Answer

The answer of Information has the characteristic of ____________________ when...

Question 26

Match each statement with an item below.

-A person who uses and creates computer software to gain access to information illegally.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -A...

Question 27

Match each statement with an item below.

-Something that looks like a desirable program or tool,but that is in fact a malicious entity.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -Something...

Question 28

____________________ is the process of applying controls to reduce the risks to an organization's data and information systems.

Accepted Answer

The answer of ____________________ is the process of applying controls...

Question 29

A(n)____ is an investigation and assessment of the impact that various attacks can have on the organization.&#10;A)BIA&#10;B)intellectual property&#10;C)incident&#10;D)threat

Accepted Answer

The answer of A(n)____ is an investigation and assessment of...

Question 30

____________________ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality,integrity,and availability of all the components in the organization's information system.

Accepted Answer

The answer of ____________________ is the process of identifying vulnerabilities...

Question 31

____ is the process of moving the organization toward its vision.&#10;A)Transference&#10;B)Avoidance&#10;C)Strategic planning&#10;D)Mitigation

Accepted Answer

The answer of ____ is the process of moving the...

Question 32

A ____ deals with the preparation for and recovery from a disaster,whether natural or man-made.&#10;A)mitigation plan&#10;B)disaster recovery plan&#10;C)risk management&#10;D)risk assessment

Accepted Answer

The answer of A ____ deals with the preparation for...

Question 33

A(n)____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality,integrity,or availability.&#10;A)threat&#10;B)Trojan horse&#10;C)worm&#10;D)incident

Accepted Answer

The answer of A(n)____ is any clearly identified attack on...

Question 34

Match each statement with an item below.

-Detailed statements of what must be done to comply with policy.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -Detailed...

Question 35

For the purpose of relative risk assessment,____________________ equals likelihood of vulnerability occurrence times value (or impact)minus percentage risk already controlled plus an element of uncertainty.

Accepted Answer

The answer of For the purpose of relative risk assessment,____________________...

Question 36

Match each statement with an item below.

-The process used to identify and then control risks to an organization's information assets.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -The...

Question 37

Match each statement with an item below.

-A specific and identifiable instance of a general threat.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -A...

Question 38

Match each statement with an item below.

-A specific and identifiable instance of a general threat.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Accepted Answer

The answer of Match each statement with an item below. -Includes...

Question 39

____________________ is defined by the Committee on National Security Systems (CNSS)as the protection of information and its critical elements,including the systems and hardware that use,store,and transmit that information.

Accepted Answer

The answer of ____________________ is defined by the Committee on...

Question 40

A ____ is a document that expresses how an organization ensures that critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site if a catastrophic incident or disaster occurs.

A)risk assessment plan
B)business continuity plan
C)Trojan horse
D)worm

Accepted Answer

The answer of A ____ is a document that expresses...

Question 41

Once the project team for information security development creates a ranked vulnerability worksheet,the team must choose one of four basic strategies to control each of the risks that result from these vulnerabilities.List the four strategies.

Accepted Answer

The answer of Once the project team for information security...

Question 42

What is the difference between a disaster recovery plan and a business continuity plan?

Accepted Answer

The answer of What is the difference between a disaster...

Question 43

What are some of the criteria to be considered when conducting an information asset valuation?

Accepted Answer

The answer of What are some of the criteria to...

Question 44

What is difference between access control lists and configuration rules?

Accepted Answer

The answer of What is difference between access control lists...

Question 45

What is a polymorphic threat?

Accepted Answer

The answer of What is a polymorphic threat?...

Question 46

What are some of the key elements that a security policy should have in order to remain viable?

Accepted Answer

The answer of What are some of the key elements...

Question 47

What are the subordinate functions of contingency planning?

Accepted Answer

The answer of What are the subordinate functions of contingency...

Question 48

What are the steps in contingency planning?

Accepted Answer

The answer of What are the steps in contingency planning?...

Question 49

What is the difference between avoidance of risk and acceptance of risk?

Accepted Answer

The answer of What is the difference between avoidance of...

Question 50

What is the difference between transference and mitigation?

Accepted Answer

The answer of What is the difference between transference and...

Deck 1: Contingency Planning Within Information Security