Question 1

_____ can be used to create strong passwords that are easy to remember.&#10;A) Mnemonics&#10;B) Passphrases&#10;C) Birthdates&#10;D) Numbers

Accepted Answer

Passphrases are a great way to create strong and memorable passwords. They consist of multiple words strung together, often unrelated, which makes them hard for hackers to crack but easy for the user to remember. Mnemonics can be helpful for remembering long and complex passwords, but they may not be as strong as passphrases. Birthdates and numbers are not recommended as they can be easily guessed or obtained through social engineering tactics.

Question 2

Whereas phishing attacks are ____ , denial of service attacks are ____.&#10;A) remote attacks requiring user action, remote attacks requiring no user action&#10;B) remote attacks requiring no user action, attacks by a programmer developing a system&#10;C) remote attacks requiring no user action, remote attacks requiring user action&#10;D) Distributed remote attacks requiring user action, attacks by a programmer developing a system

Accepted Answer

Phishing attacks are indeed remote attacks that require user action, such as clicking on a malicious link or providing personal information. On the other hand, denial of service (DoS) attacks are remote attacks that do not require user action, as they typically involve overwhelming a target with traffic to disrupt its services.

Question 3

Which of the following can be classified as unintentional threats to information systems caused by human errors?&#10;A) Selecting a weak password&#10;B) Revealing your password&#10;C) Leaking company data to others&#10;D) Both (a) and (b)&#10;E) None of the above

Accepted Answer

A

Question 4

An information system's ____ is the likelihood that the system or resource will be compromised by a ____ that will result in its ____ to further attacks.&#10;A) Vulnerability, threat, exposure&#10;B) Vulnerability, security, threat&#10;C) Threat, vulnerability, liability&#10;D) Threat, vulnerability, exposure

Accepted Answer

A system's vulnerability refers to its weaknesses or flaws that can be exploited by a potential attacker. A threat is an actor or event that can potentially exploit those vulnerabilities. Exposure refers to the extent to which the vulnerabilities of the system are visible and accessible to potential attackers. Therefore, the correct sequence of terms is vulnerability, threat, and exposure. The other answer choices do not accurately reflect this sequence.

Question 5

Implementing controls to prevent threats from occurring and developing a recovery plan should the threats occur are two broad functions of&#10;A) Risk mitigation.&#10;B) Risk acknowledgement.&#10;C) Risk acceptance.&#10;D) All of the above.

Accepted Answer

Implementing controls to prevent threats from occurring is a key function of risk mitigation. Developing a recovery plan should the threats occur is also part of risk mitigation, as it involves implementing measures to reduce the impact of a threat if it does occur. Risk acknowledgement and acceptance are not relevant to implementing controls to prevent threats or developing a recovery plan.

Question 6

Buying health insurance is an example of risk ____, whereas going without is an example of risk _____.&#10;A) transference, limitation&#10;B) transference, acceptance&#10;C) limitation, acceptance&#10;D) limitation, transference

Accepted Answer

Buying health insurance is an example of risk transference because it involves shifting the financial burden of potential medical expenses to the insurance company. Going without health insurance, on the other hand, is an example of risk acceptance because it involves accepting the financial consequences of any potential medical expenses.

Question 7

Backup and recovery procedures are recommended only to safeguard against hardware/software failures.

Accepted Answer

Backup and recovery procedures are not just recommended for hardware/software failures, but also for data loss, cyber attacks, natural disasters, and any other events that could result in the loss of critical data.

Question 8

Computer programs like CAPTCHA are used to counter&#10;A) Hackers using key loggers.&#10;B) Malware.&#10;C) Hackers using screen scrappers.&#10;D) Websites leaving cookies on the local machine.

Accepted Answer

The answer of Computer programs like CAPTCHA are used to...

Question 9

Making and distributing information goods to which you do not own the ___ is referred to as ____.&#10;A) copyright, piracy&#10;B) intellectual property, piracy&#10;C) copyright, appropriation&#10;D) intellectual property, theft

Accepted Answer

Making and distributing information goods to which you do not own the copyright is referred to as piracy. This involves unauthorized use or reproduction of someone else's work.

Question 10

Access controls consist of ____, which confirms user identity, and ____, which determines user access levels.&#10;A) access, privileges&#10;B) authorization, privileges&#10;C) authentication, authorization&#10;D) passwords, privileges

Accepted Answer

Authentication confirms user identity, while authorization determines user access levels. Therefore, the most appropriate answer is C. A is incorrect because "access" is not a specific access control. B is incorrect because "authorization" alone does not confirm user identity. D is incorrect because "passwords" alone do not determine user access levels.

Question 11

An unintentional attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information is known as:&#10;A) Trespass.&#10;B) Social engineering.&#10;C) Identity theft.&#10;D) Information extortion.

Accepted Answer

The answer of An unintentional attack in which the perpetrator...

Deck 4: Information Security and Controls