Question 1

Which of the following factors contributes to the increasing vulnerability of organizational information resources?&#10;A) Today's interconnected, interdependent, wirelessly networked business environment&#10;B) Smaller, faster, cheaper computers and storage devices&#10;C) Decreasing skills necessary to be a computer hacker&#10;D) All of these options

Accepted Answer

All of these factors contribute to the increasing vulnerability of organizational information resources. Today's interconnected, interdependent, wirelessly networked business environment means that there are more entry points for hackers to exploit. Smaller, faster, cheaper computers and storage devices mean that it is easier for employees to steal and transport sensitive information. Decreasing skills necessary to be a computer hacker means that more people may have the ability to hack into systems, even without extensive technical knowledge.

Question 2

Which if the following is NOT a common risk mitigation strategy?&#10;A) Risk analysis&#10;B) Risk limitation&#10;C) Risk acceptance&#10;D) Risk transference

Accepted Answer

Risk analysis is a process used to identify and assess factors that may jeopardize the success of a project or achieving a goal. It is not a mitigation strategy but rather a step in identifying and understanding risks before deciding on mitigation strategies such as limitation, acceptance, or transference.

Question 3

The three major types of information security controls are:&#10;A) access controls, physical controls, and communication controls.&#10;B) risk controls, software controls, and access controls.&#10;C) risk controls, application controls, and communication controls.&#10;D) physical controls, biometric controls, and anti-malware controls.

Accepted Answer

The three major types of information security controls are access controls, physical controls, and communication controls. These controls are used to protect the confidentiality, integrity, and availability of information. Access controls restrict access to sensitive information and systems, physical controls protect against physical threats, and communication controls protect against unauthorized access or modification to data in transit.

Question 4

The purpose of risk management is to _____.&#10;A) train employees to follow security procedures to prevent potential software attacks&#10;B) save money by not getting involved in expensive investigations to try to find the attacker that may not be successful&#10;C) reduce risk to an acceptable level&#10;D) eliminate risks at all costs

Accepted Answer

The purpose of risk management is to reduce risk to an acceptable level. It does not aim to eliminate all risks at all costs as that would be impractical and may hinder business operations. Risk management involves identifying potential risks, assessing their likelihood and potential impact, and taking steps to mitigate them. It is a proactive approach to reduce the potential negative consequences of risks. Training employees to follow security procedures is part of risk mitigation, but it is not the overall purpose of risk management. Saving money by avoiding investigations is not a recommended approach as it may lead to further vulnerabilities and potential attacks in the future.

Question 5

The lower the level of employee, the greater the threat he or she poses to information security.

Accepted Answer

This statement is false. The level of threat posed by an employee to information security depends on many factors such as their job responsibilities, access to sensitive data, and level of training or awareness. Higher level employees may have more access to critical information and systems and may be targeted by hackers or have more opportunities to abuse their privileges. However, any employee at any level can pose a threat if they engage in negligent or malicious behavior, such as sharing passwords or downloading malware.

Question 6

Unintentional threats to information systems include all of the following except:&#10;A) discarding old computer hardware without completely wiping the memory.&#10;B) choosing and using strong passwords.&#10;C) accidentally losing or misplacing a company's laptop.&#10;D) opening e-mails from someone unknown.

Accepted Answer

Option B, "choosing and using strong passwords," is not an unintentional form of threat to information systems. The other options listed represent actions that can be unintentional yet pose a threat to the security of an organization's information systems.

Question 7

An information resource's vulnerability is _____.&#10;A) any danger to an information resource&#10;B) the potential loss or damage to an information resource&#10;C) the possibility that the system will be harmed by a threat&#10;D) the processes designed to protect an organization's information systems

Accepted Answer

Vulnerability in an information resource refers to the possibility or likelihood that the system could be harmed by a threat, not the threat itself or the processes designed to protect against such threats.

Question 8

Which of the following types of remote software attack does not require user action?&#10;A) Virus&#10;B) Worm&#10;C) Phishing attack&#10;D) Denial-of-service attack

Accepted Answer

The answer of Which of the following types of remote...

Question 9

Which of the following is NOT a social engineering technique?&#10;A) Tailgating&#10;B) Shoulder surfing&#10;C) Careless Internet surfing&#10;D) Attacker posing as an exterminator

Accepted Answer

Careless Internet surfing is not a social engineering technique. It refers to the act of browsing the internet without being cautious about potential online threats such as malware, phishing, and malicious websites. Tailgating, shoulder surfing, and attacker posing as an exterminator are all social engineering techniques commonly used by attackers to gain unauthorized access to restricted areas or sensitive information.

Question 10

Information security controls designed by a company can protect data, software, and hardware, but they cannot protect networks as the Internet is not under the control of the company.

Accepted Answer

Information security controls can protect networks as well by implementing measures such as firewalls, encryption, intrusion detection systems, and secure access protocols to safeguard data as it travels across the network, including the Internet.

Question 11

Which of the following is a remote software attack from outside the system that requires a user inside the system to take some type of action?&#10;A) The attacker has a back door into the system with a password created by a programmer and known only to him or her.&#10;B) A computer programmer hides a Trojan horse in a program that will activate at a later time.&#10;C) A worm is attached to a regular program that performs the malicious actions when a file or link is opened.&#10;D) The attacker uses zombies or bots from many computers to request information from the company's computer.

Accepted Answer

The answer of Which of the following is a remote...

Question 12

Organizational employees are a weak link in information security.

Accepted Answer

The answer of Organizational employees are a weak link in...

Question 13

A threat is _____.&#10;A) any danger to which an information resource may be exposed&#10;B) the potential loss or damage to an information resource&#10;C) the possibility that an information resource will be lost or damaged&#10;D) the processes designed to protect an organization's information systems

Accepted Answer

The answer of A threat is _____.&#10;A) any danger to...

Question 14

Which of the following would be an example of a SCADA attack?&#10;A) Bank accounts are hacked post purchases on the Internet.&#10;B) Social security numbers are deleted from a company's database.&#10;C) Computer viruses are introduced into the electrical company's systems resulting in a shutdown of the company's power plant.&#10;D) E-mail accounts are hacked and kinky messages are sent to all of the user's contacts.

Accepted Answer

The answer of Which of the following would be an...

Question 15

Protecting an organization's information is becoming increasingly difficult due to the number of small devices, such as flash drives, that thieves can use to steal data.

Accepted Answer

The answer of Protecting an organization's information is becoming increasingly...

Question 16

Which of the following statements about information technology (IT) is accurate?&#10;A) IT benefits only organizations and not individuals.&#10;B) IT cannot be misused.&#10;C) IT has made businesses more efficient and responsive to consumers.&#10;D) IT is not important to small businesses.

Accepted Answer

The answer of Which of the following statements about information...

Question 17

_____ drafted several players who were instrumental to the Cardinals victory in the 2011 World Series.&#10;A) Pete Dunn&#10;B) Shodan Redbird&#10;C) Jeff Luhnow&#10;D) Greg Moore

Accepted Answer

The answer of _____ drafted several players who were instrumental...

Question 18

In the context of protecting information resources, it is easy to conduct a cost-benefit justification for controls before an attack occurs because it is easy to assess the impact of a hypothetical attack.

Accepted Answer

The answer of In the context of protecting information resources,...

Question 19

Which of the following employees typically pose the most significant threat to information security?&#10;A) Janitors&#10;B) Contract labor&#10;C) Consultants&#10;D) Human resources employees

Accepted Answer

The answer of Which of the following employees typically pose...

Question 20

All remote software attacks require user action.

Accepted Answer

The answer of All remote software attacks require user action....

Question 21

Communications controls consist of _____.&#10;A) authentication, passwords, and authorization&#10;B) motion detectors, locked doors, guards, and temperature sensors&#10;C) firewalls, anti-malware systems, and virtual private networks&#10;D) input, processing, and output controls

Accepted Answer

The answer of Communications controls consist of _____.&#10;A) authentication, passwords,...

Question 22

Evidence of the breaches related to the United States Office of Personnel Management appears to have been discovered accidentally during a product demonstration by network security company _____.&#10;A) Ponemon Institute&#10;B) Sony Pictures Entertainment&#10;C) Houston Astros&#10;D) CyTech Services

Accepted Answer

The answer of Evidence of the breaches related to the...

Question 23

Which of the following hacker groups successfully attacked Sony Pictures Entertainment on November 24, 2014?&#10;A) Guardians of Peace&#10;B) Sunshine Cinema&#10;C) Scambusters&#10;D) Carmike

Accepted Answer

The answer of Which of the following hacker groups successfully...

Question 24

Which of the following statements is true?&#10;A) Multifactor authentication is more reliable and less expensive than single-factor authentication.&#10;B) Multifactor authentication is more reliable and more expensive than single-factor authentication.&#10;C) Multifactor authentication is less reliable and less expensive than single-factor authentication.&#10;D) Multifactor and single-factor authentications have the same degree of reliability.

Accepted Answer

The answer of Which of the following statements is true?&#10;A)...

Deck 7: Information Security