Your SlideShare is downloading. ×
IS311 questions
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

IS311 questions

131
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
131
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1. Best security practices (BSPs) balance the need for information access with the need for adequate protection while simultaneously demonstrating social responsibility. A) True B) False 2. When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program, it is using InfoSec best practices A) True B) False 3. Accreditation is the authorization of an IT system to process, store, or transmit information. A) True B) False 4. A community of management and users that is well trained and informed about threats facing the organization can be crucial in the early detection and response process. A) True B) False 5. The information technology community often takes on the leadership role in addressing risk. A) True B) False
  • 2. 6. At a minimum organizations should have a simple data classification scheme categorizing information assets based on their sensitivity and security needs; for example: confidential, internal and public. A) True B) False 7. Economic and non-economic effects of a weakness must be evaluated after a strategy for dealing with a particular vulnerability has been selected. A) True B) False 8. Residual risk is also known as risk tolerance and is the amount of risk organizations are willing to accept after all reasonable controls have been implemented A) True B) False 9. Asset valuation does NOT have to consider the value of information to adversaries or loss of revenue while information assets are unavailable. A) True B) False 10. Network-address translation (NAT) is often implemented with the screened-host firewalls architecture. A) True B) False
  • 3. 11. Kerberos uses asymmetric key encryption to validate an individual user’s access to certain network resources. A) True B) False 12. A system that is secret is safe. A) True B) False 13. Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as ____. A) benchmarking B) best practices C) baselining 14. In information security, two categories of benchmarks are used: standards of due care and due diligence and ____ practices. A) security B) recommended C) measures
  • 4. 15. Which of the following is the last phase in the NIST process for performance measures implementation? A) Obtain management support B) Repeat the process C) Apply corrective actions 16. Which of the following activities is part of the risk identification process? A) Determining the likelihood that vulnerable systems will be attacked by specific threats B) Calculating the risks to which assets are exposed in their current setting C) Assigning a value to each information asset 17. ____ elements are divided into three categories: applications, operating systems, or security components A) Networking B) Hardware C) Software 18. Classification categories must be ____ (all inventoried assets fit into a category) and ____ (each asset is found in only one category). A) mutually inclusive, mutually exclusive B) comprehensive, mutually exclusive C) mutually exclusive, classification
  • 5. 19. Which of the following is not an example of a disaster recovery plan? A) Data recovery procedures B) Information gathering procedures C) Shut down procedures 20. ____________feasibility determines acceptable practices based on consensus and relationships among the communities of interest. A) Political B) Organizational C) Technical 21. ____ is the choice to do nothing to protect an information asset from risk and to accept the outcome from any resulting exploitation. A) Acceptance B) Avoidance C) Risk tolerance 22. ____ controls defend against threats from outside of the organization. A) Firewall B) network-based C) signature-based
  • 6. 23. A ____ intrusion detection and prevention system can monitor multiple computers simultaneously. A) signature-based B) host-based C) statistical anomaly-based 24. Kerberos’ ____ is an interacting application that validates clients and servers. A) Ticket Granting Service B) Authentication Client C) Authentication Server 25.The ____ Computer Security Act charges the National Bureau of Standards (now NIST) with the development of all but which of the following?. A) Standards, guidelines, and associated methods and techniques for computer systems B) Uniform standards and guidelines for most federal computer systems C) Mandatory periodic training in computer security awareness and accepted computer security practice for all employees involved with federal computer systems
  • 7. 23. A ____ intrusion detection and prevention system can monitor multiple computers simultaneously. A) signature-based B) host-based C) statistical anomaly-based 24. Kerberos’ ____ is an interacting application that validates clients and servers. A) Ticket Granting Service B) Authentication Client C) Authentication Server 25.The ____ Computer Security Act charges the National Bureau of Standards (now NIST) with the development of all but which of the following?. A) Standards, guidelines, and associated methods and techniques for computer systems B) Uniform standards and guidelines for most federal computer systems C) Mandatory periodic training in computer security awareness and accepted computer security practice for all employees involved with federal computer systems