SlideShare a Scribd company logo

test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Download as DOCX, PDF
H
husseinalshomali

The document contains a quiz on information security concepts with multiple choice questions and answers. It covers topics like authentication, authorization, threats, attacks, and the CIA triad. Planning, organizing, leading and controlling are discussed as the four principles of management. Problem solving steps and specialized security areas are also listed. The document serves to test the reader's understanding of foundational information security terms and processes.

Technology
1 of 8
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 1 1. The first step in solving problems is to gather facts and make assumptions. a. True b. False ANSWER: False 2. Corruption of information can occur only while information is being stored. a. True b. False ANSWER: False 3. The authorization process takes place before the authentication process. a. True b. False ANSWER: False 4. A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. a. True b. False ANSWER: True 5. DoS attacks cannot be launched against routers. a. True b. False ANSWER: False 6. "Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance. _________________________ ANSWER: False - surfing 7. When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. _________________________ ANSWER: False - spike 8. The macro virus infects the key operating system files located in a computer’s start up sector. _________________________ ANSWER: False - boot 9. The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________ ANSWER: False - brute force 10. The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________ ANSWER: False - cracker
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 2 11. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for pre-configured signatures. _________________________ ANSWER: True 12. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or stealinformation. _________________________ ANSWER: True 13. A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. _________________________ ANSWER: False - packet 14. One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. _________________________ ANSWER: False - bomb 15. Communications security involves the protection of which of the following?. a. radio handsets b. people, physical assets c. the IT department d. media, technology, and content ANSWER: d 16. According to the C.I.A. triad, which of the following is a desirable characteristic for computer security? a. accountability b. availability c. authorization d. authentication ANSWER: b 17. Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information? a. Integrity b. Availability c. Authentication d. Confidentiality ANSWER: d 18. The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process? a. accountability b. authorization c. identification d. authentication ANSWER: d 19. What do audit logs that track user activity on an information system provide? a. identification b. authorization c. accountability d. authentication ANSWER: c 20. Which of the following is the principle of management that develops, creates, and implements strategies for the accomplishment of objectives? a. leading b. controlling
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 3 c. organizing d. planning ANSWER: d 21. Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives? a. organization b. planning c. controlling d. leading ANSWER: a 22. In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. a. zombie-in-the-middle b. sniff-in-the-middle c. server-in-the-middle d. man-in-the-middle ANSWER: d 23. Which of the following is the first step in the problem-solving process? a. Analyze and compare the possible solutions b. Develop possible solutions c. Recognize and define the problem d. Select, implement and evaluate a solution ANSWER: c 24. Which of the following is NOT a step in the problem-solving process? a. Select, implement and evaluate a solution b. Analyze and compare possible solutions c. Build support among management for the candidate solution d. Gather facts and make assumptions ANSWER: c 25. Which of the following is NOT a primary function of Information Security Management? a. planning b. protection c. projects d. performance ANSWER: d 26. Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines? a. planning b. policy c. programs d. people ANSWER: b 27. Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program? a. protection b. people c. projects d. policy
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 4 ANSWER: b 28. Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. a. bypass b. theft c. trespass d. security ANSWER: c 29. ____________________ are malware programs that hide their true nature, and revealtheir designed behavior only when activated. a. Viruses b. Worms c. Spam d. Trojan horses ANSWER: d 30. As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____________________. a. false alarms b. polymorphisms c. hoaxes d. urban legends ANSWER: c 31. Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________. a. threats b. education c. hugs d. paperwork ANSWER: b 32. “4-1-9” fraud is an example of a ____________________ attack. a. social engineering b. virus c. worm d. spam ANSWER: a 33. Which type of attack involves sending a large number of connection or information requests to a target? a. malicious code b. denial-of-service (DoS) c. brute force d. spear fishing ANSWER: b 34. Which of the following is not among the 'deadly sins of software security'? a. Extortion sins b. Implementation sins c. Web application sins d. Networking sins ANSWER: a 35. Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. a. SSL b. SLA
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 5 c. MSL d. MIN ANSWER: b 36. Blackmail threat of informational disclosure is an example of which threat category? a. Espionage or trespass b. Information extortion c. Sabotage or vandalism d. Compromises of intellectual property ANSWER: b 37. One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. a. hacktivist b. phreak c. hackcyber d. cyberhack ANSWER: a 38. A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. a. denial-of-service b. distributed denial-of-service c. virus d. spam ANSWER: b 39. Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls? a. brute force b. DoS c. back door d. hoax ANSWER: c 40. A short-term interruption in electrical power availability is known as a ____. a. fault b. brownout c. blackout d. lag ANSWER: a 41. The three levels of planning are strategic planning, tactical planning, and ____________________ planning. ANSWER: operational 42. The set of organizational guidelines that dictates certain behavior within the organization is called ____________________. ANSWER: policy 43. Attempting to reverse-calculate a password is called ____________________. ANSWER: cracking 44. ESD is the acronym for ____________________ discharge. ANSWER: electrostatic 45. Duplication of software-based intellectual property is more commonly known as software ____________________. ANSWER: piracy
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 6 46. A(n) ____________________ hacks the public telephone network to make free calls or disrupt services. ANSWER: phreaker 47. A momentary low voltage is called a(n) ____________________. ANSWER: sag 48. Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________. ANSWER: intelligence 49. A(n) ____________________ is a potential weakness in an asset or its defensive control(s). ANSWER: vulnerability 50. ____________________ is unsolicited commercial e-mail. ANSWER: Spam 51. A virus or worm can have a payload that installs a(n) ____________________ door or trap door component in a system, which allows the attacker to access the system at will with special privileges. ANSWER: back 52. A(n) ____________________ is an act against an asset that could result in a loss. ANSWER: attack 53. A ____________ overflow is an application error that occurs when the system can’t handle the amount of data that is sent. ANSWER: buffer 54. Explain the differences between a leader and a manager. ANSWER: The distinctions between a leader and a manager arise in the execution of organizational tasks. A leader provides purpose, direction, and motivation to those that follow. By comparison, a manager administers the resources of the organization. He or she creates budgets, authorizes expenditures, and hires employees. 55. List and explain the critical characteristics of information as defined by the C.I.A. triad. ANSWER: Confidentiality of information ensures that only those with sufficient privileges and a demonstrated need may access certain information. When unauthorized individuals or systems can view information, confidentiality is breached. Integrity is the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when it is exposed to corruption, damage, destruction, or other disruption of its authentic state. Availability is the characteristic of information that enables user access to information without interference or obstruction and in a useable format. 56. List and explain the four principles of management under the contemporary or popular management theory. Briefly define each. ANSWER: Popular management theory, which categorizes the principles of management into planning, organizing, leading, and controlling (POLC). The process that develops, creates, and implements strategies for the accomplishment of objectives is called planning. The management function dedicated to the structuring of resources to support the accomplishment of
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 7 objectives is called organization. Leadership includes supervising employee behavior, performance, attendance, and attitude. Leadership generally addresses the direction and motivation of the human resource. Monitoring progress toward completion, and making necessary adjustments to achieve desired objectives, requires the exercise of control. 57. List the steps that can be used as a basic blueprint for solving organizational problems. ANSWER: 1. Recognize and Define the Problem 2. Gather Facts and Make Assumptions 3. Develop Possible Solutions 4. Analyze and Compare Possible Solutions. 5. Select, Implement and Evaluate a Solution. 58. What are the three distinct groups of decision makers or communities of interest on an information security team? ANSWER: Managers and professionals in the field of information security Managers and professionals in the field of IT Managers and professionals from the rest of the organization 59. List the specialized areas of security. ANSWER: Physical security Operations security Communications security Network security 60. List the measures that are commonly used to protect the confidentiality of information. ANSWER: Information classification Secure document (and data) storage Application of general security policies Education of information custodians and end users Cryptography (encryption) 61. What is authentication? Provide some examples. ANSWER: Authentication is the process by which a control establishes whether a user (or system) has the identity it claims to have. Examples include the use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections as well as the use of cryptographic hardware devices—for example, hardware tokens such as RSA’s SecurID. Individual users may disclose a personal identification number (PIN) or a password to authenticate their identities to a computer system. 62. Discuss the planning element of information security. ANSWER: Planning in InfoSec management is an extension of the basic planning model. Included in the InfoSec planning model are activities necessary to support the design, creation, and implementation of InfoSec strategies within the IT planning environment. The business strategy is translated into the IT strategy. Both the business strategy and the IT strategy are then used to develop the InfoSec strategy. For example, the CIO uses the IT objectives gleaned from the business unit plans to create the organization’s IT strategy. 63. There are 12 general categories of threat to an organization's people, information, and systems. List at least six of the general categories of threat and identify at least one example of those listed. ANSWER: Compromises to intellectual property Software attacks
Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 8 Deviations in quality of service Espionage or trespass Forces of nature Human error or failure Information extortion Missing, inadequate, or incomplete Missing, inadequate, or incomplete controls Sabotage or vandalism Theft Technical hardware failures or errors Technical software failures or errors Technological obsolescence

Recommended

Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_security
husseinalshomali
 
Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policy
husseinalshomali
 
Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencies
husseinalshomali
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
husseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanisms
husseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
husseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_risk
husseinalshomali
 
Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_program
husseinalshomali
 

Recommended

Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_security
husseinalshomali
 
Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policy
husseinalshomali
 
Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencies
husseinalshomali
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
husseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanisms
husseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
husseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_risk
husseinalshomali
 
Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_program
husseinalshomali
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Watermarking
WatermarkingWatermarking
Watermarking
Pushkar Dutt
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Network security
Network securityNetwork security
Network security
Ali Kamil
 
CHFI v10
CHFI v10CHFI v10
CHFI v10
SagarNegi10
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012
reesmorgan
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
Theo Gravity
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_security
husseinalshomali
 
CIS 333 Life of the Mind/newtonhelp.com   
CIS 333 Life of the Mind/newtonhelp.com   CIS 333 Life of the Mind/newtonhelp.com   
CIS 333 Life of the Mind/newtonhelp.com   
bellflower3
 

More Related Content

What's hot

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Watermarking
WatermarkingWatermarking
Watermarking
Pushkar Dutt
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Network security
Network securityNetwork security
Network security
Ali Kamil
 
CHFI v10
CHFI v10CHFI v10
CHFI v10
SagarNegi10
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012
reesmorgan
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
Theo Gravity
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 

What's hot (20)

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Watermarking
WatermarkingWatermarking
Watermarking
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Network security
Network securityNetwork security
Network security
 
CHFI v10
CHFI v10CHFI v10
CHFI v10
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 

Similar to test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_security
husseinalshomali
 
CIS 333 Life of the Mind/newtonhelp.com   
CIS 333 Life of the Mind/newtonhelp.com   CIS 333 Life of the Mind/newtonhelp.com   
CIS 333 Life of the Mind/newtonhelp.com   
bellflower3
 
CIS 333 Imagine Your Future/newtonhelp.com   
CIS 333 Imagine Your Future/newtonhelp.com   CIS 333 Imagine Your Future/newtonhelp.com   
CIS 333 Imagine Your Future/newtonhelp.com   
bellflower45
 
CIS 333 Effective Communication - tutorialrank.com
CIS 333 Effective Communication - tutorialrank.comCIS 333 Effective Communication - tutorialrank.com
CIS 333 Effective Communication - tutorialrank.com
Bartholomew19
 
CIS 333 Focus Dreams/newtonhelp.com
CIS 333 Focus Dreams/newtonhelp.comCIS 333 Focus Dreams/newtonhelp.com
CIS 333 Focus Dreams/newtonhelp.com
bellflower85
 
Sample paper-po-computer-awareness-2010-www.bankpoclerk.com
Sample paper-po-computer-awareness-2010-www.bankpoclerk.comSample paper-po-computer-awareness-2010-www.bankpoclerk.com
Sample paper-po-computer-awareness-2010-www.bankpoclerk.comVirendra Kumar Dubey
 
Cyber security strategy and Planning.docx
Cyber security strategy and Planning.docxCyber security strategy and Planning.docx
Cyber security strategy and Planning.docx
timo timothy
 
Cis 333 Extraordinary Success/newtonhelp.com
Cis 333 Extraordinary Success/newtonhelp.com Cis 333 Extraordinary Success/newtonhelp.com
Cis 333 Extraordinary Success/newtonhelp.com
amaranthbeg146
 
Cis 333 Education Organization / snaptutorial.com
Cis 333 Education Organization / snaptutorial.comCis 333 Education Organization / snaptutorial.com
Cis 333 Education Organization / snaptutorial.com
Baileya82
 
CIS 333 Exceptional Education / snaptutorial.com
CIS 333 Exceptional Education / snaptutorial.comCIS 333 Exceptional Education / snaptutorial.com
CIS 333 Exceptional Education / snaptutorial.com
donaldzs97
 
Cis 333 Enhance teaching / snaptutorial.com
Cis 333 Enhance teaching / snaptutorial.comCis 333 Enhance teaching / snaptutorial.com
Cis 333 Enhance teaching / snaptutorial.com
Davis104
 
Strayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 newStrayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 new
aagnaa
 
Strayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 newStrayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 new
uopassignment
 
Strayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 newStrayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 new
olivergeorg
 
dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx
dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docxdokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx
dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx
ams1ams11
 
CIS 333 Final Exam (3 Sets)
CIS 333 Final Exam (3 Sets)CIS 333 Final Exam (3 Sets)
CIS 333 Final Exam (3 Sets)
critter02
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docx
karthikaparthasarath
 

Similar to test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition (20)

Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_security
 
CIS 333 Life of the Mind/newtonhelp.com   
CIS 333 Life of the Mind/newtonhelp.com   CIS 333 Life of the Mind/newtonhelp.com   
CIS 333 Life of the Mind/newtonhelp.com   
 
CIS 333 Imagine Your Future/newtonhelp.com   
CIS 333 Imagine Your Future/newtonhelp.com   CIS 333 Imagine Your Future/newtonhelp.com   
CIS 333 Imagine Your Future/newtonhelp.com   
 
CIS 333 Effective Communication - tutorialrank.com
CIS 333 Effective Communication - tutorialrank.comCIS 333 Effective Communication - tutorialrank.com
CIS 333 Effective Communication - tutorialrank.com
 
CIS 333 Focus Dreams/newtonhelp.com
CIS 333 Focus Dreams/newtonhelp.comCIS 333 Focus Dreams/newtonhelp.com
CIS 333 Focus Dreams/newtonhelp.com
 
Sample paper-po-computer-awareness-2010-www.bankpoclerk.com
Sample paper-po-computer-awareness-2010-www.bankpoclerk.comSample paper-po-computer-awareness-2010-www.bankpoclerk.com
Sample paper-po-computer-awareness-2010-www.bankpoclerk.com
 
Cyber security strategy and Planning.docx
Cyber security strategy and Planning.docxCyber security strategy and Planning.docx
Cyber security strategy and Planning.docx
 
Cis 333 Extraordinary Success/newtonhelp.com
Cis 333 Extraordinary Success/newtonhelp.com Cis 333 Extraordinary Success/newtonhelp.com
Cis 333 Extraordinary Success/newtonhelp.com
 
Cis 333 Education Organization / snaptutorial.com
Cis 333 Education Organization / snaptutorial.comCis 333 Education Organization / snaptutorial.com
Cis 333 Education Organization / snaptutorial.com
 
CIS 333 Exceptional Education / snaptutorial.com
CIS 333 Exceptional Education / snaptutorial.comCIS 333 Exceptional Education / snaptutorial.com
CIS 333 Exceptional Education / snaptutorial.com
 
Cis 333 Enhance teaching / snaptutorial.com
Cis 333 Enhance teaching / snaptutorial.comCis 333 Enhance teaching / snaptutorial.com
Cis 333 Enhance teaching / snaptutorial.com
 
Strayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 newStrayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 new
 
Strayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 newStrayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 new
 
Strayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 newStrayer cis 333 week 11 final exam set 1 new
Strayer cis 333 week 11 final exam set 1 new
 
dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx
dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docxdokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx
dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx
 
Wa
WaWa
Wa
 
IS311 questions
IS311 questionsIS311 questions
IS311 questions
 
CIS 333 Final Exam (3 Sets)
CIS 333 Final Exam (3 Sets)CIS 333 Final Exam (3 Sets)
CIS 333 Final Exam (3 Sets)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docx
 

Recently uploaded

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 

Recently uploaded (20)

By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 

test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

  • 1. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 1 1. The first step in solving problems is to gather facts and make assumptions. a. True b. False ANSWER: False 2. Corruption of information can occur only while information is being stored. a. True b. False ANSWER: False 3. The authorization process takes place before the authentication process. a. True b. False ANSWER: False 4. A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. a. True b. False ANSWER: True 5. DoS attacks cannot be launched against routers. a. True b. False ANSWER: False 6. "Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance. _________________________ ANSWER: False - surfing 7. When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. _________________________ ANSWER: False - spike 8. The macro virus infects the key operating system files located in a computer’s start up sector. _________________________ ANSWER: False - boot 9. The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________ ANSWER: False - brute force 10. The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________ ANSWER: False - cracker
  • 2. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 2 11. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for pre-configured signatures. _________________________ ANSWER: True 12. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or stealinformation. _________________________ ANSWER: True 13. A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. _________________________ ANSWER: False - packet 14. One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. _________________________ ANSWER: False - bomb 15. Communications security involves the protection of which of the following?. a. radio handsets b. people, physical assets c. the IT department d. media, technology, and content ANSWER: d 16. According to the C.I.A. triad, which of the following is a desirable characteristic for computer security? a. accountability b. availability c. authorization d. authentication ANSWER: b 17. Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information? a. Integrity b. Availability c. Authentication d. Confidentiality ANSWER: d 18. The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process? a. accountability b. authorization c. identification d. authentication ANSWER: d 19. What do audit logs that track user activity on an information system provide? a. identification b. authorization c. accountability d. authentication ANSWER: c 20. Which of the following is the principle of management that develops, creates, and implements strategies for the accomplishment of objectives? a. leading b. controlling
  • 3. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 3 c. organizing d. planning ANSWER: d 21. Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives? a. organization b. planning c. controlling d. leading ANSWER: a 22. In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. a. zombie-in-the-middle b. sniff-in-the-middle c. server-in-the-middle d. man-in-the-middle ANSWER: d 23. Which of the following is the first step in the problem-solving process? a. Analyze and compare the possible solutions b. Develop possible solutions c. Recognize and define the problem d. Select, implement and evaluate a solution ANSWER: c 24. Which of the following is NOT a step in the problem-solving process? a. Select, implement and evaluate a solution b. Analyze and compare possible solutions c. Build support among management for the candidate solution d. Gather facts and make assumptions ANSWER: c 25. Which of the following is NOT a primary function of Information Security Management? a. planning b. protection c. projects d. performance ANSWER: d 26. Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines? a. planning b. policy c. programs d. people ANSWER: b 27. Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program? a. protection b. people c. projects d. policy
  • 4. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 4 ANSWER: b 28. Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. a. bypass b. theft c. trespass d. security ANSWER: c 29. ____________________ are malware programs that hide their true nature, and revealtheir designed behavior only when activated. a. Viruses b. Worms c. Spam d. Trojan horses ANSWER: d 30. As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____________________. a. false alarms b. polymorphisms c. hoaxes d. urban legends ANSWER: c 31. Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________. a. threats b. education c. hugs d. paperwork ANSWER: b 32. “4-1-9” fraud is an example of a ____________________ attack. a. social engineering b. virus c. worm d. spam ANSWER: a 33. Which type of attack involves sending a large number of connection or information requests to a target? a. malicious code b. denial-of-service (DoS) c. brute force d. spear fishing ANSWER: b 34. Which of the following is not among the 'deadly sins of software security'? a. Extortion sins b. Implementation sins c. Web application sins d. Networking sins ANSWER: a 35. Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. a. SSL b. SLA
  • 5. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 5 c. MSL d. MIN ANSWER: b 36. Blackmail threat of informational disclosure is an example of which threat category? a. Espionage or trespass b. Information extortion c. Sabotage or vandalism d. Compromises of intellectual property ANSWER: b 37. One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. a. hacktivist b. phreak c. hackcyber d. cyberhack ANSWER: a 38. A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. a. denial-of-service b. distributed denial-of-service c. virus d. spam ANSWER: b 39. Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls? a. brute force b. DoS c. back door d. hoax ANSWER: c 40. A short-term interruption in electrical power availability is known as a ____. a. fault b. brownout c. blackout d. lag ANSWER: a 41. The three levels of planning are strategic planning, tactical planning, and ____________________ planning. ANSWER: operational 42. The set of organizational guidelines that dictates certain behavior within the organization is called ____________________. ANSWER: policy 43. Attempting to reverse-calculate a password is called ____________________. ANSWER: cracking 44. ESD is the acronym for ____________________ discharge. ANSWER: electrostatic 45. Duplication of software-based intellectual property is more commonly known as software ____________________. ANSWER: piracy
  • 6. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 6 46. A(n) ____________________ hacks the public telephone network to make free calls or disrupt services. ANSWER: phreaker 47. A momentary low voltage is called a(n) ____________________. ANSWER: sag 48. Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________. ANSWER: intelligence 49. A(n) ____________________ is a potential weakness in an asset or its defensive control(s). ANSWER: vulnerability 50. ____________________ is unsolicited commercial e-mail. ANSWER: Spam 51. A virus or worm can have a payload that installs a(n) ____________________ door or trap door component in a system, which allows the attacker to access the system at will with special privileges. ANSWER: back 52. A(n) ____________________ is an act against an asset that could result in a loss. ANSWER: attack 53. A ____________ overflow is an application error that occurs when the system can’t handle the amount of data that is sent. ANSWER: buffer 54. Explain the differences between a leader and a manager. ANSWER: The distinctions between a leader and a manager arise in the execution of organizational tasks. A leader provides purpose, direction, and motivation to those that follow. By comparison, a manager administers the resources of the organization. He or she creates budgets, authorizes expenditures, and hires employees. 55. List and explain the critical characteristics of information as defined by the C.I.A. triad. ANSWER: Confidentiality of information ensures that only those with sufficient privileges and a demonstrated need may access certain information. When unauthorized individuals or systems can view information, confidentiality is breached. Integrity is the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when it is exposed to corruption, damage, destruction, or other disruption of its authentic state. Availability is the characteristic of information that enables user access to information without interference or obstruction and in a useable format. 56. List and explain the four principles of management under the contemporary or popular management theory. Briefly define each. ANSWER: Popular management theory, which categorizes the principles of management into planning, organizing, leading, and controlling (POLC). The process that develops, creates, and implements strategies for the accomplishment of objectives is called planning. The management function dedicated to the structuring of resources to support the accomplishment of
  • 7. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 7 objectives is called organization. Leadership includes supervising employee behavior, performance, attendance, and attitude. Leadership generally addresses the direction and motivation of the human resource. Monitoring progress toward completion, and making necessary adjustments to achieve desired objectives, requires the exercise of control. 57. List the steps that can be used as a basic blueprint for solving organizational problems. ANSWER: 1. Recognize and Define the Problem 2. Gather Facts and Make Assumptions 3. Develop Possible Solutions 4. Analyze and Compare Possible Solutions. 5. Select, Implement and Evaluate a Solution. 58. What are the three distinct groups of decision makers or communities of interest on an information security team? ANSWER: Managers and professionals in the field of information security Managers and professionals in the field of IT Managers and professionals from the rest of the organization 59. List the specialized areas of security. ANSWER: Physical security Operations security Communications security Network security 60. List the measures that are commonly used to protect the confidentiality of information. ANSWER: Information classification Secure document (and data) storage Application of general security policies Education of information custodians and end users Cryptography (encryption) 61. What is authentication? Provide some examples. ANSWER: Authentication is the process by which a control establishes whether a user (or system) has the identity it claims to have. Examples include the use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections as well as the use of cryptographic hardware devices—for example, hardware tokens such as RSA’s SecurID. Individual users may disclose a personal identification number (PIN) or a password to authenticate their identities to a computer system. 62. Discuss the planning element of information security. ANSWER: Planning in InfoSec management is an extension of the basic planning model. Included in the InfoSec planning model are activities necessary to support the design, creation, and implementation of InfoSec strategies within the IT planning environment. The business strategy is translated into the IT strategy. Both the business strategy and the IT strategy are then used to develop the InfoSec strategy. For example, the CIO uses the IT objectives gleaned from the business unit plans to create the organization’s IT strategy. 63. There are 12 general categories of threat to an organization's people, information, and systems. List at least six of the general categories of threat and identify at least one example of those listed. ANSWER: Compromises to intellectual property Software attacks
  • 8. Name: Class: Date: Chapter 01 - Introduction to the Management of Information Security Copyright Cengage Learning. Powered by Cognero. Page 8 Deviations in quality of service Espionage or trespass Forces of nature Human error or failure Information extortion Missing, inadequate, or incomplete Missing, inadequate, or incomplete controls Sabotage or vandalism Theft Technical hardware failures or errors Technical software failures or errors Technological obsolescence