Frage 1
Frage
Information security is made up of
Antworten
-
threats
-
vulnerabilities
-
safeguards
-
targets
Frage 2
Frage
Threats can be human or man-made.
Frage 3
Frage
Common crimes that results in unauthorized data disclosure are
Antworten
-
pretexting
-
phishing
-
spoofing
-
sniffing
-
hacking
Frage 4
Frage
Spoofing involves altering header information, etc. to cause the recipient to trust an email they otherwise would not.
Frage 5
Frage
Data can be changed or lost during a natural disaster due to problems recovering data.
Frage 6
Frage
the two common types of spoofing are
Frage 7
Frage
Incorrect data modification can be caused by
Antworten
-
procedures not followed or incorrectly designed
-
improper internal controls on systems
-
system errors
-
faulty recovery actions after a disaster
Frage 8
Frage
Reasons a service can become faulty are
Antworten
-
incorrect data modification
-
systems working incorrectly
-
procedural mistakes
-
programming errors
-
IT installation errors
-
Usurpation
-
denial of service (unintentional)
-
denial of service (intentional)
Frage 9
Frage
DDOS stands for [blank_start]Distributed Denial of Service[blank_end]
Frage 10
Frage
Loss of infrastructure can be caused by
Antworten
-
human accidents
-
theft and terrorist events
-
a disgruntled or terminated employee
-
natural disaster
-
Advanced Persistent Threat (APT) or cyberwarfare
Frage 11
Frage
APT stands for [blank_start]Advanced Persistent Threat[blank_end]
Frage 12
Frage
Data theft is most serious in large companies.
Frage 13
Frage
The four most common computer crimes in 2011 were
Frage 14
Frage
Malware infection remains the most common type of attack experienced
Frage 15
Frage
Insider abuse of internet or email remains very high
Frage 16
Frage
IDS stands for [blank_start]Intrusion Detection System[blank_end]
Frage 17
Frage
The number one rule in data privacy is "don't collect what you don't absolutely need"
Frage 18
Frage
A security policy must contain
Antworten
-
what sensitive data may be stored
-
how sensitive data will be processed
-
what data can be shared with other organizations
-
how employees and others can obtain data about themselves
-
how employees and others can request changes to inaccurate data about themselves
-
What employees can do with their own mobile devices at work
-
what non-organizational activities an employee can take with employee-owned equipment
Frage 19
Frage
The five IS components are
Antworten
-
hardware
-
software
-
data
-
procedures
-
people
Frage 20
Frage
Technical safeguards to involve hardware and software and include
Frage 21
Frage
Data safeguards includes
Frage 22
Frage
Human safeguards involving procedures and people include
Antworten
-
hiring practices
-
training
-
education
-
procedure design
-
administration
-
assessment
-
compliance
-
accountability
Frage 23
Frage
Identification and authentication are most often performed using a userid/password pair
Frage 24
Frage
Malware includes viruses, trojans, spyware, adware, keystroke loggers, erc.
Frage 25
Frage
SSL uses asymmetric encryption
Frage 26
Frage
SSL stands for [blank_start]Secure Sockets Layer[blank_end]
Frage 27
Frage
DMZ stands for [blank_start]demilitarized zone[blank_end]
Frage 28
Frage
A common network design has servers exposed to the internet located between two firewalls in the DMZ.
Frage 29
Frage
Safeguards against malware include
Antworten
-
using antivirus and antispyware programs
-
performing frequent scans
-
update malware definitions frequently
-
open email from known sources only
-
install software updates ASAP
-
browse only reputable internet neighbourhoods
Frage 30
Frage
SQL injection is the most common cause of data disclosure
Frage 31
Frage
SQL injections are successful when forms are poorly designed
Frage 32
Frage
Human safeguards to protect against security threats include
Antworten
-
separation of duties
-
providing access based on concept of least privilege
-
classify data based on confidentiality and sensitivity
-
thorough hiring and screening practices
-
security awareness programs
-
friendly termination procedures
Frage 33
Frage
Security threats can be reduced through account administration by
Antworten
-
having standards for account administration which include rules for modifying permissions and deletion of inactive accounts
-
requiring passwords be changed regularly
-
Help Desk policies regarding password resets etc.
Frage 34
Frage
All employees should be required to sign an access agreement form which states that they will follow company policies
Frage 35
Frage
Response plans for security incidents must be in place, just like disaster plans
Frage 36
Frage
A speedy response to any suspected security incident is essential
Frage 37
Frage
An Advanced Persistent Threat involves a multi-step attack usually targeted at a large business or government.