Questão 1
Questão
Information security is made up of
Responda
-
threats
-
vulnerabilities
-
safeguards
-
targets
Questão 2
Questão
Threats can be human or man-made.
Questão 3
Questão
Common crimes that results in unauthorized data disclosure are
Responda
-
pretexting
-
phishing
-
spoofing
-
sniffing
-
hacking
Questão 4
Questão
Spoofing involves altering header information, etc. to cause the recipient to trust an email they otherwise would not.
Questão 5
Questão
Data can be changed or lost during a natural disaster due to problems recovering data.
Questão 6
Questão
the two common types of spoofing are
Questão 7
Questão
Incorrect data modification can be caused by
Responda
-
procedures not followed or incorrectly designed
-
improper internal controls on systems
-
system errors
-
faulty recovery actions after a disaster
Questão 8
Questão
Reasons a service can become faulty are
Responda
-
incorrect data modification
-
systems working incorrectly
-
procedural mistakes
-
programming errors
-
IT installation errors
-
Usurpation
-
denial of service (unintentional)
-
denial of service (intentional)
Questão 9
Questão
DDOS stands for [blank_start]Distributed Denial of Service[blank_end]
Questão 10
Questão
Loss of infrastructure can be caused by
Responda
-
human accidents
-
theft and terrorist events
-
a disgruntled or terminated employee
-
natural disaster
-
Advanced Persistent Threat (APT) or cyberwarfare
Questão 11
Questão
APT stands for [blank_start]Advanced Persistent Threat[blank_end]
Questão 12
Questão
Data theft is most serious in large companies.
Questão 13
Questão
The four most common computer crimes in 2011 were
Questão 14
Questão
Malware infection remains the most common type of attack experienced
Questão 15
Questão
Insider abuse of internet or email remains very high
Questão 16
Questão
IDS stands for [blank_start]Intrusion Detection System[blank_end]
Questão 17
Questão
The number one rule in data privacy is "don't collect what you don't absolutely need"
Questão 18
Questão
A security policy must contain
Responda
-
what sensitive data may be stored
-
how sensitive data will be processed
-
what data can be shared with other organizations
-
how employees and others can obtain data about themselves
-
how employees and others can request changes to inaccurate data about themselves
-
What employees can do with their own mobile devices at work
-
what non-organizational activities an employee can take with employee-owned equipment
Questão 19
Questão
The five IS components are
Responda
-
hardware
-
software
-
data
-
procedures
-
people
Questão 20
Questão
Technical safeguards to involve hardware and software and include
Questão 21
Questão
Data safeguards includes
Questão 22
Questão
Human safeguards involving procedures and people include
Responda
-
hiring practices
-
training
-
education
-
procedure design
-
administration
-
assessment
-
compliance
-
accountability
Questão 23
Questão
Identification and authentication are most often performed using a userid/password pair
Questão 24
Questão
Malware includes viruses, trojans, spyware, adware, keystroke loggers, erc.
Questão 25
Questão
SSL uses asymmetric encryption
Questão 26
Questão
SSL stands for [blank_start]Secure Sockets Layer[blank_end]
Questão 27
Questão
DMZ stands for [blank_start]demilitarized zone[blank_end]
Questão 28
Questão
A common network design has servers exposed to the internet located between two firewalls in the DMZ.
Questão 29
Questão
Safeguards against malware include
Responda
-
using antivirus and antispyware programs
-
performing frequent scans
-
update malware definitions frequently
-
open email from known sources only
-
install software updates ASAP
-
browse only reputable internet neighbourhoods
Questão 30
Questão
SQL injection is the most common cause of data disclosure
Questão 31
Questão
SQL injections are successful when forms are poorly designed
Questão 32
Questão
Human safeguards to protect against security threats include
Responda
-
separation of duties
-
providing access based on concept of least privilege
-
classify data based on confidentiality and sensitivity
-
thorough hiring and screening practices
-
security awareness programs
-
friendly termination procedures
Questão 33
Questão
Security threats can be reduced through account administration by
Responda
-
having standards for account administration which include rules for modifying permissions and deletion of inactive accounts
-
requiring passwords be changed regularly
-
Help Desk policies regarding password resets etc.
Questão 34
Questão
All employees should be required to sign an access agreement form which states that they will follow company policies
Questão 35
Questão
Response plans for security incidents must be in place, just like disaster plans
Questão 36
Questão
A speedy response to any suspected security incident is essential
Questão 37
Questão
An Advanced Persistent Threat involves a multi-step attack usually targeted at a large business or government.