Question 1
Question
Information security is made up of
Answer
-
threats
-
vulnerabilities
-
safeguards
-
targets
Question 2
Question
Threats can be human or man-made.
Question 3
Question
Common crimes that results in unauthorized data disclosure are
Answer
-
pretexting
-
phishing
-
spoofing
-
sniffing
-
hacking
Question 4
Question
Spoofing involves altering header information, etc. to cause the recipient to trust an email they otherwise would not.
Question 5
Question
Data can be changed or lost during a natural disaster due to problems recovering data.
Question 6
Question
the two common types of spoofing are
Question 7
Question
Incorrect data modification can be caused by
Answer
-
procedures not followed or incorrectly designed
-
improper internal controls on systems
-
system errors
-
faulty recovery actions after a disaster
Question 8
Question
Reasons a service can become faulty are
Answer
-
incorrect data modification
-
systems working incorrectly
-
procedural mistakes
-
programming errors
-
IT installation errors
-
Usurpation
-
denial of service (unintentional)
-
denial of service (intentional)
Question 9
Question
DDOS stands for [blank_start]Distributed Denial of Service[blank_end]
Question 10
Question
Loss of infrastructure can be caused by
Answer
-
human accidents
-
theft and terrorist events
-
a disgruntled or terminated employee
-
natural disaster
-
Advanced Persistent Threat (APT) or cyberwarfare
Question 11
Question
APT stands for [blank_start]Advanced Persistent Threat[blank_end]
Question 12
Question
Data theft is most serious in large companies.
Question 13
Question
The four most common computer crimes in 2011 were
Question 14
Question
Malware infection remains the most common type of attack experienced
Question 15
Question
Insider abuse of internet or email remains very high
Question 16
Question
IDS stands for [blank_start]Intrusion Detection System[blank_end]
Question 17
Question
The number one rule in data privacy is "don't collect what you don't absolutely need"
Question 18
Question
A security policy must contain
Answer
-
what sensitive data may be stored
-
how sensitive data will be processed
-
what data can be shared with other organizations
-
how employees and others can obtain data about themselves
-
how employees and others can request changes to inaccurate data about themselves
-
What employees can do with their own mobile devices at work
-
what non-organizational activities an employee can take with employee-owned equipment
Question 19
Question
The five IS components are
Answer
-
hardware
-
software
-
data
-
procedures
-
people
Question 20
Question
Technical safeguards to involve hardware and software and include
Question 21
Question
Data safeguards includes
Question 22
Question
Human safeguards involving procedures and people include
Answer
-
hiring practices
-
training
-
education
-
procedure design
-
administration
-
assessment
-
compliance
-
accountability
Question 23
Question
Identification and authentication are most often performed using a userid/password pair
Question 24
Question
Malware includes viruses, trojans, spyware, adware, keystroke loggers, erc.
Question 25
Question
SSL uses asymmetric encryption
Question 26
Question
SSL stands for [blank_start]Secure Sockets Layer[blank_end]
Question 27
Question
DMZ stands for [blank_start]demilitarized zone[blank_end]
Question 28
Question
A common network design has servers exposed to the internet located between two firewalls in the DMZ.
Question 29
Question
Safeguards against malware include
Answer
-
using antivirus and antispyware programs
-
performing frequent scans
-
update malware definitions frequently
-
open email from known sources only
-
install software updates ASAP
-
browse only reputable internet neighbourhoods
Question 30
Question
SQL injection is the most common cause of data disclosure
Question 31
Question
SQL injections are successful when forms are poorly designed
Question 32
Question
Human safeguards to protect against security threats include
Answer
-
separation of duties
-
providing access based on concept of least privilege
-
classify data based on confidentiality and sensitivity
-
thorough hiring and screening practices
-
security awareness programs
-
friendly termination procedures
Question 33
Question
Security threats can be reduced through account administration by
Answer
-
having standards for account administration which include rules for modifying permissions and deletion of inactive accounts
-
requiring passwords be changed regularly
-
Help Desk policies regarding password resets etc.
Question 34
Question
All employees should be required to sign an access agreement form which states that they will follow company policies
Question 35
Question
Response plans for security incidents must be in place, just like disaster plans
Question 36
Question
A speedy response to any suspected security incident is essential
Question 37
Question
An Advanced Persistent Threat involves a multi-step attack usually targeted at a large business or government.