ISIT201 Information Security Multiple Choice Questions
ISIT201 Information Security Multiple Choice Questions
ISIT201 Information Security Multiple Choice Questions
Save Answer
2.
(Points: 1)
What is the methodology for the design and implementation of an
information system in an organization.
1. LCSD
2. DSLC
3. CLSD
4. SDLC
true
Save Answer
3.
(Points: 1)
Organisations that are seeking to improve not only the
functionality of the systems they have in place, but the
confidence of the consumer in their product, refer to this
process as.
1. availability-focused development
2. reliability-focused development
3. security-focused development
4. accessability-focused development
true
Save Answer
4.
(Points: 1)
____ was the first and only operating system created with
security as its primary goal.
1. ARPANET
2. DOS
3. MULTICS
4. UNIX
true
Save Answer
5.
(Points: 1)
A computer is the ____ of an attack when it is used to conduct
the attack.
1. subject
2. facilitator
3. target
4. object
false
Save Answer
6.
(Points: 1)
What type of security addresses the issues necessary to protect
the tangible items, objects, or areas of an organization from
unauthorized access and misuse.
1. Standard
2. Personal
3. Physical
4. Object
false
Save Answer
7.
(Points: 1)
This presents a comprehensive model for information security and
is becoming the evaluation standard for the security of
information systems.
1. IEEE 802.11 (g)
2. NSTISSI No. 4011
3. ISO 17788
4. NIST SP 800-12
false
Save Answer
8.
(Points: 1)
An Information System is the entire set of ____, people,
procedures, and networks necessary to use information as a
resource in the organization.
1. hardware
2. software
3. All of the above
4. data
false
Save Answer
9.
(Points: 1)
What term is used to describe an attack is when a hacker uses his
or her personal computer to break into a system.
1. hardware
2. indirect
3. direct
4. software
false
Save Answer
10.
(Points: 1)
What method is usually the best approach to security project
implementation.
1. direct changeover
2. phased implementation
3. parallel operation
4. pilot implementation
false
Save Answer
11.
(Points: 1)
The goal of the ____ is to resolve any pending issues, critique
the overall effort of the project, and draw conclusions about how
to improve the process for the future.
1. direct changeover
2. wrap-up
3. pilot implementation
4. phased implementation
false
Save Answer
12.
(Points: 1)
Implementing all security improvements in a single office,
department, or division, and resolving issues within that group
before expanding to the rest of the organisation. What is this
implementation process referred to?
1. pilot
2. direct
3. parallel
4. loop
false
Save Answer
13.
(Points: 1)
Technology ____ deals with how frequently technical systems are
updated, and how technical updates are approved and funded.
1. wrap-up
2. turnover
3. changeover
4. governance
false
Save Answer
14.
(Points: 1)
The Lewin change model consists of ____.
1. refreezing
2. All of the above
3. unfreezing
4. moving
false
Save Answer
15.
(Points: 1)
Which department in large organisations places the information
security personnel?
1. production
2. management
3. financial
4. information technology
false
Save Answer
16.
(Points: 1)
These staff are the real techies, who create and install security
solutions.
1. Builders
2. Definers
3. Senior managers
4. Administrators
false
Save Answer
17.
(Points: 1)
This position is typically considered the top information
security officer in the organization.
1. CIFO
2. CISO
3. CTO
4. CEO
false
Save Answer
18.
(Points: 1)
These members of staff are the technically qualified individuals
tasked to configure firewalls, deploy IDSs, implement security
software, diagnose and troubleshoot problems, and coordinate with
systems and network administrators to ensure that an
organisation's security technology is properly implemented.
1. Security managers
2. CISOs
3. Security technicians
4. CSOs
false
Save Answer
19.
(Points: 1)
What are a component of the security triple?
1. Threats
2. Assets
3. Vulnerabilities
4. All of the above
false
Save Answer
20.
(Points: 1)
The ____ is a part of the US-CERT and is located at the Software
Engineering Institute, a federally funded research and
development center operated by Carnegie Mellon University.
1. CERT/CC
2. Bug/CERT
3. CC/CERT
4. Bugtraq/CERT
false
Save Answer
21.
(Points: 1)
Detailed ____ on the highest risk warnings can include
identifying which vendor updates apply to which vulnerabilities
as well as which types of defenses have been found to work
against the specific vulnerabilities reported.
1. intelligence
2. None of the above
3. escalation
4. monitoring
false
Save Answer
22.
(Points: 1)
One approach that can improve the situational awareness of the
information security function uses a process known as ____ to
Save Answer
23.
(Points: 1)
The information security personnel who perform penetration
testing are often consultants or outsourced contractors, and are
commonly referred to as?
1. All of the above
2. tiger teams
3. whitehat hackers
4. ethical hackers
false
Save Answer
24.
(Points: 1)
A ____ is a statement of the boundaries of the Risk Assessment.
1. footer
2. scope
3. disclaimer
4. head
false
Save Answer
25.
(Points: 1)
This process involves security personnel simulating or performing
specific and controlled attacks to compromise or disrupt their
own systems by exploiting documented vulnerabilities.
1. Attack simulation
2. Penetration testing
3. Attack testing
4. Penetration simulation
false
Save Answer
26.
(Points: 1)
This type of management is the administration of changes in the
strategy, operation, or components of the information security
program.
1. Update
2. Change
3. Upload
4. Revision
false
Save Answer
27.
(Points: 1)
The Plan-Do-Check-Act process is an implementation of the ____
approach to internal controls to manage risk.
1. CNSS 4012
2. ISO 1899
3. ISO 27001
4. NIST SP800-12
false
Save Answer
28.
(Points: 1)
Which of the following functions does information security
perform for an organization?
1. Protects the data the organization collects and uses.
2. Enables the safe operation of applications implemented on
the organizations IT systems.
3. Protects the organizations ability to function.
4. All of the above.
false
Save Answer
29.
(Points: 1)
As frustrating as viruses and worms are, perhaps more time and
money is spent on resolving ____.
1. power faults
2. urban legends
3. hoaxes
4. false alarms
false
Save Answer
30.
(Points: 1)
Web hosting services are usually arranged with an agreement
providing minimum service levels known as a ____.
1. MIN
2. SSL
3. MSL
4. SLA
false
Save Answer
31.
(Points: 1)
In this type of attack, the attacker sends a large number of
connection or information requests to a target.
1. spam
2. denial-of-service
3. virus
4. distributed denial-of-service
false
Save Answer
32.
(Points: 1)
Acts of ____ can lead to unauthorized real or virtual actions
that enable information gatherers to enter premises or systems
they have not been authorized to enter.
1. bypass
2. trespass
3. security
4. nature
false
Save Answer
33.
(Points: 1)
Deliberate software attacks are referred to as?
1. malicious code
2. All of the above
3. malware
4. malicious software
false
Save Answer
34.
(Points: 1)
Software programs that hide their true nature, and reveal their
Save Answer
35.
(Points: 1)
Which Australian act has penalties relating to the improper use
of ICT equipment?
1. Copyright Act
2. Computer Crimes Act
3. Sarbanes-Oxley Act
4. Criminal Code Act
false
Save Answer
36.
(Points: 1)
Risk ____ is the process of applying safeguards to reduce the
risks to an organizations data and information systems.
1. security
2. management
3. control
4. identification
false
Save Answer
37.
(Points: 1)
Management of classified data includes its storage and ____.
1. destruction
2. All of the above
3. distribution
4. portability
false
Save Answer
38.
(Points: 1)
There are individuals who search trash and recycling a
practice known as ____ to retrieve information that could
embarrass a company or compromise information security.
1. side view
2. garbage collection
3. dumpster diving
4. recycle diving
false
Save Answer
39.
(Points: 1)
What equals likelihood of vulnerability occurrence times value
(or impact) minus percentage risk already controlled plus an
element of uncertainty?
1. Risk
2. Probability
3. Possibility
4. Chance
false
Save Answer
40.
(Points: 1)
The concept of competitive ____ refers to the need to avoid
falling behind the competition.
1. failure
2. benefit
3. advantage
4. disadvantage
false
Save Answer
41.
(Points: 1)
____ feasibility addresses user acceptance and support,
management acceptance and support, and the overall requirements
of the organizations stakeholders.
1. Political
2. Operational
3. Technical
4. Organizational
false
Save Answer
42.
(Points: 1)
Risk ____ defines the quantity and nature of risk that
organizations are willing to accept as they evaluate the
tradeoffs between perfect security and unlimited accessibility.
1. acceptance
2. benefit
3. appetite
4. avoidance
false
Save Answer
43.
(Points: 1)
Strategic planning is the process of moving the organisation
towards its?
1. vision
2. mission
3. standard
4. policy
false
Save Answer
44.
(Points: 1)
Incident damage ____ is the rapid determination of the scope of
the breach of the confidentiality, integrity, and availability of
information and information assets during or just following an
incident.
1. evaluation
2. assessment
3. plan
4. recovery
false
Save Answer
45.
(Points: 1)
A ____ is a private data network that makes use of the public
telecommunication infrastructure, maintaining privacy through the
use of a tunneling protocol and security procedures.
1. SESAME
2. SVPN
3. VPN
4. KERBES
false
Save Answer
46.
(Points: 1)
The restrictions most commonly implemented in packet filtering
firewalls are based on ____.
1. IP source and destination address
2. All of the above
3. TCP or UDP source and destination port requests
4. Direction (inbound or outbound)
false
Save Answer
47.
(Points: 1)
What kind of filtering allows the firewall to react to an
emergent event and update or create rules to deal with the event?
1. Stateless
2. Stateful
3. Static
4. Dynamic
false
Save Answer
48.
(Points: 1)
Most guards have clear ____ that help them to act decisively in
unfamiliar situations.
1. POSs
2. SOPs
3. MACs
4. OPSs
false
Save Answer
49.
(Points: 1)
This occurs when an authorized individual presents a key to open
a door, and other individuals, who may or may not be authorized,
also enter through.
1. Tailgating
2. Freeloading
3. Sidegating
4. Hitchhiking
false
Save Answer
50.
(Points: 1)
Electronic monitoring includes ____ systems.
1. open-circuit television
2. blocked video
3. closed-circuit television
4. local video
false
Save Answer