Question

Question 1 (5 points)

The macro virus infects the key operating system files located in a computer’s start up sector.

Question 1 options:

True

False

Save

Question 2 (5 points)

Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?

Question 2 options:

Projects

Policy

Protection

People

Save

Question 3 (5 points)

Which of the following is NOT a primary function of Information Security Management?

Question 3 options:

Projects

Performance

Planning

Protection

Save

Question 4 (5 points)

According to the C.I.A. triad, which of the following is a desirable characteristic for computer security?

Question 4 options:

Authentication

Authorization

Availability

Accountability

Save

Question 5 (5 points)

Which of the following is NOT a step in the problem-solving process?

Question 5 options:

Gather facts and make assumptions

Select, implement and evaluate a solution

Analyze and compare possible solutions

Build support among management for the candidate solution

Save

Question 6 (5 points)

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.

Question 6 options:

True

False

Save

Question 7 (5 points)

“Shoulder spying” is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance.

Question 7 options:

True

False

Save

Question 8 (5 points)

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus __________.

Question 8 options:

hoaxes

polymorphisms

false alarms

urban legends

Save

Question 9 (5 points)

The first step in solving problems is to gather facts and make assumptions.

Question 9 options:

True

False

Save

Question 10 (5 points)

Blackmail threat of informational disclosure is an example of which threat category?

Question 10 options:

Compromises of intellectual property

Espionage or trespass

Information extortion

Sabotage or vandalism

Save

Question 11 (5 points)

Which of the following is the best example of a rapid-onset disaster?

Question 11 options:

Famine

Environmental degradation

Flood

Pest infestation

Save

Question 12 (5 points)

Which type of document grants formal permission for an investigation to occur?

Question 12 options:

Forensic concurrence

Affidavit

Evidentiary report

Search warrant

Save

Question 13 (5 points)

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

Question 13 options:

Structured walk-through

Desk check

Parallel testing

Simulation

Save

Question 14 (5 points)

ISO 27014:2013 is the ISO 27000 series standard for __________.

Question 14 options:

information security management

policy management

governance of information security

risk management

Save

Question 15 (5 points)

Which document must be changed when evidence changes hands or is stored?

Question 15 options:

Affidavit

Search warrant

Evidentiary material

Chain of custody

Save

Question 16 (5 points)

Which of the following allows investigators to determine what happened by examining the results of an event—criminal, natural, intentional, or accidental?

Question 16 options:

Forensics

E-discovery

Digital malfeasance

Evidentiary procedures

Save

Question 17 (5 points)

Individuals who control, and are therefore responsible for, the security and use of a particular set of information are known as __________.

Question 17 options:

data users

data generators

data owners

data custodians

Save

Question 18 (5 points)

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

Question 18 options:

Identify resource requirements

Identify recovery priorities for system resources

Determine mission/business processes and recovery criticality

Identify business processes

Save

Question 19 (5 points)

Which level of planning breaks down each applicable strategic goal into a series of incremental objectives?

Question 19 options:

Operational

Strategic

Organizational

Tactical

Save

Question 20 (5 points)

Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event?

Question 20 options:

Risk management

Contingency planning

Disaster readiness

Module 3

Business response

Question 21 (5 points)

Which of the following are instructional codes that guide the execution of the system when information

Question 21 options:

configuration rules

user profiles

access control lists

capability tables

Save

Question 22 (5 points)

A detailed outline of the scope of the policy development project is created during which phase of the SecSDLC?

Question 22 options:

Analysis

Implementation

Design

Investigation

Save

Question 23 (5 points)

In addition to specifying the penalties for unacceptable behavior, what else must a policy specify?

Question 23 options:

The proper operation of equipment

What must be done to comply

Legal recourse

Appeals process

Save

Question 24 (5 points)

Which of the following is NOT a step in the process of implementing training?

Question 24 options:

Motivate management and employees

Administer the program

Identify target audiences

Hire expert consultants

Save

Question 25 (5 points)

Which of the following is an element of the enterprise information security policy?

Question 25 options:

Information on the structure of the InfoSec organization

Access control lists

Articulation of the organization’s SDLC methodology

Indemnification of the organization against liability

Save

Question 26 (5 points)

Which of the following is the most cost-effective method for disseminating security information and news to employees?

Question 26 options:

Security-themed Web site

Distance learning seminars

Conference calls

Security newsletter

Save

Question 27 (5 points)

Which of the following is NOT among the three types of InfoSec policies based on NIST’s Special Publication 800-14?

Question 27 options:

Enterprise information security policy

User-specific security policies

System-specific security policies

Issue-specific security policies

Save

Question 28 (5 points)

Which of the following would be responsible for configuring firewalls and IDPSs, implementing security software, and diagnosing and troubleshooting problems?

Question 28 options:

A security analyst

The security manager

A security technician

A security consultant

Save

Question 29 (5 points)

Which policy is the highest level of policy and is usually created first?

Question 29 options:

USSP

ISSP

EISP

SysSP

Save

Question 30 (5 points)

Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation?

Question 30 options:

Centralized authentication

Policy

Risk management

Compliance/audit

Save

Previous PageNext Page

Question 31 (5 points)

Which of the following is the primary purpose of ISO/IEC 27001:2005?

Question 31 options:

Use within an organization to ensure compliance with laws and regulations

Use within an organization to formulate security requirements and objectives

Implementation of business-enabling information security

To enable organizations that adopt it to obtain certification

Save

Question 32 (5 points)

Which security architecture model is part of a larger series of standards collectively referred to as the “Rainbow Series”?

Question 32 options:

Bell-LaPadula

ITSEC

TCSEC

Common Criteria

Save

Question 33 (5 points)

Under the Common Criteria, which term describes the user-generated specifications for security requirements?

Question 33 options:

Security Functional Requirements (SFRs)

Security Target (ST)

Protection Profile (PP)

Target of Evaluation (ToE)

Save

Question 34 (5 points)

Which type of access controls can be role-based or task-based?

Question 34 options:

Nondiscretionary

Constrained

Discretionary

Content-dependent

Save

Question 35 (5 points)

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

Question 35 options:

Need-to-know

Separation of duties

Eyes only

Least privilege

Save

Question 36 (5 points)

The InfoSec measurement development process recommended by NIST is is divided into two major activities. Which of the following is one of them?

Question 36 options:

Identification and definition of the current InfoSec program

Regularly monitor and test networks

Compare organizational practices against organizations of similar characteristics

Maintain a vulnerability management program

Save

Question 37 (5 points)

Which piece of the Trusted Computing Base’s security system manages access controls?

Question 37 options:

Trusted computing base

Verification module

Covert channel

Reference monitor

Save

Question 38 (5 points)

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?

Question 38 options:

Legal liability

Baselining

Certification revocation

Competitive disadvantage

Save

Question 39 (5 points)

Which access control principle limits a user’s access to the specific information required to perform the currently assigned task?

Question 39 options:

Need-to-know

Eyes only

Least privilege

Separation of duties

Save

Question 40 (5 points)

Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle?

Question 40 options:

Task-based access controls

Discretionary access controls

Sensitivity levels

Security clearances

Save