1The most successful kind of top-down approach involves a formal development strategy referred to as a ____. 1. systems development life cycle 2. systems schema 3. systems design 4. development life project true Save Answer 2. (Points: 1) What is the methodology for the design and implementation of an information system in an organization. 1. LCSD 2. DSLC 3. CLSD 4. SDLC true Save Answer 3. (Points: 1) Organisations that are seeking to improve not only the functionality of the systems they have in place, but the confidence of the consumer in their product, refer to this process as. 1. availability-focused development 2. reliability-focused development 3. security-focused development 4. accessability-focused development true Save Answer 4. (Points: 1) ____ was the first and only operating system created with security as its primary goal. 1. ARPANET 2. DOS 3. MULTICS 4. UNIX true Save Answer 5. (Points: 1) A computer is the ____ of an attack when it is used to conduct the attack. 1. subject 2. facilitator 3. target 4. object false . NSTISSI No. NIST SP 800-12 false Save Answer 8. Physical 4.Save Answer 6. 1. IEEE 802. Personal 3. (Points: 1) What type of security addresses the issues necessary to protect the tangible items.11 (g) 2. Standard 2. ISO 17788 4. objects. or areas of an organization from unauthorized access and misuse. 4011 3. 1. Object false Save Answer 7. (Points: 1) This presents a comprehensive model for information security and is becoming the evaluation standard for the security of information systems. and networks necessary to use information as a resource in the organization. hardware 2. 1. software false Save Answer 10. direct changeover 2. phased implementation . procedures. indirect 3. direct 4. hardware 2. (Points: 1) What method is usually the best approach to security project implementation. (Points: 1) What term is used to describe an attack is when a hacker uses his or her personal computer to break into a system. people. 1. data false Save Answer 9. software 3.(Points: 1) An Information System is the entire set of ____. 1. All of the above 4. direct 3. phased implementation false Save Answer 12. pilot 2. pilot implementation false Save Answer 11. and resolving issues within that group before expanding to the rest of the organisation. parallel operation 4. and draw conclusions about how to improve the process for the future. critique the overall effort of the project. or division. loop false . (Points: 1) The goal of the ____ is to resolve any pending issues. 1. parallel 4. department. wrap-up 3. pilot implementation 4.3. (Points: 1) Implementing all security improvements in a single office. What is this implementation process referred to? 1. direct changeover 2. (Points: 1) Which department in large organisations places the information security personnel? . moving false Save Answer 15. unfreezing 4. (Points: 1) Technology ____ deals with how frequently technical systems are updated. governance false Save Answer 14. wrap-up 2. 1.Save Answer 13. All of the above 3. and how technical updates are approved and funded. turnover 3. refreezing 2. (Points: 1) The Lewin change model consists of ____. 1. changeover 4. financial 4. information technology false Save Answer 16.1. Builders 2. Definers 3. 1. management 3. who create and install security solutions. CEO . 1. CIFO 2. (Points: 1) These staff are the real techies. CISO 3. (Points: 1) This position is typically considered the top information security officer in the organization. production 2. Senior managers 4. Administrators false Save Answer 17. CTO 4. Security managers 2. CISOs 3. diagnose and troubleshoot problems. CSOs false Save Answer 19. All of the above false Save Answer .false Save Answer 18. Security technicians 4. implement security software. Threats 2. deploy IDSs. (Points: 1) These members of staff are the technically qualified individuals tasked to configure firewalls. Assets 3. 1. (Points: 1) What are a component of the security triple? 1. and coordinate with systems and network administrators to ensure that an organisation's security technology is properly implemented. Vulnerabilities 4. 1. intelligence 2. 1. Bug/CERT 3. monitoring false Save Answer 22. (Points: 1) Detailed ____ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported. a federally funded research and development center operated by Carnegie Mellon University. (Points: 1) One approach that can improve the situational awareness of the information security function uses a process known as ____ to . Bugtraq/CERT false Save Answer 21. CERT/CC 2. (Points: 1) The ____ is a part of the US-CERT and is located at the Software Engineering Institute. None of the above 3. escalation 4.20. CC/CERT 4. disclaimer . difference analysis 2. scope 3. footer 2. ethical hackers false Save Answer 24. (Points: 1) A ____ is a statement of the boundaries of the Risk Assessment. revision false Save Answer 23. tiger teams 3. differential 4. 1. All of the above 2. whitehat hackers 4. baseline 3. and are commonly referred to as? 1. (Points: 1) The information security personnel who perform penetration testing are often consultants or outsourced contractors.quickly identify changes to the internal environment. 1. Revision false Save Answer . Penetration testing 3. Update 2. Penetration simulation false Save Answer 26. Change 3. 1. operation. Attack simulation 2.4. (Points: 1) This type of management is the administration of changes in the strategy. 1. or components of the information security program. Upload 4. (Points: 1) This process involves security personnel simulating or performing specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities. head false Save Answer 25. Attack testing 4. (Points: 1) As frustrating as viruses and worms are. ISO 1899 3. perhaps more time and money is spent on resolving ____. CNSS 4012 2. Enables the safe operation of applications implemented on the organization’s IT systems. Protects the data the organization collects and uses.27. Protects the organization’s ability to function. false Save Answer 29. ISO 27001 4. 3. (Points: 1) The Plan-Do-Check-Act process is an implementation of the ____ approach to internal controls to manage risk. 4. (Points: 1) Which of the following functions does information security perform for an organization? 1. 1. . NIST SP800-12 false Save Answer 28. All of the above. 2. denial-of-service 3. 1. (Points: 1) In this type of attack.1. MIN 2. SLA false Save Answer 31. the attacker sends a large number of connection or information requests to a target. virus 4. hoaxes 4. urban legends 3. (Points: 1) Web hosting services are usually arranged with an agreement providing minimum service levels known as a ____. power faults 2. distributed denial-of-service false . spam 2. false alarms false Save Answer 30. SSL 3. MSL 4. 1. Save Answer 32. 1. All of the above 3. (Points: 1) Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. malicious code 2. (Points: 1) Software programs that hide their true nature. bypass 2. malicious software false Save Answer 34. malware 4. security 4. trespass 3. and reveal their . nature false Save Answer 33. (Points: 1) Deliberate software attacks are referred to as? 1. Worms 4. Computer Crimes Act 3. Viruses false Save Answer 35. Sarbanes-Oxley Act 4. Spam 3.designed behavior only when activated are referred to as: 1. 1. Trojan horses 2. control . (Points: 1) Which Australian act has penalties relating to the improper use of ICT equipment? 1. (Points: 1) Risk ____ is the process of applying safeguards to reduce the risks to an organization’s data and information systems. Copyright Act 2. Criminal Code Act false Save Answer 36. security 2. management 3. (Points: 1) There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security. recycle diving false Save Answer . All of the above 3. 1. 1. portability false Save Answer 38. (Points: 1) Management of classified data includes its storage and ____.4. side view 2. garbage collection 3. distribution 4. destruction 2. identification false Save Answer 37. dumpster diving 4. 1. Risk 2.39. benefit 3. management acceptance and support. . advantage 4. Probability 3. Possibility 4. (Points: 1) What equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty? 1. Chance false Save Answer 40. and the overall requirements of the organization’s stakeholders. disadvantage false Save Answer 41. (Points: 1) ____ feasibility addresses user acceptance and support. (Points: 1) The concept of competitive ____ refers to the need to avoid falling behind the competition. failure 2. standard 4. 1. Operational 3. appetite 4. acceptance 2. Political 2. avoidance false Save Answer 43.1. (Points: 1) Strategic planning is the process of moving the organisation towards its? 1. Organizational false Save Answer 42. (Points: 1) Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. vision 2. mission 3. policy . benefit 3. Technical 4. (Points: 1) Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality. evaluation 2. integrity.false Save Answer 44. maintaining privacy through the use of a tunneling protocol and security procedures. recovery false Save Answer 45. assessment 3. plan 4. SVPN 3. KERBES false Save Answer . (Points: 1) A ____ is “a private data network that makes use of the public telecommunication infrastructure. VPN 4. and availability of information and information assets during or just following an incident. 1. SESAME 2.” 1. POSs . TCP or UDP source and destination port requests 4. 1. Static 4. (Points: 1) Most guards have clear ____ that help them to act decisively in unfamiliar situations. Stateless 2. Dynamic false Save Answer 48. 1. Direction (inbound or outbound) false Save Answer 47. IP source and destination address 2. Stateful 3. (Points: 1) What kind of filtering allows the firewall to react to an emergent event and update or create rules to deal with the event? 1. All of the above 3. (Points: 1) The restrictions most commonly implemented in packet filtering firewalls are based on ____.46. local video false . blocked video 3. Freeloading 3.2. also enter through. 1. and other individuals. Hitchhiking false Save Answer 50. closed-circuit television 4. MACs 4. 1. (Points: 1) Electronic monitoring includes ____ systems. who may or may not be authorized. OPSs false Save Answer 49. open-circuit television 2. SOPs 3. Tailgating 2. (Points: 1) This occurs when an authorized individual presents a key to open a door. Sidegating 4. Save Answer .
Report "ISIT201 Information Security Multiple Choice Questions"