Which of the following is a correct statement about the balance among prevention, detection, and response (PDR)?
a) If preventive measures are in place, it is not necessary to have measures focused on detection and response.
b) If detection and response measures are in place, it is not necessary to have measures devoted to prevention.
c) The greater the sensitivity and quantity of the data at issue, the more carefully the balance among these three must be evaluated.
d) Organizations have no discretion in deciding their levels of security practice.
answer
c) The greater the sensitivity and quantity of the data at issue, the more carefully the balance among these three must be evaluated
Explanation: The correct answer is c. The balance among prevention, detection, and response must be carefully evaluated based on the sensitivity and quantity of data at issue. Organizations have discretion in deciding their levels of security practice.
question
Which of these is not generally a good practice for telephone use?
a) Whenever possible, telephone conversations involving sensitive information are conducted in non-public areas, where they cannot be overheard.
b) When discussing confidential information on the phone, the other person's identity is confirmed before proceeding with the conversation.
c) Using voicemail systems and answering machines that do not require a password or PIN for access.
d) Only names and callback numbers are left on voicemail or answering machines -- or with the person that takes the message -- if someone cannot be reached directly.
answer
c) Using voicemail systems and answering machines that do not require a password or PIN for access.
Explanation: c) Using voicemail systems and answering machines that do not require a password or PIN for access.This is not generally a good practice for telephone use because it means that anyone who has access to the voicemail or answering machine can listen to the messages left on it. This could include sensitive information that should not be accessible to just anyone.
question
Security measures are sometimes described as a combination of physical, technical, and administrative (PTA) safeguards. Which of these would be considered a technical safeguard?
a) Locked doors and other physical barriers.
b) Policies about who is granted access to what types of data.
c) Measures including device data encryption, anti-malware software, and communications encryption.
d) Legal-regulatory requirements.
answer
c) Measures including device data encryption, anti-malware software, and communications encryption.
Explanation: The technical safeguards described in the question would be considered a combination of physical, technical, and administrative safeguards. These measures would include device data encryption, anti-malware software, and communications encryption.
question
Information security's goals are sometimes described by the letters "CIA." Which of the following is correct definition of C, I, or A?
a) I is for Integrity, which refers to the accuracy of the data for its intended use, the security-equivalent of terms like validity and reliability.
b) C is for Confidentiality, which refers to limiting data access to appropriate persons for appropriate purposes.
c) A is for Availability, which refers to the ability of legitimate users to access their data when needed.
d) #1 and #3, not #2
e) All of the above
answer
e) All of the above
Explanation: The correct answer is e) All of the above.The letters "CIA" in information security's context stand for confidentiality, integrity, and availability. All three of these concepts are important goals of information security.Confidentiality refers to limiting data access to appropriate persons for appropriate purposes. This ensures that sensitive information is not seen or used by unauthorized individuals.Integrity refers to the accuracy of the data for its intended use. This means that data cannot be altered without authorization, and that it is accurate and consistent.Availability refers to the ability of legitimate users to access their data when needed. This ensures that data is available when it is needed, and that users have the appropriate level of access to it.
question
Which of these is not a good practice for physical security?
a) Door locks, alarms, and other physical security devices are used to keep areas secure when not open for business.
b) Unattended areas are kept secure with door locks and other devices whenever possible, even during business hours.
c) To preserve good customer relations, visitors are generally allowed access to all areas of a facility unless it appears they are doing something suspicious.
d) Access to sensitive equipment and data is controlled -- that includes access to printers, fax machines, computers, and paper files.
answer
c) To preserve good customer relations, visitors are generally allowed access to all areas of a facility unless it appears they are doing something suspicious.
Explanation: c) To preserve good customer relations, visitors are generally allowed access to all areas of a facility unless it appears they are doing something suspicious.This is not a good practice for physical security because it allows potential intruders access to the facility. It is better to have strict access controls in place so that only authorized personnel are allowed in sensitive areas.
question
Which of the following is a good security practice for portable devices?
a) Trying to ensure physical security, particularly for highly portable devices that are always on hand (like a smartphone).
b) Maximizing the quantity of sensitive information stored on portable devices for easy access.
c) Disabling all extra security features such as an access password or biometric authentication so that access is easy and straightforward.Avoiding encrypting data stored on a portable device.
d) Disabling any remote-locate, remote-shutdown, and remote-erase capabilities because these can accidentally erase data.
answer
a) Trying to ensure physical security, particularly for highly portable devices that are always on hand (like a smartphone).
Explanation: The best security practice for portable devices is to ensure physical security, particularly for highly portable devices that are always on hand (like a smartphone). This means keeping the device in a secure location when not in use, and using a security measure like a password or biometric authentication to prevent unauthorized access. Additionally, it is important to avoid storing sensitive information on portable devices, and to disable any remote-locate, remote-shutdown, and remote-erase capabilities to avoid accidental data loss.
question
Which of the following is a good security practice for email?
a) Exercising care with every email message received, especially email containing file attachments that may be infected
b) Accessing links in all emails regardless of the source to make sure important information is not missed
c) Reply to all messages as quickly as possible to avoid the inbox becoming too full.
d) Sending sensitive information in email messages or in attachments to such messages, as long as a legally binding confidentiality notice is included.
answer
a) Exercising care with every email message received, especially email containing file attachments that may be infected
Explanation: The best security practice for email is to exercise care with every email message received, especially email containing file attachments that may be infected. Accessing links in all emails regardless of the source to make sure important information is not missed is also a good practice. However, sending sensitive information in email messages or in attachments to such messages, as long as a legally binding confidentiality notice is included, is not a good practice.
question
Which of the following are important for protecting computing devices and systems?
a) Administrative safeguards like rules against sharing passwords.
b) Technical safeguards like passwords, encryption, and protective software.
c) Physical safeguards like a secure space protected by locked doors, etc.
d) All of the above
e) None of the Above
answer
d) All of the above
Explanation: All of the above are important for protecting computing devices and systems. Administrative safeguards help to ensure that only authorized users have access to systems and data, while technical safeguards help to protect data and systems from unauthorized access or modification. Physical safeguards help to protect against physical damage or theft of devices and systems.
question
Which of the following is a good practice for controlling computer access?
a) Picking strong passwords and protecting them appropriately.
b) Logging into systems with a shared user-ID or password.Storing access tokens in a central unlocked location.
c) Leaving the device on and unlocked to make sure the work team members can use the device when you are at lunch.
answer
a) Picking strong passwords and protecting them appropriately.
Explanation: The best practice for controlling computer access is to have each user login with their own unique ID and password. This way, if one user's password is compromised, the others will still be safe. Additionally, it is important to make sure that passwords are strong and are not stored in an unlocked location.
question
Which of the following is a good practice if one wishes to avoid "social engineering" attacks?
a) Not opening attachments or clicking on links in messages, emails, or on websites unless absolutely sure of the source's authenticity.
b) Being cautious any time someone asks for sensitive information, whether by phone, fax, email, or even in person. It could be a scam.
c) Taking appropriate steps to confirm a person's (or site's) identity for any transaction that involves sensitive data.
d) Using strict procedures when it is necessary to exchange an authentication credential like a password, PIN, account number, or other personal data that is critical to establishing personal identity.
e) All of the above
answer
e) All of the above
Explanation: All of the above are good practices to avoid social engineering attacks.
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
