Information Systems Security Test 1 (Ch1 – ch6)

Which term describes any action that could damage an asset?

Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?

Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?

Which one of the following is typically used during the identification phase of a remote access connection?

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Which element of the security policy framework offers suggestions rather than mandatory actions?

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?

Which classification level is the highest level used by the U.S. federal government?

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?

Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?

Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that gwen should implement before accepting credit card transactions?

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?

From a security perspective, which should organizations expect will occur as they become more dependent upon the internet of Things (IoT)?

Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet?

Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States?

With the use of Mobile IP, which device is response for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?

Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate?

Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?

Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for counties?

In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?

Which tool can capture the packets transmitted between systems over a network

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

Which term describes that can damage or compromise an asset?

Which one of the following is an example of a disclosure threat?

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

In which type of attack does the attacker attempt to take over an existing connection between two systems?

Which group is the most likely targeted of a social engineering attack?

What type of malicious software masquerades as legitimate software to entice the user to ruin it?

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Which formula is typically used to describe the components of information security risks?

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

Which one of the following is an example of a direct cost that might result from a business disruption?

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

What is NOT one of the three tenets of information security?

What compliance regulation applies specifically to the educational records maintained by schools about students?

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

Which one of the following is an example of a logical access control?

During which phase of the access control process does the system answer the question,"What can the requestor access?"

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?

Which of the following is an example of a hardware security control?

Which security model does NOT protect the integrity of information?

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

What is NOT a goal of information security awareness programs?

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Which activity manages the baseline settings for a system or device?

What is the correct order of steps in the change control process?

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?