IS3340 CHAPTER 1

Question 1

A management action, written policy, procedure, guideline, regulation, law, or rule of any kind is called ___?

Answer 1

ADMINISTRATIVE CONTROL

Question 2

Availability, Integrity, Confidentiality – goals of information security is called ___?

Answer 2

A-I-C TRIAD

Question 3

Any person or program that attempts to interact with a computer information system in an unauthorized manner is called ___?

Answer 3

ATTACKER

Question 4

Any person or program that possesses permission to access a resource is called ___?

Answer 4

AUTHORIZED USER

Question 5

The assurance that requested information is available to authorized uses upon request is called?

Answer 5

AVAILABILITY

Question 6

A collection of computer and network devices connected to one or more networks, generally for the purpose of fulfilling business functions is called ___?

Answer 6

COMPUTER ENVIRONMENT

Question 7

The assurance that information can only be accessed and viewed by authorized users is called ___?

Answer 7

CONFIDENTIALITY

Question 8

A control that repairs the effects of damage from an attack. This includes virus removal procedures, firewall table updates, and user authorization database updates and is called ___?

Answer 8

CORRECTIVE CONTROL

Question 9

A security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource is called ___?

Answer 9

DEFENSE IN DEPTH

Question 10

A control that detects when an action has occurred. This includes smoke detectors, log monitors, and system audits and is called ___?

Answer 10

DETECTIVE CONTROL

Question 11

An agreement between the software producer and the end user. It addresses issues regarding approved use and liability. This is called ___?

Answer 11

END USER LICENSE AGREEMENT (EULA)

Question 12

The practice of ensuring electronic information is safe from unauthorized use and accessible for authorized use is called ___?

Answer 12

INFORMATION SYSTEMS SECURITY

Question 13

The assurance that information can be modified only by authorized users is called ___?

Answer 13

INTEGRITY

Question 14

An alternate term for technical control is called ___?

Answer 14

LOGICAL CONTROL

Question 15

Software that is designed to infiltrate a target computer and make it do something the attacker has instructed it to do is called ___?

Answer 15

MALICIOUS SOFTWARE

Question 16

A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher is called ___?

Answer 16

PHYSICAL CONTROL

Question 17

A control that stops an action before it occurs and includes locked doors, firewall rules, and user passwords is called ___?

Answer 17

PREVENTATIVE CONTROL

Question 18

Any exposure to a threat is called a ___?

Answer 18

RISK

Question 19

A mechanism used to protect information and related assets is called ___?

Answer 19

SECURITY CONTROL

Question 20

A device or process that limits access to a resource. Examples would be user authentication, antivirus software, and firewalls. This is called ___?

Answer 20

TECHNICAL CONTROL

Question 21

Any action that could lead to damage or loss is called ___?

Answer 21

THREAT

Question 22

Any person or program that does not possess permission to access a resource is called ___?

Answer 22

UNAUTHORIZED USER

Question 23

Any weakness that could allow a threat to be realized is called ___?

Answer 23

VULNERABILITY

Question 24

Standalone malicious software programs that actively transmit themselves, generally over networks, to infect other computers is called ___?

Answer 24

WORMS

Question 25

1. Which of the following is the best description of the defense in depth strategy? 1. Hiding protected resources behind multiple firewalls 2. Using multiple layers of security controls to protect resources 3. Fully securing the most important resources first 4. Staying current on as many known attacks as possible

Answer 25

Using multiple layers of security controls to protect resources

Question 26

2. What is the main goal of information security ? 1. Protect information from unauthorized use 2. Catch as many unauthorized uses as possible 3. Protect information from unauthorized modification 4. Stop anonymous users from accessing information

Answer 26

Protect information from unauthorized use

Question 27

3. Does turning off a computer make the information it contains secure? 1. Yes, because no unauthorized user can access information on a computer that is turned off 2. No, because the information might be copied somewhere else 3. Yes, because aggressive actions always result in more secure systems 4. No, because secure data must still be available to authorized users

Answer 27

No, because secure data must still be available to authorized users

Question 28

4. Which of the following is the best description of a security control? 1. A mechanism to stop attacks before they occur 2. A rule that defines acceptable use of a computer 3. A mechanism that protects a resource 4. A device that detects unusual activity

Answer 28

A mechanism that protects a resource

Question 29

5. Which of the following could be classified as a logical control? 1. Firewall 2. Fence 3. Acceptable use policy 4. Smoke detector

Answer 29

Firewall

Question 30

6. Which of the following could be classified as a detective control? 1. Password 2. Door 3. Acceptable use policy 4. Log monitor

Answer 30

Log monitor

Question 31

7. Which of the tenets of information security must directly serves the needs of authorized users? 1. Availability 2. Integrity 3. Confidentiality 4. None of the above

Answer 31

Availability

Question 32

8. Which of the tenets of information security is most related to the "need to know" property? 1. Availability 2. Integrity 3. Confidentiality 4. None of the above

Answer 32

Confidentiality

Question 33

9. Where is the most likely place a database management system would run? 1. Network device 2. Server 3. Thin client 4. Thick client

Answer 33

Server

Question 34

10. Which Microsoft Windows Server 2008 R2 edition would be most appropriate for large-scale deployment using extensive virtualization? 1. Datacenter 2. HPC 3. Enterprise 4. Web

Answer 34

Datacenter

Question 35

11. According to the Microsoft EULA, what is the extent of the damages that can be recovered due to a Windows fault? 1. Nothing 2. The price paid for the software license 3. Actual damages incurred 4. Actual damages incurred plus the cost of the software license

Answer 35

The price paid for the software license

Question 36

12. Which of the following is the best definition of a threat? 1. Any exposure to damage 2. A weakness that allow damage to occur 3. An action that exploits a weakness 4. Any action that could lead to damage

Answer 36

Any action that could lead to damage

Question 37

13. What worm was released in 2001 and primarily defaced Web sites? 1. SQL Slammer 2. Conficker 3. Code Red 4. Melissa

Answer 37

Code Red

Question 38

14. What term describes a malicious software program that users are tricked into running? 1. Trojan horse 2. Worm 3. Virus 4. Phishing message

Answer 38

Trojan horse

Question 39

15. Which of the following defines the cycle used to address Window threats and vulnerabilities? 1. Plan-do-review 2. Discovery-analyze-remediation 3. Design-implementation-verificatoin 4. Detection-containment-eradication

Answer 39

Discovery-analyze-remediation