Week one

Question 1

A process for testing skills and knowledge; successful completion of a certification exam results in an endorsement by the certifying authority that an individual is capable of performing particular tasks or jobs.

Answer 1

Certification

Question 2

A set of interrelated components that work together to support fundamental business operations, data reporting and visualization, data analysis, decision making, communications, and coordination within an organization.

Answer 2

Information system

Question 3

A set of steps that need to be followed to achieve a specific end result, such as entering a customer order, paying a supplier invoice, or requesting a current inventory report.

Answer 3

Procedure

Question 4

A structured set of related activities that takes input, adds value, and creates an output for the customer of that process.

Answer 4

process

Question 5

A series (or chain) of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased.

Answer 5

value chain

Question 6

Software that should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses.

Answer 6

antivirus software

Question 7

The process of verifying your identity using your physiological measurements (fingerprint, shape of your face, shape of your hand, vein pattern, your iris, or retina) or behavioral measurements (voice recognition, gait, gesture, or other unique behaviors).

Answer 7

biometric authentication

Question 8

A document that includes an organization’s disaster recovery plan, occupant emergency evacuation plan, continuity of operations plan, and incident management plan.

Answer 8

business continuity plan

Question 9

A security concept based on confidentiality, integrity, and availability

Answer 9

CIA security triad

Question 10

The unintended release of sensitive data or the access of sensitive data by unauthorized individuals.

Answer 10

data breach

Question 11

A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.

Answer 11

Department of Homeland Security

Question 12

A cyberattack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

Answer 12

distributed denial-of-service (DDoS) attack

Question 13

An attack on an information system that takes advantage of a particular system vulnerability.

Answer 13

exploit

Question 14

A backup approach that occurs when a key component is no longer functioning. Applications and other programs are automatically switched over to a redundant server, network, or database to prevent an interruption of service.

Answer 14

failover

Question 15

The recognition that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

Answer 15

reasonable assurance

Question 16

A process that enables the organization to identify its potential threats, establish a benchmark of where it is, determine where it needs to be, and develop a plan to meet those needs.

Answer 16

security audit

Question 17

An attack that takes place before the security community becomes aware of and fixes a security vulnerability.

Answer 17

zero-day attack

Question 18

Which professional often specializes in a particular functional area?

Answer 18

Business analyst

Question 19

True or False:

True or False: The role of the chief information officer (CIO) is to employ an IS department’s equipment and personnel to help the organization attain its goals.

Answer 19

True

Question 20

Which professional designs and maintains Web sites, including site layout and function, to meet the client’s requirements?

Answer 20

Web developer

Question 21

Which term is used to describe the information systems and solutions built and deployed by departments other than the information systems department?

Answer 21

Shadow IT

Question 22

Which term refers to an attack that takes place before the security community becomes aware of and fixes a security vulnerability?

Answer 22

Zero-day attack

Question 23

Which term describes a large group of computers that are controlled from one or more remote locations by hackers without the knowledge or consent of their legitimate owners?

Answer 23

Botnet

Question 24

Which term refers to the deployment of malware that secretly steals data in the computer systems of organizations?

Answer 24

Cyberespionage

Question 25

Which term refers to the unintended release of sensitive data or the access of sensitive data by unauthorized individuals, often resulting in identify theft?

Answer 25

Data breach

Question 26

Which type of information system supports teamwork and enables people to work together effectively, whether team members are in the same location or dispersed around the world?

Answer 26

Workgroup information system

Question 27

# True or False: An enterprise system is a model that states an organization’s information systems operate within a context of people, technology infrastructure, processes, and structure The technology infrastructure forms the foundation of every computer-based information system.

Answer 27

False

Question 28

# True or False: Computer intelligence is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

Answer 28

False

Question 29

# True or False: True or False: Shadow IT is a definition of the relationships among the members of an organization including their roles, responsibilities, and lines of authority necessary to complete various activities.

Answer 29

False

Question 30

Which type of information system enables the sharing of information across organizational boundaries?

Answer 30

Interorganizational IS

Question 31

# True or False: Integrity refers to the assurance that data can be accessed when and where needed, including during times of disaster recovery operations.

Answer 31

False

Question 32

# True or False: Computer forensics is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

Answer 32

True

Question 33

# True or False: Cyberterrorism is the deployment of malware that secretly steals data in the computer systems of organizations.

Answer 33

False

Question 34

# True or False: Strategic planning is a process that helps managers identify initiatives and projects that will achieve organizational objectives.

Answer 34

True

Question 35

# True or False: In a security incident, the primary goal must be to regain control and limit damage, not to attempt to monitor or catch an intruder.

Answer 35

True

Question 36

# True or False: Enterprise information systems are also known as collaborative systems.

Answer 36

False

Question 37

# True or False: BYOD is a business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications.

Answer 37

True

Question 38

Electronic data interchange (EDI) is an example of which type of information system?

Answer 38

Interorganizational IS

Question 39

# True or False: Symmetric encryption algorithms use the same key for both encryption and decryption.

Answer 39

True

Question 40

# True or False: A security policy outlines how to achieve an organization’s strategic initiatives.

Answer 40

False

Question 41

# True or False: The supply chain is a key value chain whose primary processes include inbound logistics, operations, outbound logistics, marketing and sales, and service.

Answer 41

True

Question 42

# True or False: Structure is used to define the information systems and solutions built and deployed by departments other than the information systems department. In many cases, the information systems department may not even be aware of these efforts infrastructure forms the foundation of every computer-based information system.

Answer 42

False

Question 43

# True or False: Cyberespionage is the intimidation of a government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals.

Answer 43

False

Question 44

# True or False: An encryption key is the process of scrambling messages or data in such a way that only authorized parties can read it.

Answer 44

False

Question 45

# True or False: The technology infrastructure forms the foundation of every computer-based information system.

Answer 45

True

Question 46

Which three terms are referenced in the CIA security triad?

Answer 46

Confidentiality, integrity, and availability

Question 47

Which term describes an organizational change model that organizations use to introduce new systems into the workplace in a manner that lowers stress, encourages teamwork, and increases the probability of a successful implementation?

Answer 47

Leavitt’s Diamond

Question 48

Which term refers to software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment?

Answer 48

Intrusion detection system (IDS)

Question 49

Which term refers to an organization’s business processes that are essential to continued operations and goal attainment within the organization?

Answer 49

Mission critical processes

Question 50

Which term refers to the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats?

Answer 50

Risk assessment planning

Question 51

Which term describes a set of interrelated components that work together to support fundamental business operations, data reporting and visualization, data analysis, decision making, communications, and coordination within an organization?

Answer 51

Information system

Question 52

Which term describes a series of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased?

Answer 52

Value chain

Question 53

Which term refers to a system of software, hardware, or a combination of both that stands guard between an organization’s internal network and the Internet, and limits network access based on the organization’s access policy?

Answer 53

Firewall

Question 54

Which term describes a structured set of related activities that takes input, adds value, and creates an output for the customer of that process?

Answer 54

Process

Question 55

Which term describes a definition of the relationships among the members of an organization including their roles, responsibilities, and lines of authority necessary to complete various activities?

Answer 55

Structure