Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Controls > Exam 1 > Flashcards

Exam 1 Flashcards

1
Q

The __________ has primary responsibility for the assessment, management and implementation of information security in the organization? (Single Choice)
* Board Chairperson
* CISO
* CIO
* CFO

A
  • CISO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow which approach? (Single Choice)*
* Executive-led
* Trickle-down
* Top-down
* Bottom-up

A
  • Top-down
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The person responsible for the storage, maintenance, and protection of information is the data custodian? (Single Choice)*
* True
* False

A
  • True
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Information about a person’s history, background, and attributes that can be used to commit identify theft is called? (Single Choice)*
* Enhanced credentials
* Passwords
* Authenticity
* Personal Identifiable Information

A
  • Personal Identifiable Information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A potential weakness in an asset or its defensive control systems is a _______? (Single Choice)*
* Vulnerability
* Threat Agent
* Exploit
* Countermeasure

A
  • Vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The C.I.A Triad industry standard for computer security has all of the following characteristics except? (Single Choice)*
* Confidentiality
* Integrity
* Shareability
* Availability

A
  • Shareability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Passwords should only be shared with trusted people and the IT Security Department? (Single Choice)*
* True
* False

A
  • False
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Email is the most private form of communication and it is safe to use with personal information? (Single Choice)*
* True
* False

A
  • False
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Everyone has responsibility to protect company confidential and sensitive information? (Single Choice)*
* True
* False

A
  • True
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following could be considered highly desirable trophies for corporate espionage? (Multiple Choice)*
* Customer information
* Intellectual property (IP)
* Financial results
* Elon Musk flight details
* All of the above

A
  • All of the above
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Information security performs all of the following functions for an organization except? (Single Choice)*
* Safeguards the organization’s technology assets
* Protects the organization’s ability to function
* Protects the data and information the organization collects and uses whether physical or electronic
* Provides for the broad and easy access of an organization’s intellectual property among companies in the same industry

A
  • Provides for the broad and easy access of an organization’s intellectual property among companies in the same industry
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Service level agreements (SLA) are considered optional in most cases when an organization engages a third party for cloud computing services or other outsourced services? (Single Choice)*
* True
* False

A
  • False
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following would be considered an attack and penetration tester? (Single Choice)*
* An expert hacker with bad intentions
* A packet monkey focused on denial of service mischief
* An information security professional with authorization to compromise a system seeking vulnerabilities
* A foreign national focused on industrial espionage

A
  • An information security professional with authorization to compromise a system seeking vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A hacker would typically attempt to attain the following in order to gain advanced access and control over the compromised system? (Single Choice)*
* Privilege escalation
* Zombie control
* A man in the middle attack
* Identity of the CEO through social media

A
  • Privilege escalation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The following form of social engineering attempts to direct a target to provide personal or confidential information? (Single Choice)*
* Ransomware
* Phishing
* Adware
* Worm

A
  • Phishing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A zero-day attack makes use of malware that is not yet known by the anti-virus software companies? (Single Choice)*
* True
* False

A
  • True
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Using a known or previously installed access mechanism is known as which of the following? (Single Choice)*
* Hidden bomb
* Vector
* Back Door
* Spoof

A
  • Back Door
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A hacker will typically utilize IP spoofing to install a _________to monitor data traveling over a network? (Single Choice)*
* Packet sniffer
* Mail bomb
* Integer bug
* Denial of service attack

A
  • Packet sniffer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Pretexting to gain confidential information is no longer considered a viable threat as the human element is considered the strongest link in the security chain? (Single Choice)*
* True
* False

A
  • False
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The following is often a main trophy for corporate espionage? (Single Choice)*
* Key products
* Names of Board members
* SEC reports
* Intellectual property (IP)

A
  • Intellectual property (IP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

According to the text and the information security governance roles and responsibilities graphic, who is responsible for policy implementation, reporting security vulnerabilities, and breaches? (Single Choice)*
* Chief Executive Officer
* Mid-level managers
* Janitorial staff
* Enterprise staff/employees

A
  • Enterprise staff/employees
22
Q

The ________ process entails the review and assessment of organizational information security performance toward goals and objectives by the governing body? (Single Choice)*
* evaluate
* direct
* monitor
* assure

A
  • monitor
23
Q

Strategic planning sets the long-term direction to be taken by the organization and each of its component parts. It should also guide organizational efforts and focus resources toward specific, clearly defined goals? (Single Choice)*
* True
* False

A
  • True
24
Q

Which of the following terms best describes a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls? (Single Choice)*
* blueprint
* the NIST handbook
* Information security framework
* security plan

A
  • Information security framework
25
Q

As indicated earlier, one of the foundations of security architectures is the requirement to implement security in layers. This layered approach is referred to as which of the following? (Single Choice)*
* framework
* security perimeter
* security domain
* defense in depth

A
  • defense in depth
26
Q

Which of the following defines the edge between the outer limit of an organization’s security and the beginning of the outside world? (Single Choice)*
* framework
* security perimeter
* security domain
* defense in depth

A
  • security perimeter
27
Q

What type of planning occurs where the actions taken by management to specify the intermediate goals and objectives of the organization in order to obtain specified strategic goals are followed by estimates and schedules for the allocation of resources necessary to achieve those goals and objectives? (Single Choice)*
* strategic
* tactical
* operational
* financial

A
  • tactical
28
Q

In developing information security guidance, which is the hierarchy of development? (Single Choice)*
* policy, standards, guidelines, procedures
* policy, procedures, standards, guidelines
* standards, procedures, guidelines, policy
* practices, policy, standards, guidelines

A
  • policy, standards, guidelines, procedures
29
Q

Access control lists (ACL) are a unique form of what kind of policy? (Single Choice)*
* EISP
* ISSP
* GRC
* SysSP

A
  • SysSP
30
Q

SP 800-18, “Guide for Developing Security Plans for Federal Information Systems,” is considered the foundation for a comprehensive security blueprint and framework? (Single Choice)*
* True
* False

A
  • True
31
Q

Risk identification is performed within a larger process of identifying and justifying risk controls that is called which of the following? (Single Choice)*
* risk assessment
* risk management
* risk control
* risk tolerance

A
  • risk management
32
Q

The application of controls that reduce the risks to an organization’s information assets to an acceptable level is known as which of the following?? (Single Choice)*
* risk assessment
* risk management
* risk control
* risk identification

A
  • risk control
33
Q

For information security purposes, which of the following terms is used to describe the systems that use, store, and transmit information? (Single Choice)*
* inventory
* threats
* controls
* assets

A
  • assets
34
Q

The information technology community of interest must assist in risk management by configuring and operating information systems in a secure fashion? (Single Choice)*
* True
* False

A
  • True
35
Q

Which type of asset might a company take a zero-tolerance risk exposure posture? (Single Choice)*
* product lists
* research and development
* location addresses
* public analyst call recordings

A
  • research and development
36
Q

The process an organization uses to assign a risk rating or score to each information asset is a risk evaluation? (Single Choice)*
* True
* False

A
  • False
37
Q

The probability that a specific vulnerability within an organization will be the target of an attack is known as which of the following? (Single Choice)*
* probability
* manageability
* likelihood
* practicality

A
  • likelihood
38
Q

Which risk control strategy attempts to reduce the impact of a successful attack through planning and preparation? (Single Choice)*
* transference
* defense
* acceptance
* mitigation

A
  • mitigation
39
Q

Which risk control strategy attempts to shift residual risk to other assets, other processes, or other organizations? (Single Choice)*
* transference
* defense
* acceptance
* mitigation

A
  • transference
40
Q

Before deciding on a treatment strategy for a specific TVA triple, the organization should perform which of the following to determine the merits of the treatment? (Single Choice)*
* economic feasibility study
* threat assessment only
* risk appetite calculation
* asset valuation only

A
  • economic feasibility study
41
Q

What is the term called which represents the actions taken by management, specifically the organization’s efforts and actions if an adverse event becomes an incident or disaster? (Single Choice)*
* CSIRT plan (Computer Security Incident Response Team)
* contingency planning
* business continuity planning
* business process

A
  • contingency planning
42
Q

Providing customer billing as mentioned in the text is an example of what? (Single Choice)*
* potential incident that can occur in an organization
* additional resource detail
* mission/business process
* description and estimated cost

A
  • mission/business process
43
Q

Cloud-based provisioning can be both a potential continuity option for production systems and a mechanism to manage recovery from disrupted operations? (Single Choice)*
* True
* False

A
  • True
44
Q

In determining recovery criticality, which of the following is true? (Single Choice)*
* As disruption time increases, both cost to recover and cost of disruption go up
* As disruption time increases, both cost to recover and cost of disruption go down
* As disruption time increases, cost to recover goes up and cost of disruption goes down
* As disruption time increases, cost to recover goes down and cost of disruption goes up

A
  • As disruption time increases, cost to recover goes down and cost of disruption goes up
45
Q

In a ___________, the organization creates a role-playing exercise in which the CP (Contingency Planning) Team is presented with a scenario of an actual incident or disaster and is expected to react as if it had occurred? (Single Choice)*
* desk check
* simulation
* full-interruption test
* structured walk-through

A
  • simulation
46
Q

Which of the following is not a definite indicator of an incident? (Single Choice)*
* change to logs
* presence of hacker tools
* use of dormant accounts
* presence of unfamiliar files

A
  • presence of unfamiliar files
47
Q

Notification from an IDPS (Intrusion Detection and Prevention System) always indicates a definite incident is in progress since these tools are easy to configure and operate? (Single Choice)*
* True
* False

A
  • False
48
Q

Incidence response (IR) actions can be organized into three phases. Which of the following is not an IR phase? (Single Choice)*
* Detection
* Simulation
* Reaction/Response
* Recovery

A
  • Simulation
49
Q

A _______ is an investigation and assessment of adverse events that can affect the organization; it includes a determination of how critical a system or data are to the organization’s core processes and its recovery priorities? (Single Choice)*
* recovery time objective
* 3-2-1 back-up
* business impact analysis
* alert roster

A
  • business impact analysis
50
Q

As the text describes, the purpose of digital forensics is to preserve? (Single Choice)*
* evidentiary material (EM)
* database shadowing
* warm sites
* recovery criticality

A
  • evidentiary material (EM)

Controls (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions