Inf Sec - Imp Q

Question 1

Information warranting protection must be appropriately

Answer 1

Identified and Marked

Question 2

The a)__________ of the information typically determines the b)________

Answer 2

a)Originator
b)Classification Level

Question 3

An employees access should be based on his or her current ________ and need to know, not solely on position

Answer 3

Job function

Question 4

____________ models and test items should be destroyed so they cannot be reversed engineered

Answer 4

Obsolete prototype

Question 5

___________ developed in military to protect unclassified information that could reveal sensitive plan

Answer 5

Operations Security (OPSEC)

Question 6

Privacy protected information is specifically regulated by the _____________

Answer 6

Health Insurance Portability and Accountability Act (HIPAA)

Question 7

______ property right granted to an inventor to exclude others from making, using or selling the invention for a limited time

Answer 7

Patent

Question 8

________ words, names, symbols, devices or images applied to products or used to identity their source

Answer 8

Trademark

Question 9

________ is used to protect the expression of ideas in literary, artistic and musical works

Answer 9

Copyright

Question 10

The best way to start addressing infringement of patents, copyrights, and trademarks is to

Answer 10

Register those rights

Question 11

Under _________ law copyrights do not have to be registered to be protected

Answer 11

International Law

Question 12

When doing business outside the organizations home country, the best weapon is

Answer 12

Prevention

Question 13

A patent last only

Answer 13

20 years

Question 14

Patents convey a range of benefits but require the inventor to disclose the

Answer 14

Inventions elements

Question 15

Sanitizing information systems and media : _____________________ before the medium is reused

Answer 15

Removing data on a storage medium

Question 16

The key steps to take after information loss

Answer 16

Investigation
Damage Assessment
Recovery &
Follow up

Question 17

The use of information systems to commit crime (Human challenge : Failure of imagination)

Answer 17

Cybercrime

Question 18

_____ is a type of malware, data stealing Trojan Horse Program

Answer 18

Zeus

Question 19

Software applications that run automated taksts

Answer 19

Bots

Question 20

Customer lists, pricing information, cost structure, strategic plan or proprietary processes

Answer 20

Intellectual property

Question 21

Using Corporate resources effectively to protect sensitive information and systems is a key objectives of

Answer 21

ISS Program

Question 22

Who is responsible for defining who needs access to what information

Answer 22

Information Owners

Question 23

Attacks that are harder to detect and harder to defend against a weapon of mass disruption

Answer 23

Cyber Attack

Question 24

What is one of the most serious economic and national security challenges we face as a nation

Answer 24

Cyber Threat

Question 25

Devices may be divided into two types of systems

Answer 25

Embedded
Host Based

Question 26

Embedded Systems

Answer 26

Also know as special systems are typically programmed at the manufacturer and run proprietary or nonstandard operating system

Question 27

Host Based systems

Answer 27

Run on more standard operating systems, typically a windows or Linux operating system

Question 28

What can give complete control over door. Success/failure of organization may depend on security professional’s actions

Answer 28

Gecko

Question 29

The objective of an organizations information systems security program is to a) _________ and b) ___________ manage the risk that critical organizational information could c)________ d)__________ or e) _________

Answer 29

a) Prudently
b) Cost effectively
c) Be Compromised
d) Be changed without authorization
e) Become Unavailable

Question 30

The security professional strives to protect informations

Answer 30

Confidentiality
Integrity
Availability

(Also called CIA)

Question 31

Residual risk

Answer 31

Threats * Vulnerability’s / Countermeasures

Question 32

In business who is responsible for information security

Answer 32

Everyone

Question 33

Almost all modern communications via computer follow a model called the

Answer 33

Open Systems Interconnect (OSI)

Question 34

AAA Triad

Answer 34

Authentication
Authorization
Auditing/Accountability

Question 35

Tool for maintaining integrity which shows whether data has been tampered with

Answer 35

Cyclical Redundancy Check (CRC)

Question 36

The oldest form of communications that connects to a computer network

Answer 36

The Printer

Question 37

Protects Credit Card Information

Answer 37

The payment card industry data security standard

Question 38

Sarbnenes-Oxleyn Act

Answer 38

Sox requires the management of a public company to assess the effectiveness of the company’s internal control over financial reporting

Question 39

Red Queen Effect

Answer 39

Organizations information systems management program must be continually improved

Question 40

Convergence

Answer 40

The integration in a formal, collaborative and strategic manner, of the cumulative security resources of the organization in order to deliver enterprise wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency and cost savings

Question 41

ISS principles center on three basis elements

Answer 41

Confidentiality
Integrity
Availability

called the CIA triad

Question 42

Someone convinces a user to share his credentials to get on the network

Answer 42

Social Engineering

Question 43

Malware

Answer 43

Someone attack a systems by installing software on it, either with the users knowledge (usually hidden in other software or email) or automatically without the users knowledge

Question 44

Malware

Answer 44

One of the most insidious mechanism hackers use today to attack systems is malware.

Question 45

Malware types and used for

Answer 45

Viruses, Worms, Spyware, Rootkits, Trojan Horses and it is designed to give the cybercriminal or hacker control of the computer on which it is installed

Question 46

Why is web attack dangerous

Answer 46

Because it can defeat almost every control

Question 47

Physical Security professionals mitigate risk via

Answer 47

Policies
References
Frameworks

Question 48

ISS professionals mitigate risk through

Answer 48

Information Security Management System (ISMS) such as that described in ISO 27001

Question 49

The first job of the individual charged with an organizations ISS is to

Answer 49

Create an ISMS appropriate for the size of the organization

Question 50

Who must support the organizations ISS culture

Answer 50

Senior Management

Question 51

A notable practice in ISS is

Answer 51

Clock Synchronization. This is typically done with a protocol called Network Time Protocol (NTP and it allows for all systems on a network to have the same time)