ITEC 85 (SIR CAUREL)

Question 1

is an important
asset to every individual or
organization

Answer 1

Digital information

Question 2

it is a field the
process the safeguarding of the
integrity of data use by individuals or
organization

Answer 2

Information Assurance

Question 3

Prevents unwanted access to private
information

Answer 3

Information Security

Question 4

Development and implementation of
tools and technique for keeping data
safe.

Answer 4

Information Security

Question 5

Designing of defense mechanism
software

Answer 5

Information Security

Question 6

Information Security

Answer 6

Similarities of Information Assurance and
Security

Question 7

CNSS SECURITY MODEL

Answer 7

John McCumber called McCumber
Cube

Question 8

smartphone that fits a
pocket or large as a super computer

Answer 8

Computer Hardware-

Question 9

-peripherical devices, such as
keyboards, externals disk, drives and routes

Answer 9

Computer Hardware-

Question 10

let the hardware
knows what to do

Answer 10

2. Computer Software-

Question 11

-it sends signal task

Answer 11

2. Computer Software-

Question 12

– connects the
hardware together to form a network.

Answer 12

3. Telecommunication

Question 13

a network is a set of computers that
is connected wired or wireless.

Answer 13

3. Telecommunication

Question 14

-LAN & WAN

Answer 14

3. Telecommunication

Question 15

-component where the “material”
that the other component work with resides.
-place where data is collected and
from which it can be retrieved by QUERYING

Answer 15

4. Database and Database Warehouse

Question 16

• the final and possibly most
  important component of information system
  is the human element.
• people that are needed to run the
  system and the procedure

Answer 16

5. Human Resources and ProcedureS

Question 17

➢ Should result in a high-quality system
that meets customers expectations,
reaches completion within time and
cost evolutions and works.
(RDITDOM)
* Requirements
* Design
* Implementation
* Testing
* Deployment
* Operation
* MaintenancE

Answer 17

SYSTEM DEVELOPMENT LIFE CYCLE (SDLC)

Question 18

– Systematic approach which
explicitly breaks down the work into phase
that required to implement (PADIM

Answer 18

PHASE OD SDLC

Question 19

obtain approval of project
initiate, plan schedule

Answer 19

Planning:

Question 20

understand business needs
and processing needs

Answer 20

Analysis

Question 21

solution system based on
requirements and analysis decision

Answer 21

Design

Question 22

construct, test, train
users, install new system

Answer 22

Implementation

Question 23

: keep system healthy
and improve

Answer 23

Maintenance

Question 24

Is defined as the set of procedures
that are executed in a sequence in the
software development cycle (SDLC)

Answer 24

SECURITY SYSTEM DEVELOPMENT LIFE CYCLE

Question 25

process is
started by the officials/directives
working at the top-level management

Answer 25

1. System Investigation

Question 26

detailed
documentation analysis of the
documents form

Answer 26

2. System Analysis

Question 27

development of tools
and the following blueprints

Answer 27

3. Logical Design

Question 28

technical teams
acquire tool and blueprint

Answer 28

4. Physical Design

Question 29

carried out with the
help of various teams aggressively
testing

Answer 29

5. Implementation

Question 30

the security program
must be kept up to date

Answer 30

6. Maintenance-

Question 31

in layman’s term, is
digital assault on computer network.

Answer 31

cyberattack

Question 32

Is malicious
act that attempts to damage data,
steal data or destroy life in general

Answer 32

cyber threat

Question 33

include computer
viruses, data breathes and denial of
service

Answer 33

Cyber threats

Question 34

Here are 8 biggest threats of businesses.

Answer 34

1. Financial Issues
2. Laws And Regulation
3. Broad Economic Uncertainly
4. Attracting And Retaining Talent
5. Legal Liability
6. Cyber, Computer, Technology
   Risk/Data Breaches
7. Increasing Employee Benefits Cost
8. Medical Cost Inflation

Question 35

extortion of money in
exchange of files

Answer 35

1. Ransomware

Question 36

unauthorized access

Answer 36

2. Malware

Question 37

– to trick a user in
giving sensitive information

Answer 37

3. Social Engineering

Question 38

– sending fraudulent e-mails

Answer 38

4. Phishing

Question 39

encrypting
malware

Answer 39

5. Crypting Services

Question 40

• buying and selling
  malware on the Dark Web

Answer 40

6. Crimeware

Question 41

hackers control over the devicE

Answer 41

7. Remote Administration tools

Question 42

malwares that records
keyboard stroke

Answer 42

8. Keyloggers

Question 43

visiting a trusted site but
then get redirected to a malicious site

Answer 43

9. Exploit kits

Question 44

stolen data from a
user’s machine

Answer 44

10. Leaked data-

Question 45

implanted in bank
teller machine and PQS

Answer 45

11. Cards skimmers

Question 46

outdate systems
are vulnerable to attack.

Answer 46

12. Unpatched systems-

Question 47

• Security is very essentials because
  when a company ignores that it
  exposes itself to risk
• Huge amount of data can be stolen at
  anytime
• Few business don’t tale this seriously
  and end up with financial losses and
  bruised reputation

Answer 47

Security Software Development

Question 48

• continuous
  monitoring for vulnerabilities results
  in better applications quality and
  mitigation of business risk

Answer 48

1. Higher security

Question 49

early attention to
flows significantly reduces the effort
required to detect and fix them

Answer 49

2. Cost reduction

Question 50

encourages a
conscientious attitude towards security
- related laws and regulation.
Ignoring them may result in fines and
penalties, even if no sensitive data is
lost.

Answer 50

3. Regulatory compliance

Question 51

As _________ explains in
The Social Contract, or Principles of
Political Right, the rules the members
of a society create to balance the
individual rights to self-determination
against the needs of the society as a
whole are called laws.

Answer 51

Jean Jacques Rousseau

Question 52

These policies are guidelines that
describe acceptable and unacceptable
employee behaviors in the workplace,
function as organizational laws,
complete with penalties, judicial practices, and sanctions to require
compliance.

Answer 52

Organizational Liability and the Need for
Counsel

Question 53

The
organization must be able to demonstrate
that the relevant policy has been made readily
available for review by the employee.

Answer 53

Dissemination (distribution) –

Question 54

• The organization must be
  able to demonstrate that it disseminated the
  document in an intelligible form, including
  versions for illiterate, non-English reading,
  and reading-impaired employees.

Answer 54

Review (reading) -

Question 55

The
organization must be able to demonstrate
that the employee understood the
requirements and content of the policy

Answer 55

Comprehension (understanding) -

Question 56

The organization
must be able to demonstrate that the
employee agreed to comply with the policy
through act or affirmation

Answer 56

Compliance (agreement) -

Question 57

The organization must
be able to demonstrate that the policy has
been uniformly enforced, regardless of
employee status or assignment.

Answer 57

Uniform enforcement

Question 58

comprises a wide variety of
laws that govern a nation or state.

Answer 58

 Civil law

Question 59

addresses activities and
conduct harmful to society, and is
actively enforced by the state.

Answer 59

 Criminal law

Question 60

encompasses family law,
commercial law, and labor law, and
regulates the relationship between
individuals and organizations.

Answer 60

 Private law

Question 61

regulates the structure and
administration of government
agencies and their relationships with
citizens, employees, and other
governments.

Answer 61

 Public law

Question 62

is the cornerstone of
many computer-related federal laws
and enforcement efforts.

Answer 62

The Computer Fraud and Abuse Act of
1986 (CFA Act)

Question 63

Many organizations are collecting,
swapping, and selling personal information as
a commodity, and many people are looking to
governments for protection of their privacy.

Answer 63

Privacy -

Question 64

• The
  Privacy of Customer Information Section of
  the common carrier regulation states that any
  proprietary information shall be used
  explicitly for providing services,

Answer 64

Privacy of Customer Information

Question 65

The Federal Trade
Commission (FTC) describes identity theft as
“occurring when someone uses your
personally identifying information, like your
name without permission.

Answer 65

Identity Theft

Question 66

 It is important for IT professionals and
information security practitioners to
realize that when their organizations
do business on the Internet, they do
business globally.
 As a result, these professionals must
be sensitive to the laws and ethical
values of many different cultures,
societies, and countries.

Answer 66

INTERNATIONAL LAWS AND LEGAL BODIES

Question 67

 It created an international task force
to oversee a range of security
functions associated with Internet
activities for standardized technology
laws across international borders.
 Signed by 43 countries in Budapest,
November 2001.

Answer 67

Council of Europe Convention on Cybercrime

Question 68

The Agreement on Trade-Related
Aspects of Intellectual Property Rights
(TRIPS), created by the World Trade
Organization (WTO)

Answer 68

Agreement on Trade-Related Aspects of
Intellectual Property Rights

Question 69

 TRIPS establishes minimum standards
for the availability, scope, and use of
seven forms of intellectual property:

Answer 69

copyrights, trademarks, geographical
indications, industrial designs,
patents, layout designs for integrated
circuits, and undisclosed information

Question 70

is the American contribution
to an international effort by the
World Intellectual Properties
Organization (WIPO).

Answer 70

The Digital Millennium Copyright Act
(DMCA)

Question 71

is a federal law that is
designed to protect copyright holders
from online theft—that is, from the
unlawful reproduction or distribution
of their works. The DMCA covers
music, movies, text and anything that
is copyrighted.

Answer 71

The Digital Millennium Copyright Act
(DMCA)

Question 72

 Many Professional groups have
explicit rules governing ethical
behavior in the workplace.
 For example, doctors and lawyers
who commit egregious violations of
their professions’ canons of conduct
can be removed from practice.
 The information technology field in
general, and the information security
field in particular, do not have a
binding code of ethics.

Answer 72

ETHICS AND INFORMATION SECURITY

Question 73

_____ can make it
difficult to determine what is and is
not ethical—especially when it comes
to the use of computers

Answer 73

 Cultural differences

Question 74

 The topic of software license
infringement, or piracy, is routinely
covered by the popular press.
 Among study participants, attitudes
toward piracy were generally similar;
however, participants from the
United States and the Netherlands
showed statistically significant
differences in attitudes from the
overall group.

Answer 74

Software License Infringement

Question 75

 The study respondents unilaterally
condemned viruses, hacking, and
other forms of system abuse.

Answer 75

Illicit Use

Question 76

 The scenarios used to examine the
levels of tolerance for misuse of
corporate resources each presented a
different degree of noncompany use
of corporate assets without specifying
the company’s policy on personal use
of company resources.

Answer 76

Misuse of Corporate Resources

Question 77

There are three general causes of unethical
and illegal behavior:

Answer 77

Ignorance, Accident, Intent

Question 78

Ignorance of the law is no
excuse

Answer 78

Ignorance

Question 79

Careful planning and
control, helps prevent accidental
modification to systems and data

Answer 79

Accident:

Question 80

Criminal or unethical intent
goes to the state of mind of the
person performing the act

Answer 80

Intent

Question 81

Potential offenders
must fear the penalty. Threats of
informal reprimand may not have the
same impact as the threat of
imprisonment or forfeiture of pay.

Answer 81

Fear of penalty

Question 82

• Potential
  offenders must believe there is a
  strong possibility of being caught.
  Penalties will not deter illegal or
  unethical behavior unless there is
  reasonable fear of being caught.

Answer 82

Probability of being caught

Question 83

• Potential offenders
  must believe that the penalty will in
  fact be administered

Answer 83

Probability of penalty being
administered

Question 84

A number of professional
organizations have established codes
of conduct or codes of ethics that
members are expected to follow.
Codes of ethics can have a positive
effect on people’s judgment regarding
computer use

Answer 84

CODE OF ETHICS AND PROFESSIONAL
ORGANIZATION

Question 85

is a nonprofit organization that
focuses on the development and
implementation of information
security certifications and credentials

Answer 85

International Information
Systems Security Certification
Consortium, Inc. (ISC) (www.isc2.org)

Question 86

which was
founded in 1989, is a professional
research and education cooperative
organization with a current
membership of more than 156,000
security professionals, auditors,
system administrators, and network
administrators

Answer 86

System Administration,
Networking, and Security Institute
(SANS) (www.sans.org),

Question 87

is a
nonprofit society of information
security professionals.

Answer 87

The Information Systems Security
Association (ISSA) (www.issa.org)

Question 88

WHEN WAS THE System Administration,
Networking, and Security Institute
(SANS) (www.sans.org) FOUNDED

Answer 88

1989