bjduguid
Quiz by , created more than 1 year ago

Quiz on IFMG 300 |Chapter 12, created by bjduguid on 04/11/2015.

11
0
0
bjduguid
Created by bjduguid about 9 years ago
Close

IFMG 300 |Chapter 12

Question 1 of 37

1

Information security is made up of

Select one or more of the following:

  • threats

  • vulnerabilities

  • safeguards

  • targets

Explanation

Question 2 of 37

1

Threats can be human or man-made.

Select one of the following:

  • True
  • False

Explanation

Question 3 of 37

1

Common crimes that results in unauthorized data disclosure are

Select one or more of the following:

  • pretexting

  • phishing

  • spoofing

  • sniffing

  • hacking

Explanation

Question 4 of 37

1

Spoofing involves altering header information, etc. to cause the recipient to trust an email they otherwise would not.

Select one of the following:

  • True
  • False

Explanation

Question 5 of 37

1

Data can be changed or lost during a natural disaster due to problems recovering data.

Select one of the following:

  • True
  • False

Explanation

Question 6 of 37

1

the two common types of spoofing are

Select one or more of the following:

  • email

  • IP

Explanation

Question 7 of 37

1

Incorrect data modification can be caused by

Select one or more of the following:

  • procedures not followed or incorrectly designed

  • improper internal controls on systems

  • system errors

  • faulty recovery actions after a disaster

Explanation

Question 8 of 37

1

Reasons a service can become faulty are

Select one or more of the following:

  • incorrect data modification

  • systems working incorrectly

  • procedural mistakes

  • programming errors

  • IT installation errors

  • Usurpation

  • denial of service (unintentional)

  • denial of service (intentional)

Explanation

Question 9 of 37

1

Fill the blank space to complete the text.

DDOS stands for

Explanation

Question 10 of 37

1

Loss of infrastructure can be caused by

Select one or more of the following:

  • human accidents

  • theft and terrorist events

  • a disgruntled or terminated employee

  • natural disaster

  • Advanced Persistent Threat (APT) or cyberwarfare

Explanation

Question 11 of 37

1

Fill the blank space to complete the text.

APT stands for

Explanation

Question 12 of 37

1

Data theft is most serious in large companies.

Select one of the following:

  • True
  • False

Explanation

Question 13 of 37

1

The four most common computer crimes in 2011 were

Select one or more of the following:

  • criminal activity against servers

  • viruses

  • code insertion

  • data loss on a user computer

Explanation

Question 14 of 37

1

Malware infection remains the most common type of attack experienced

Select one of the following:

  • True
  • False

Explanation

Question 15 of 37

1

Insider abuse of internet or email remains very high

Select one of the following:

  • True
  • False

Explanation

Question 16 of 37

1

Fill the blank space to complete the text.

IDS stands for

Explanation

Question 17 of 37

1

The number one rule in data privacy is "don't collect what you don't absolutely need"

Select one of the following:

  • True
  • False

Explanation

Question 18 of 37

1

A security policy must contain

Select one or more of the following:

  • what sensitive data may be stored

  • how sensitive data will be processed

  • what data can be shared with other organizations

  • how employees and others can obtain data about themselves

  • how employees and others can request changes to inaccurate data about themselves

  • What employees can do with their own mobile devices at work

  • what non-organizational activities an employee can take with employee-owned equipment

Explanation

Question 19 of 37

1

The five IS components are

Select one or more of the following:

  • hardware

  • software

  • data

  • procedures

  • people

Explanation

Question 20 of 37

1

Technical safeguards to involve hardware and software and include

Select one or more of the following:

  • identification and authorization

  • encryption

  • firewalls

  • malware protection

  • application design

Explanation

Question 21 of 37

1

Data safeguards includes

Select one or more of the following:

  • the definition of data rights and responsibilities

  • passwords

  • encryption

  • backup and recovery

  • physical security

Explanation

Question 22 of 37

1

Human safeguards involving procedures and people include

Select one or more of the following:

  • hiring practices

  • training

  • education

  • procedure design

  • administration

  • assessment

  • compliance

  • accountability

Explanation

Question 23 of 37

1

Identification and authentication are most often performed using a userid/password pair

Select one of the following:

  • True
  • False

Explanation

Question 24 of 37

1

Malware includes viruses, trojans, spyware, adware, keystroke loggers, erc.

Select one of the following:

  • True
  • False

Explanation

Question 25 of 37

1

SSL uses asymmetric encryption

Select one of the following:

  • True
  • False

Explanation

Question 26 of 37

1

Fill the blank space to complete the text.

SSL stands for

Explanation

Question 27 of 37

1

Fill the blank space to complete the text.

DMZ stands for

Explanation

Question 28 of 37

1

A common network design has servers exposed to the internet located between two firewalls in the DMZ.

Select one of the following:

  • True
  • False

Explanation

Question 29 of 37

1

Safeguards against malware include

Select one or more of the following:

  • using antivirus and antispyware programs

  • performing frequent scans

  • update malware definitions frequently

  • open email from known sources only

  • install software updates ASAP

  • browse only reputable internet neighbourhoods

Explanation

Question 30 of 37

1

SQL injection is the most common cause of data disclosure

Select one of the following:

  • True
  • False

Explanation

Question 31 of 37

1

SQL injections are successful when forms are poorly designed

Select one of the following:

  • True
  • False

Explanation

Question 32 of 37

1

Human safeguards to protect against security threats include

Select one or more of the following:

  • separation of duties

  • providing access based on concept of least privilege

  • classify data based on confidentiality and sensitivity

  • thorough hiring and screening practices

  • security awareness programs

  • friendly termination procedures

Explanation

Question 33 of 37

1

Security threats can be reduced through account administration by

Select one or more of the following:

  • having standards for account administration which include rules for modifying permissions and deletion of inactive accounts

  • requiring passwords be changed regularly

  • Help Desk policies regarding password resets etc.

Explanation

Question 34 of 37

1

All employees should be required to sign an access agreement form which states that they will follow company policies

Select one of the following:

  • True
  • False

Explanation

Question 35 of 37

1

Response plans for security incidents must be in place, just like disaster plans

Select one of the following:

  • True
  • False

Explanation

Question 36 of 37

1

A speedy response to any suspected security incident is essential

Select one of the following:

  • True
  • False

Explanation

Question 37 of 37

1

An Advanced Persistent Threat involves a multi-step attack usually targeted at a large business or government.

Select one of the following:

  • True
  • False

Explanation