Online Quiz 2 - Keamanan Sistem Informasi
Quiz Online ini adalah quiz kedua kuliah "Keamanan Sistem Informasi" di Jurusan Teknik Elektro FATEK UNSRAT Manado. Anda dapat mengikuti quiz 2 dengan memasukkan NIM anda (sebagai username) dan password yg sama seperti pada Quiz 1. Quiz 2 ini hanya akan aktif pada tanggal 15, 16 dan 17 Juni 2009. Setelah periode itu password akan diganti sehingga anda tidak bisa lagi mengikuti quiz ini. Jumlah pertanyaan dalam Quiz 2 ini adalah 20 nomor dan harus anda kerjakan dalam waktu maksimum 15 menit. Pada akhir Quiz, akan ditampilkan score total serta rasio benar-salah dari jawaban anda. Peserta yang mencapai score di atas 70% dinyatakan PASS (lulus) sedangkan yang tidak, dinyatakan FAIL (gagal). Hal-hal yang perlu menjadi perhatian anda antara lain: (1) Bekerjalah secara mandiri dan jangan minta bantuan orang lain. Kejujuran anda sangat kami hargai. (2) Jangan mengerjakan Quiz dengan mengambil NIM peserta lain, baik secara sengaja maupun tidak. Sekali lagi kejujuran anda sangat kami hargai demi kebaikan kita bersama.
Questions and Answers
- 1.
Berikut ini adalah alasan-alasan yg tepat untuk melakukan system monitoring secara berkala, kecuali:
- A.
Ditemukannya security hole yg baru
- B.
Terjadinya kesalahan konfigurasi
- C.
Penambahan software atau hardware baru
- D.
Kebutuhan baru pada sistem informasi
Correct Answer
D. Kebutuhan baru pada sistem informasiExplanation
System monitoring is important for various reasons such as identifying new security holes, detecting configuration errors, and managing the addition of new software or hardware. However, the need for new requirements in the information system may not directly correlate with the need for regular system monitoring. This answer suggests that the need for new requirements may not be a reason to perform system monitoring periodically.Rate this question:
-
- 2.
Sesi komunikasi di layer transport protokol TCP/IP selalu diawali dengan sebuah mekanisme yg disebut Three Way Handshake. Mekanisme ini dapat diekploitasi sebagai sebuah lubang keamanan dengan teknik Session Spoofing & Hijacking. Lubang keamanan ini termasuk kategori …
- A.
Salah desain (design flaw)
- B.
Salah implementasi
- C.
Salah konfigurasi
- D.
Salah penggunaan
Correct Answer
A. Salah desain (design flaw)Explanation
The correct answer is "Salah desain (design flaw)". This is because the question is discussing a security vulnerability in the Three Way Handshake mechanism in the transport layer of the TCP/IP protocol. The fact that this mechanism can be exploited for Session Spoofing & Hijacking indicates a flaw in the design of the protocol, rather than an issue with implementation, configuration, or usage.Rate this question:
-
- 3.
Pada tahun 1995, Thomas Lopatic menemukan sebuah lubang keamanan dalam sebuah program standar sistem operasi Unix bernama “Finger” yang dapat dieksploitasi dengan teknik buffer overflow. Lubang keamanan seperti ini masuk kategori …
- A.
Salah desain (design flaw)
- B.
Salah implementasi
- C.
Salah konfigurasi
- D.
Salah penggunaan
Correct Answer
B. Salah implementasiExplanation
The correct answer is "Salah implementasi" (Implementation error). This is because Thomas Lopatic discovered a security hole in the Unix operating system's "Finger" program, which could be exploited using buffer overflow technique. This indicates that there was an error or flaw in the way the program was implemented, leading to the security vulnerability.Rate this question:
-
- 4.
Untuk menghindari eksploitasi lubang keamanan dengan teknik Buffer Overflow, programmer harus melakukan ….
- A.
Corrupt array checking
- B.
Insufficient bound checking
- C.
String concatenation checking
- D.
Source code debugging
Correct Answer
B. Insufficient bound checkingExplanation
Insufficient bound checking refers to the practice of not properly validating the size or length of input data before storing it in a buffer. This can lead to buffer overflow vulnerabilities, where an attacker can overwrite adjacent memory locations and potentially execute malicious code. To avoid this, programmers need to ensure that they validate and limit the size of input data to prevent buffer overflows and potential exploitation.Rate this question:
-
- 5.
Adi secara tidak sengaja mengatur shared folder pribadinya dengan hak akses writeable bagi user publik, sehingga bisa diekploitasi misalnya dengan memasukkan file bervirus ke dalam folder tersebut. Lubang keamanan seperti ini masuk kategori …
- A.
Salah desain (design flaw)
- B.
Salah implementasi
- C.
Salah konfigurasi
- D.
Salah penggunaan
Correct Answer
C. Salah konfigurasiExplanation
Adi accidentally configured his shared folder with writeable access for public users, allowing them to exploit it by inserting virus-infected files into the folder. This security vulnerability falls under the category of "Salah konfigurasi" or "misconfiguration."Rate this question:
-
- 6.
Account root memiliki permission level yang paling tinggi dalam sistem operasi UNIX. Salah menggunakan perintah dengan menggunakan permission level ini sangat berbahaya dan dapat merusak sistem dalam sekejab. Lubang keamanan seperti ini masuk kategori …
- A.
Salah desain (design flaw)
- B.
Salah implementasi
- C.
Salah konfigurasi
- D.
Salah penggunaan
Correct Answer
D. Salah penggunaanExplanation
The given question is asking for the category that the security vulnerability falls into when someone misuses the root account's permission level in the UNIX operating system. The correct answer is "Salah penggunaan" which translates to "Misuse" in English. This means that the vulnerability is caused by the incorrect or dangerous use of the root account, which can potentially damage the system.Rate this question:
-
- 7.
Kesenjangan antara kondisi level keamanan aktual dengan level keamanan yang diinginkan (ideal) disebut ….
- A.
Security problem
- B.
Security gap
- C.
Security assessment
- D.
Security flaw
Correct Answer
B. Security gapExplanation
The term "security gap" refers to the difference or distance between the actual level of security and the desired or ideal level of security. It suggests that there is a disparity or deficiency in the current security measures that need to be addressed in order to achieve the desired level of security. This term is commonly used in the context of evaluating and improving security systems and protocols.Rate this question:
-
- 8.
Tujuan dari evaluasi keamanan adalah … antara level keamanan saat ini dan level keamanan yg diinginkan.
- A.
Mengidentifikasi security gap
- B.
Memperkecil security gap
- C.
Menjaga agar tetap pada level yg sesuai, security gap
- D.
Memperbaiki security gap
Correct Answer
A. Mengidentifikasi security gapExplanation
The correct answer is "Mengidentifikasi security gap." The purpose of security evaluation is to identify any gaps or vulnerabilities in the current security level and compare it with the desired security level. This helps in identifying any weaknesses or areas that need improvement in order to enhance the overall security measures.Rate this question:
-
- 9.
Menjaga agar security gap berada pada tingkatan yg adequate (memadai, sesuai) adalah tugas dari ....
- A.
Security assessment
- B.
Security policy
- C.
Security mechanism
- D.
Security audit
Correct Answer
C. Security mechanismExplanation
A security mechanism refers to the various tools, techniques, and protocols implemented to protect an organization's systems and data from potential threats. It is responsible for safeguarding against security gaps or vulnerabilities by providing controls and countermeasures. While security assessments, policies, and audits play important roles in maintaining security, it is the security mechanism that actively defends against potential breaches and ensures that the security gap remains at an adequate level.Rate this question:
-
- 10.
"Whois” adalah salah satu alat VA yang termasuk dalam tahapan ….
- A.
Information gathering and discovery
- B.
Enumeration
- C.
Detection
- D.
Recovery
Correct Answer
A. Information gathering and discoveryExplanation
"Whois" is a tool used for gathering information about domain names, IP addresses, and other related information. It helps in discovering the ownership and contact details of a particular website or IP address. Therefore, it falls under the category of information gathering and discovery, as it assists in obtaining relevant data during the initial stages of a cybersecurity assessment or investigation.Rate this question:
-
- 11.
Dengan sebuah software tertentu, Jeffrey melakukan remote scanning terhadap komputer Gina dan memperoleh informasi tentang sistem operasi yg digunakan di dalam komputer tersebut. Software seperti ini adalah salah satu alat VA yang termasuk dalam tahapan ….
- A.
Information gathering and discovery
- B.
Enumeration
- C.
Detection
- D.
Recovery
Correct Answer
B. EnumerationExplanation
The given correct answer is "Enumeration." In this scenario, Jeffrey is using a specific software to remotely scan Gina's computer and gather information about the operating system being used. Enumeration is the process of actively gathering information about a target system, such as open ports, services running, and system configurations. It is an important step in vulnerability assessment (VA) as it helps identify potential vulnerabilities and weaknesses in the system.Rate this question:
-
- 12.
Dengan sebuah software khusus bernama “Retina”, dapat diketahui apakah suatu sistem atau aplikasi rawan terhadap serangan atau tidak. Software seperti ini adalah salah satu alat VA yang termasuk dalam tahapan ….
- A.
Information gathering and discovery
- B.
Enumeration
- C.
Detection
- D.
Recovery
Correct Answer
C. DetectionExplanation
The given correct answer for this question is "Detection". This is because the "Retina" software mentioned in the question is specifically designed to determine whether a system or application is vulnerable to attacks or not. This process of identifying vulnerabilities and potential threats is a part of the detection phase in the vulnerability assessment (VA) process.Rate this question:
-
- 13.
Contoh Information System Audit yang masuk kategori automated audit adalah ….
- A.
Survey (kuisioner, interview dll)
- B.
Vulnerability scan
- C.
System log
- D.
Whois service
Correct Answer
C. System logExplanation
System log is categorized as an automated audit in the context of Information System Audit. This is because system logs are automatically generated by computer systems to record events and activities. These logs provide valuable information about the functioning of the system, including user activities, errors, security incidents, and more. Automated tools can analyze these logs to identify any anomalies or potential issues, making it an effective method for auditing and monitoring the system's performance and security.Rate this question:
-
- 14.
Leo dan kawan-kawannya membuka sebuah biro jasa pengelolaan keamanan sistem informasi dengan target klien perusahaan dan/atau instansi pemerintah. Bentuk usaha seperti ini disebut ….
- A.
Security system auditor (SSA)
- B.
Security system mintor (SSM)
- C.
Managed Service Provider (MSP)
- D.
Security Service Provider (SSP)
Correct Answer
C. Managed Service Provider (MSP)Explanation
Leo dan kawan-kawannya membuka sebuah biro jasa pengelolaan keamanan sistem informasi dengan target klien perusahaan dan/atau instansi pemerintah. Bentuk usaha seperti ini disebut Managed Service Provider (MSP). MSP adalah penyedia jasa yang mengelola dan menyediakan layanan IT kepada klien mereka. Mereka bertanggung jawab atas pengelolaan, pemantauan, dan pemeliharaan sistem keamanan informasi klien mereka. Dalam konteks ini, Leo dan kawan-kawannya menyediakan layanan pengelolaan keamanan sistem informasi kepada perusahaan dan instansi pemerintah, sehingga menjadikan mereka sebagai Managed Service Provider (MSP).Rate this question:
-
- 15.
Ancaman keamanan tertentu yg sudah dikenali/teridentifikasi disebut ….
- A.
Hazard
- B.
Threat
- C.
Vulnerability
- D.
Security hole
Correct Answer
A. HazardExplanation
The correct answer is "Hazard." A hazard refers to a potential source of harm or danger that has been recognized or identified. It can include various threats to security, such as natural disasters, accidents, or intentional acts of violence. Hazards are typically assessed and managed to minimize the risks they pose to individuals, communities, or organizations.Rate this question:
-
- 16.
Jack menelepon perusahaan XYZ dan berpura-pura menjadi karyawan kantor pusat untuk mendapatkan informasi account di server perusahaan tersebut. Tindakan ini masuk dalam kategori ….
- A.
Network spoofing
- B.
Server hacking
- C.
Web defacing
- D.
Social engineering
Correct Answer
D. Social engineeringExplanation
Jack's action of pretending to be an employee of the XYZ company's headquarters in order to gain access to account information on their server falls under the category of social engineering. Social engineering refers to the manipulation of individuals to deceive them into revealing confidential information or granting unauthorized access to systems. In this case, Jack is using deception and impersonation to manipulate the company's employees and gain access to sensitive information.Rate this question:
-
- 17.
Bill mengaduk-aduk tempat sampah di halaman belakang kantor perusahaan XYZ untuk mendapatkan informasi berharga tentang network perusahaan tersebut. Tindakan ini disebut ….
- A.
Trash finding
- B.
Information seeking
- C.
Dumster diving
- D.
Trash diving
Correct Answer
C. Dumster divingExplanation
Dumster diving is the correct answer because it refers to the act of searching through trash or garbage in order to find valuable or useful information. In the given scenario, Bill is rummaging through the trash in the backyard of XYZ company's office to gather valuable information about their network.Rate this question:
-
- 18.
Suatu pagi, Phillip mendapatkan email berisi tawaran asuransi dengan premi rendah dari sebuah perusahaan asuransi terkenal. Tertarik dengan tawaran tsb, Phillip melakukan pendaftaran termasuk dgn memasukkan informasi kartu kreditnya. Seminggu kemudian, ia menyadari telah tertipu setelah mengetahui bahwa perusahaan tsb tidak pernah memiliki tawaran seperti itu. Serangan yang dialami oleh Phillip adalah ….
- A.
Email hacking
- B.
Email phraking
- C.
Email spoofing
- D.
Email phishing
Correct Answer
D. Email phishingExplanation
Phillip fell victim to email phishing, which is a fraudulent attempt to obtain sensitive information such as credit card details by disguising as a trustworthy entity in an electronic communication. In this case, the email offering low insurance premiums was a scam, and Phillip unknowingly provided his credit card information to the scammers. This type of attack is common and can lead to identity theft or financial loss for the victims.Rate this question:
-
- 19.
Berikut ini adalah cara untuk meminimalkan peluang terjadinya serangan Social Engineering, kecuali ….
- A.
Menetapkan security policy yang jelas dan komprehensif
- B.
Membuat user menyadari potensi terjadinya serangan social engineering
- C.
Memperketat security mechanism yang digunakan
- D.
Mengaudit security policy secara berkala.
Correct Answer
C. Memperketat security mechanism yang digunakanExplanation
Memperketat security mechanism yang digunakan adalah salah satu cara untuk meminimalkan peluang terjadinya serangan Social Engineering. Dengan meningkatkan keamanan pada mekanisme yang digunakan, seperti mengaktifkan fitur otentikasi dua faktor, enkripsi data, dan firewall yang kuat, dapat membuat serangan social engineering menjadi lebih sulit dilakukan oleh pihak yang tidak berwenang. Dengan demikian, menjaga keamanan pada security mechanism yang digunakan dapat membantu mengurangi risiko serangan social engineering.Rate this question:
-
- 20.
Satu-satunya anggota keluarga protokol 802.11 yang tidak menggunakan teknik modulasi OFDM adalah ….
- A.
Protokol 802.11a
- B.
Protokol 802.11b
- C.
Protokol 802.11g
- D.
Protokol 802.11n
Correct Answer
B. Protokol 802.11bExplanation
Protokol 802.11b is the correct answer because it is the only protocol among the options that does not use OFDM (Orthogonal Frequency Division Multiplexing) modulation technique. OFDM is a modulation technique used in wireless communication to increase data transfer rates and improve signal quality. Protocols 802.11a, 802.11g, and 802.11n all use OFDM, but 802.11b uses a different modulation technique called Direct Sequence Spread Spectrum (DSSS).Rate this question:
-
- 21.
Komponen jaringan nirkabel yang tidak dispesifikasikan dalam protokol 802.11 namun memiliki tugas penting yakni menghubungkan sebuah jaringan nirkabel dengan jaringan yang lainnya, adalah....
- A.
Station
- B.
Wireless medium
- C.
Access point
- D.
Distribution system
Correct Answer
D. Distribution systemExplanation
The distribution system is a component of a wireless network that is not specified in the 802.11 protocol but has an important task of connecting a wireless network to other networks. It serves as a bridge between the wireless network and other networks, allowing for communication and data transfer between them. This component is essential for expanding the reach and connectivity of a wireless network beyond its local area.Rate this question:
-
- 22.
Perangkat jaringan nirkabel yang dapat digunakan untuk menghubungkan sebuah jaringan nirkabel dengan jaringan kabel adalah ….
- A.
Station
- B.
Wireless medium
- C.
Access point
- D.
Distribution system
Correct Answer
C. Access pointExplanation
An access point is a wireless networking device that allows wireless devices to connect to a wired network. It acts as a bridge between the wireless network and the wired network, enabling communication between the two. Therefore, an access point is the correct answer as it can be used to connect a wireless network to a wired network.Rate this question:
-
- 23.
Sebuah message berisi nama jaringan nirkabel tertentu secara reguler di-broadcast oleh Access Point untuk membantu station mengetahui keberadaan jaringan nirkabel tersebut. Message ini disebut ….
- A.
SSID broadcasting
- B.
MAC request broadcasting
- C.
DNS broadcasting
- D.
NETBIOS broadcasting
Correct Answer
A. SSID broadcastingExplanation
SSID broadcasting refers to the process in which an Access Point regularly broadcasts a message containing the name of a specific wireless network. This helps stations to identify the presence of the wireless network.Rate this question:
-
- 24.
Mengira terhubung dengan Access Point milik fakultasnya, Dick mencoba mengakses server dengan memberikan informasi loginnya di jaringan yang salah. Tindakan ini masuk kategori ….
- A.
Accidental association
- B.
Malicious association
- C.
Identity Theft
- D.
Man-in-the-middle attacks
Correct Answer
A. Accidental associationExplanation
Dick's action of trying to access the server by providing his login information on the wrong network is categorized as accidental association. Accidental association refers to the unintentional connection to an unauthorized network or device, thinking it is a legitimate access point. In this case, Dick mistakenly believed that he was connecting to the Access Point of his faculty, but he was actually connecting to a different network. This mistake can lead to potential security risks and unauthorized access to personal information.Rate this question:
-
- 25.
Alex secara sengaja meletakkan sebuah Access Point lain dalam sebuah jaringan nirkabel yang sudah ada dengan tujuan melakukan sniffing password. Tindakan ini masuk kategori ….
- A.
Accidental association
- B.
Malicious association
- C.
Identity Theft
- D.
Man-in-the-middle attacks
Correct Answer
B. Malicious associationExplanation
The correct answer is Malicious association. This is because Alex intentionally placed another Access Point in an existing wireless network with the purpose of sniffing passwords. This action is considered malicious as it involves unauthorized access and potential harm to the network and its users.Rate this question:
-
- 26.
Ben memasang sebuah dummy-AP sebagai perantara yang menghubungkan station2 dalam jaringan nirkabel kampusnya dengan AP yang asli. Tindakan ini masuk kategori ….
- A.
Accidental association
- B.
Malicious association
- C.
Identity Theft
- D.
Man-in-the-middle attacks
Correct Answer
D. Man-in-the-middle attacksExplanation
The action of installing a dummy-AP as an intermediary to connect stations in a wireless campus network with the original AP falls under the category of Man-in-the-middle attacks. In this scenario, the attacker is intercepting and potentially altering the communication between the stations and the genuine AP, allowing them to eavesdrop on sensitive information or manipulate the data being transmitted.Rate this question:
-
- 27.
Ben memaksa Access Point jaringan kampusnya untuk melakukan reassociation dengan cara mengirimkan paket-paket sampah dalam jumlah besar. Tindakan ini masuk kategori ….
- A.
Network Injection
- B.
Denial of Service
- C.
Identity Theft
- D.
Man-in-the-middle attacks
Correct Answer
B. Denial of ServiceExplanation
The action of Ben forcing the campus network's Access Point to reassociate by sending a large number of garbage packets falls under the category of Denial of Service. Denial of Service attacks aim to disrupt or disable a network or system by overwhelming it with a flood of malicious or useless traffic, rendering it inaccessible or unusable for legitimate users. In this case, Ben's actions are intentionally causing a disruption to the network's normal functioning by flooding it with garbage packets.Rate this question:
-
- 28.
Untuk meminimalkan ancaman keamanan, Marry ingin agar nama jaringan nirkabel yang dikelolanya tidak terdeteksi oleh station2 anggota jaringan tersebut. Teknik yang dapat digunakan untuk keperluan ini adalah ….
- A.
MAC ID Filtering
- B.
Static IP Addressing
- C.
Stop SSID Broadcasting
- D.
Using WEP
Correct Answer
C. Stop SSID BroadcastingExplanation
Stop SSID Broadcasting is a technique that can be used to minimize security threats by preventing the wireless network name from being detected by other devices. By disabling SSID broadcasting, the network becomes "hidden" and only devices that already know the network name can connect to it. This adds an extra layer of security as it makes it more difficult for unauthorized users to discover and attempt to access the network.Rate this question:
-
- 29.
John ingin agar sesi komunikasi yang terjadi antar station dalam jaringan nirkabel yang dikelolanya tidak mudah di-spoofing oleh hacker. Teknik yang dapat digunakan untuk keperluan ini adalah ….
- A.
MAC ID Filtering
- B.
Static IP Addressing
- C.
Stop SSID Broadcasting
- D.
Using WEP
Correct Answer
D. Using WEPExplanation
WEP (Wired Equivalent Privacy) is a technique that can be used to prevent easy spoofing of communication sessions between stations in a wireless network. WEP provides a level of encryption to the data being transmitted, making it difficult for hackers to intercept and manipulate the communication. By using WEP, John can ensure that the data transmitted within his wireless network is secure and not easily spoofed by hackers.Rate this question:
-
- 30.
Jenni ingin agar signal AP jaringan nirkabel yang dikelolanya tidak bisa digunakan di luar gedung kantornya. Teknik yang dapat digunakan untuk keperluan ini adalah ….
- A.
MAC ID Filtering
- B.
Hide SSID broadcast message
- C.
USB token
- D.
RF Shielding
Correct Answer
D. RF ShieldingExplanation
RF Shielding is a technique that can be used to prevent wireless signals from being used outside of the office building. It involves creating a physical barrier or shield around the area to block the signals from escaping. This can be done using materials that are designed to absorb or reflect the radio waves, effectively preventing them from reaching beyond the designated area. By implementing RF shielding, Jenni can ensure that the wireless signals managed by her cannot be accessed or utilized outside of her office building.Rate this question:
-
- 31.
Dalam model OSI, enkripsi WEP bekerja pada layer ….
- A.
Physical
- B.
Data link
- C.
Network
- D.
Transport
Correct Answer
B. Data linkExplanation
The correct answer is "Data link." In the OSI model, the data link layer is responsible for the reliable transfer of data between two nodes on a network. It provides error detection and correction, as well as flow control. WEP (Wired Equivalent Privacy) is a security protocol that operates at the data link layer, providing encryption and authentication for wireless networks. Therefore, WEP works at the data link layer in the OSI model.Rate this question:
-
- 32.
Dalam proses enkripsi WEP, operasi logika yang diterapkan antara bit stream keluaran RC4 dengan plaintext adalah ….
- A.
NOT
- B.
AND
- C.
OR
- D.
XOR
Correct Answer
D. XORExplanation
In the process of WEP encryption, the logical operation applied between the output bit stream of RC4 and the plaintext is XOR. XOR (exclusive OR) operation combines the bits from both inputs and produces an output where each bit is set if the corresponding bits in the inputs are different. This operation is commonly used in encryption algorithms to ensure that the encrypted data is secure and can only be decrypted using the correct key.Rate this question:
-
- 33.
Salah satu kelemahan teknik enkripsi WEP yang bisa dieksploitasi di level sistem operasi adalah karena ia dirancang untuk bekerja di layer datalink dan bukan di layer ….
- A.
Physical
- B.
Application
- C.
Transport
- D.
Network
Correct Answer
B. ApplicationExplanation
The weakness of the WEP encryption technique can be exploited at the application layer of the operating system. This means that the encryption is not designed to work effectively at the application layer, making it vulnerable to attacks.Rate this question:
-
- 34.
Salah satu kelemahan teknik enkripsi WEP dalam hal password adalah ….
- A.
Menggunakan public-key
- B.
Menggunakan shared-key
- C.
Menggunakan private-key
- D.
Menggunakan secret-key
Correct Answer
B. Menggunakan shared-keyExplanation
The weakness of WEP encryption technique in terms of password lies in using a shared-key. This means that the same key is shared among multiple users or devices, making it easier for an attacker to intercept and guess the password. This lack of uniqueness and randomness in the shared-key makes it vulnerable to brute-force attacks and increases the likelihood of unauthorized access to the encrypted data.Rate this question:
-
- 35.
Dari ke-4 pendekatan untuk melakukan Security Assessment, pendekatan yang melibatkan cost analysis adalah ….
- A.
Vulnerability Assessment
- B.
Information System Audit
- C.
Security Risk Evaluation
- D.
Manage Service Provider
Correct Answer
C. Security Risk EvaluationExplanation
The correct answer is Security Risk Evaluation. This approach involves analyzing the potential risks and vulnerabilities in a system or organization's security measures. It includes assessing the likelihood and impact of security threats, as well as evaluating the cost of implementing security measures to mitigate these risks. By conducting a security risk evaluation, organizations can make informed decisions about allocating resources and implementing appropriate security measures to protect their assets and data.Rate this question:
-
- 36.
Dari ke-4 pendekatan untuk melakukan Security Assessment, pendekatan sifatnya menyeluruh termasuk mengevaluasi strength dan weakness dari sistem keamanan yang digunakan, adalah ….
- A.
Vulnerability Assessment
- B.
Information System Audit
- C.
Security Risk Evaluation
- D.
Manage Service Provider
Correct Answer
C. Security Risk EvaluationExplanation
The correct answer is Security Risk Evaluation. This approach involves conducting a comprehensive assessment of the security system used, including evaluating its strengths and weaknesses. It focuses on identifying and analyzing potential risks and threats to the system's security. By conducting a security risk evaluation, organizations can gain insights into their overall security posture and make informed decisions to mitigate risks and enhance their security measures.Rate this question:
-
- 37.
Dari ke-4 pendekatan untuk melakukan Security Assessment, pendekatan dimana sebagian besar pekerjaan dilimpahkan ke pihak eksternal adalah ….
- A.
Vulnerability Assessment
- B.
Information System Audit
- C.
Security Risk Evaluation
- D.
Manage Service Provider
Correct Answer
D. Manage Service ProviderExplanation
The correct answer is "Manage Service Provider". In this approach, most of the work is outsourced to external parties to manage the service provider. This means that the organization relies on external experts to assess and manage the security of their service provider. This approach allows the organization to leverage the expertise and resources of the service provider to ensure the security of their systems and data.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Jun 14, 2009Quiz Created by
Asambul
Sekolah Global Mandiri - Wilayah Negara Kesatuan Republik Indonesia
Sekolah Global Mandiri - Wilayah Negara Kesatuan Republik Indonesia
Seleksi Penerimaan Mahasiswa Baru Poltekkes Hermina Tahun 2020
Seleksi Penerimaan Mahasiswa Baru Poltekkes Hermina Tahun 2020
Back to top