Cpp Some Concept (phase Xiv)

1. What are some frequently overlooked threats to the security of information?

Weak passwords

Inadvertent disclosure

Malware infections

Phishing attacks

While phishing attacks, malware infections, and weak passwords are common and important threats to information security, the most frequently overlooked threat is inadvertent disclosure.

Explanation

While phishing attacks, malware infections, and weak passwords are common and important threats to information security, the most frequently overlooked threat is inadvertent disclosure.

2. Which of the following is sensitive but not proprietary information?

Company logo design

Publicly available product pricing information

Confidential personal information in employee files.

Employee handbook policies

Sensitive information such as confidential personal details in employee files can be considered sensitive but not proprietary. Company logo design, employee handbook policies, and publicly available product pricing information can be considered proprietary or not as sensitive as personal information in employee files.

Explanation

Sensitive information such as confidential personal details in employee files can be considered sensitive but not proprietary. Company logo design, employee handbook policies, and publicly available product pricing information can be considered proprietary or not as sensitive as personal information in employee files.

3. In relation to information, who or what is a fiduciary?

An automated computer system used for data storage.

A person to whom sensitive company information is entrusted and who should be bound by the terms of an NDA.

A public figure known for sharing confidential information.

A legal document outlining copyright information.

A fiduciary is a person entrusted with sensitive company information, not an automated system, legal document, or public figure.

Explanation

A fiduciary is a person entrusted with sensitive company information, not an automated system, legal document, or public figure.

4. What is a specific risk to sensitive obsolete prototypes?

May spontaneously combust if not stored in a temperature-controlled environment.

Are prone to developing artificial intelligence if left untouched for too long.

Can attract malicious spirits if not properly exorcised.

Can be reverse engineered if not destroyed properly.

Sensitive obsolete prototypes can pose a risk of being reverse engineered if not properly destroyed, potentially leading to the compromise of intellectual property or sensitive information.

Explanation

Sensitive obsolete prototypes can pose a risk of being reverse engineered if not properly destroyed, potentially leading to the compromise of intellectual property or sensitive information.

5. Which type of information requires safeguards such as clearly marking information to state how the information will be used and made available to others, what notifications and actions will be taken in the event of compromise, and instructions for destruction of the information?

Publicly available information

Sensitive company data

Historical records

Personally Identifiable Information.

Personally Identifiable Information needs to be safeguarded through clear markings and specific instructions for various scenarios to ensure privacy and security.

Explanation

Personally Identifiable Information needs to be safeguarded through clear markings and specific instructions for various scenarios to ensure privacy and security.

6. What is the most important function of competitive intelligence?

Spy on competitors to steal their ideas

Alert senior management to marketplace changes in order to prevent surprises

Increase profits by any means necessary

Convince customers to switch to your company

Competitive intelligence is primarily used to keep senior management informed of market changes and prevent unexpected developments.

Explanation

Competitive intelligence is primarily used to keep senior management informed of market changes and prevent unexpected developments.

7. How long is the life of a patent from the first filing?

20 years

10 years

15 years

30 years

The correct answer is 20 years because patents typically last for 20 years from the date of the first filing. This allows inventors to have a period of exclusivity to benefit from their inventions before others can freely use or replicate them.

Explanation

The correct answer is 20 years because patents typically last for 20 years from the date of the first filing. This allows inventors to have a period of exclusivity to benefit from their inventions before others can freely use or replicate them.

8. What is proprietary information?

Anything that an enterprise considers relevant to its status or operations and doesn’t want to disclose publicly.

Information that is freely available to the public.

Data that has no value to the enterprise.

Trade secrets that are widely known.

Proprietary information refers to data or knowledge that a company wants to keep confidential to maintain a competitive edge or protect its operations. This can include customer lists, manufacturing processes, business plans, etc.

Explanation

Proprietary information refers to data or knowledge that a company wants to keep confidential to maintain a competitive edge or protect its operations. This can include customer lists, manufacturing processes, business plans, etc.

9. Who should be required to sign a non-disclosure agreement as a condition of employment?

Only employees working with sensitive information.

All employees.

Only senior management.

Only employees in the marketing department.

A non-disclosure agreement is typically required for all employees to protect confidential information. Restricting it to certain roles or departments could leave other employees with access to sensitive information without legal protection.

Explanation

A non-disclosure agreement is typically required for all employees to protect confidential information. Restricting it to certain roles or departments could leave other employees with access to sensitive information without legal protection.

10. Safeguarding information based on the fact that small bits of information from different sources can be compiled to create sensitive information is called:

Phishing

OPSEC.

Spoofing

Social Engineering

OPSEC, short for Operations Security, is a systematic approach to safeguarding sensitive information. Phishing, Spoofing, and Social Engineering are forms of cyber attacks that aim to deceive individuals into revealing confidential information.

Explanation

OPSEC, short for Operations Security, is a systematic approach to safeguarding sensitive information. Phishing, Spoofing, and Social Engineering are forms of cyber attacks that aim to deceive individuals into revealing confidential information.

11. What is the most effective way to protect intellectual property rights such as patents, copyrights, and trademarks?

Share the intellectual property rights with competitors.

Ignore infringements and focus on creating new products.

Keep the intellectual property rights confidential.

Register those rights.

Registering intellectual property rights ensures legal protection and gives the right holders exclusive rights to their creations, preventing others from using or profiting from them without permission.

Explanation

Registering intellectual property rights ensures legal protection and gives the right holders exclusive rights to their creations, preventing others from using or profiting from them without permission.

12. Which of the following intellectual properties has to be registered in order for legal protection to exist?

Patents

Trademarks.

Copyrights

Trade Secrets

While trademarks require registration for legal protection, copyrights, patents, and trade secrets can still hold legal standing without registration.

Explanation

While trademarks require registration for legal protection, copyrights, patents, and trade secrets can still hold legal standing without registration.

13. What is the professional development needs of the traditional security professional in regard to the growing threat of cybercrime?

The security professional needs a practical understanding of the new logical security paradigm.

The security professional needs to ignore cybercrime threats and focus on other areas of security.

The security professional needs to rely solely on outdated security methods to combat cybercrime.

The security professional needs to focus on physical security measures only.

As cybercrime continues to evolve, security professionals must adapt and acquire a practical understanding of the new logical security paradigm to effectively combat these growing threats.

Explanation

As cybercrime continues to evolve, security professionals must adapt and acquire a practical understanding of the new logical security paradigm to effectively combat these growing threats.

14. There is a substantially increasing threat to IT systems and the information contained therein by so-called what?

“script kiddies”.

Phishing scams

Malware distributors

Hacktivists

Script kiddies are individuals who use scripts or tools created by others to launch attacks without fully understanding the technical aspects of hacking.

Explanation

Script kiddies are individuals who use scripts or tools created by others to launch attacks without fully understanding the technical aspects of hacking.

15. What is the term for the software-driven collection of open-source information?

Big data analytics

Machine learning

Web scraping

Data mining

Data mining is the process of discovering patterns in large datasets. While web scraping involves extracting data from websites, big data analytics focuses on analyzing large and complex datasets, and machine learning involves the use of algorithms to learn from data.

Explanation

Data mining is the process of discovering patterns in large datasets. While web scraping involves extracting data from websites, big data analytics focuses on analyzing large and complex datasets, and machine learning involves the use of algorithms to learn from data.

16. What does access control to information systems encompass?

Password Complexity, Multi-factor Authentication, Single Sign-On, and Data Loss Prevention

Firewall Configuration, Network Scanning, Security Patching, and Penetration Testing

Identification, Authentication, Authorisation and Accountability

Encryption, Intrusion Detection, Data Backup, and Incident Response

Access control to information systems encompasses the processes of identifying users, verifying their identities, determining what actions they are allowed to perform, and tracking their activities. Encryption, intrusion detection, data backup, firewall configuration, network scanning, security patching, penetration testing, password complexity, multi-factor authentication, single sign-on, and data loss prevention are important aspects of information security, but they do not specifically define access control measures.

Explanation

Access control to information systems encompasses the processes of identifying users, verifying their identities, determining what actions they are allowed to perform, and tracking their activities. Encryption, intrusion detection, data backup, firewall configuration, network scanning, security patching, penetration testing, password complexity, multi-factor authentication, single sign-on, and data loss prevention are important aspects of information security, but they do not specifically define access control measures.

17. What is defined by the integration, in a formal, collaborative, and strategic manner, of the cumulative security resources of the organization in order to deliver enterprise-wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency and cost savings?

Divergence

Fragmentation

Isolation

Convergence

Convergence is the correct term that refers to the integration of security resources for maximizing benefits, while the other options - Divergence, Isolation, and Fragmentation - do not represent the concept described in the question.

Explanation

Convergence is the correct term that refers to the integration of security resources for maximizing benefits, while the other options - Divergence, Isolation, and Fragmentation - do not represent the concept described in the question.

18. The use of the internet exposes SCADA systems to the inherent vulnerabilities of the internet. One means of mitigation is?

Ignoring the vulnerabilities and hoping for the best

Disabling all internet connectivity to the SCADA system

Improved response and recovery capabilities

Implementing a single-layer security solution

Incorporating improved response and recovery capabilities can help mitigate the risks associated with SCADA systems being exposed to the vulnerabilities of the internet by enhancing the system's ability to react and recover from potential cyber attacks or breaches.

Explanation

Incorporating improved response and recovery capabilities can help mitigate the risks associated with SCADA systems being exposed to the vulnerabilities of the internet by enhancing the system's ability to react and recover from potential cyber attacks or breaches.

19. What are some vulnerabilities of IP video surveillance systems?

Tampering and destruction of recordings.

Unauthorized access to camera controls

Data encryption vulnerabilities

Interference with live video feed

IP video surveillance systems are vulnerable to various threats, including tampering and destruction of recordings. This can compromise the integrity and security of the surveillance data.

Explanation

IP video surveillance systems are vulnerable to various threats, including tampering and destruction of recordings. This can compromise the integrity and security of the surveillance data.

20. Specifically in relation to access control systems that are TCP/IP based, we find two dangers:

Loss of power to the access control system; outdated software on the access control server.

Unauthorized physical access to the server room; insufficient user training on system usage.

Lack of integration with security cameras; over-reliance on biometric authentication alone.

The creation of a back door or additional cards by administrators; a PC to which the access control server is connected may have been taken over by an adversary.

The correct answer highlights the risks associated with creating unauthorized accounts and potential compromise of the system through an infected PC. The incorrect answers focus on different aspects such as physical security, software maintenance, and technological dependencies to provide a variety of plausible dangers that are not the main concerns in this context.

Explanation

The correct answer highlights the risks associated with creating unauthorized accounts and potential compromise of the system through an infected PC. The incorrect answers focus on different aspects such as physical security, software maintenance, and technological dependencies to provide a variety of plausible dangers that are not the main concerns in this context.

21. What are the key objectives of an organisation's Information Systems Security (ISS) program?

Increasing system complexity, reducing employee training, ignoring potential risks.

Encouraging data breaches, promoting unauthorized access, facilitating system downtime.

Prioritizing cost savings over security, neglecting regular security audits, allowing unrestricted access to sensitive information.

Protecting against compromise, protecting against unauthorised change, protecting against unavailability.

The key objectives of an organisation's ISS program are to protect against compromise, unauthorised change, and unavailability by implementing security measures and policies.

Explanation

The key objectives of an organisation's ISS program are to protect against compromise, unauthorised change, and unavailability by implementing security measures and policies.

22. Any flaw or weakness in an information system’s design, implementation, or operation and management is the definition of an:

Network breach.

Data breach.

Information systems vulnerability.

Software bug.

The correct term for a flaw or weakness in an information system's design, implementation, or operation and management is known as an 'Information systems vulnerability'. While data breach, software bug, and network breach are related to security incidents, they do not specifically refer to the inherent weakness in the system itself.

Explanation

The correct term for a flaw or weakness in an information system's design, implementation, or operation and management is known as an 'Information systems vulnerability'. While data breach, software bug, and network breach are related to security incidents, they do not specifically refer to the inherent weakness in the system itself.

23. What is the formula for Residual Risk?

(Threats x Vulnerabilities) ÷ Countermeasures.

(Threats + Vulnerabilities) x Countermeasures

Threats x (Vulnerabilities ÷ Countermeasures)

(Threats - Vulnerabilities) ÷ Countermeasures

Residual Risk is determined by multiplying the Threats and Vulnerabilities, then dividing by the Countermeasures in place. The correct answer reflects this formula accurately.

Explanation

Residual Risk is determined by multiplying the Threats and Vulnerabilities, then dividing by the Countermeasures in place. The correct answer reflects this formula accurately.

24. What comes after authentication in logical access control?

Authorisation

Validation

Identification

Verification

After authentication comes authorization in the process of logical access control, where the system determines the actions or tasks that the authenticated user is permitted to perform.

Explanation

After authentication comes authorization in the process of logical access control, where the system determines the actions or tasks that the authenticated user is permitted to perform.

25. What is a common way for virtual threats to enter computer networks?

Regularly updating antivirus software

USB peripheral device attachment; hacking; malware, sometimes as a result of visiting a website; phishing; social engineering

Reading emails from known sources

Downloading legal software updates

Virtual threats often enter computer networks through various malicious methods such as USB peripheral device attachment, hacking, malware, phishing, and social engineering. Downloading legal software updates, reading emails from known sources, and regularly updating antivirus software are not common ways for virtual threats to enter computer networks.

Explanation

Virtual threats often enter computer networks through various malicious methods such as USB peripheral device attachment, hacking, malware, phishing, and social engineering. Downloading legal software updates, reading emails from known sources, and regularly updating antivirus software are not common ways for virtual threats to enter computer networks.

26. An example of an IS vulnerability typically created by users is:

Outdated software

Weak passwords

Phishing

Social engineering

Social engineering involves manipulating people into performing certain actions or divulging confidential information that can compromise security. While the other options are also common IS vulnerabilities, social engineering specifically focuses on exploiting human behavior rather than technical flaws.

Explanation

Social engineering involves manipulating people into performing certain actions or divulging confidential information that can compromise security. While the other options are also common IS vulnerabilities, social engineering specifically focuses on exploiting human behavior rather than technical flaws.

27. Using a computer to trim off small amounts of money from many sources and diverting those slices into one's own or an accomplice's account is known as the 'salami effect'. In which sector is this crime most common?

Banking.

Education

Healthcare

Retail

The 'salami effect' crime is most common in the banking sector due to the large number of financial transactions and accounts that can be targeted for small amounts of money, making it harder to detect.

Explanation

The 'salami effect' crime is most common in the banking sector due to the large number of financial transactions and accounts that can be targeted for small amounts of money, making it harder to detect.

28. What is the most reliable protection to safeguard sensitive data stored on notebook computers?

Keep sensitive files in plain text format.

Avoid using public Wi-Fi networks.

Install antivirus software.

Encrypt sensitive files.

Encrypting sensitive files is considered the most reliable protection method because it ensures that even if the data is accessed, it will be unreadable without the encryption key.

Explanation

Encrypting sensitive files is considered the most reliable protection method because it ensures that even if the data is accessed, it will be unreadable without the encryption key.