Social Engineering & Information Security Quiz
.
Questions and Answers
- 1.
Which of the following is not an approach to trust?
- A.
Trust authorized individuals only.
- B.
Trust everyone all of the time.
- C.
Trust some people some of the time.
- D.
Trust all people all the time.
Correct Answer
A. Trust authorized individuals only.Explanation
The correct answer is "Trust authorized individuals only." This option suggests that trust should only be placed in individuals who have been authorized or given specific permission. This approach implies that trust should not be extended to everyone or to all people at all times, but rather limited to a select group of individuals who have been deemed trustworthy.Rate this question:
-
- 2.
Which of the following characterizes the attitude that system support personnel generally have toward security?
- A.
They want to be able to get their work done without restrictive security controls.
- B.
They are concerned about the ease of managing systems under tight security controls.
- C.
They are concerned about cost of security protection for attacks that may not materialize.
- D.
They want to manage how users react to security policies.
Correct Answer
B. They are concerned about the ease of managing systems under tight security controls.Explanation
System support personnel generally have a concern about the ease of managing systems under tight security controls. This means that they prioritize the efficiency and smooth operation of the systems they manage. Tight security controls can sometimes create obstacles or extra steps that make their work more difficult or time-consuming. Therefore, they are concerned about striking a balance between strong security measures and the ability to manage and maintain the systems effectively.Rate this question:
-
- 3.
A(n) _____ is a collection of suggestions that should be implemented.
- A.
Standard
- B.
Code
- C.
Policy
- D.
Guideline
Correct Answer
D. GuidelineExplanation
A guideline is a collection of suggestions that should be implemented. It provides a set of recommendations or best practices to follow in order to achieve a desired outcome or goal. Guidelines are typically used to provide direction or instructions on how to perform a task or make decisions. They serve as a reference point for individuals or organizations to ensure consistency and efficiency in their actions.Rate this question:
-
- 4.
Which of the following is not a characteristic of a policy?
- A.
Policies may be helpful in the event that it is necessary to prosecute violators.
- B.
Policies identify what tools and procedures are needed.
- C.
Policies define what appropriate behavior for users is.
- D.
Policies communicate a unanimous agreement of judgment.
Correct Answer
D. Policies communicate a unanimous agreement of judgment.Explanation
The given answer, "Policies communicate a unanimous agreement of judgment," is not a characteristic of a policy. Policies are guidelines or rules that provide direction and guidance on how to act or behave in a certain situation. They do not necessarily reflect a unanimous agreement of judgment, as policies can be created and enforced by a single authority or organization.Rate this question:
-
- 5.
Each of the following is a step in the risk management study except _____.
- A.
Threat identification
- B.
Threat appraisal
- C.
Risk mitigation
- D.
Asset identification
Correct Answer
B. Threat appraisalExplanation
The correct answer is "threat appraisal." In risk management, the process involves identifying potential threats, assessing their likelihood and impact, and then implementing measures to mitigate those risks. However, threat appraisal is not a step in the risk management study. It is important to distinguish between identifying threats and appraising them, as the latter involves evaluating the severity and potential consequences of each threat.Rate this question:
-
- 6.
Each of the following is what a security policy must do except _____.
- A.
State reasons why the policy is necessary
- B.
Be able to implement and enforce it
- C.
Be concise and easy to understand
- D.
Balance protection with productivity
Correct Answer
A. State reasons why the policy is necessaryExplanation
A security policy must be concise and easy to understand in order to effectively communicate the guidelines and procedures to all individuals within an organization. It should also be able to implement and enforce it to ensure that everyone follows the policy consistently. Additionally, a security policy must balance protection with productivity, as it should not hinder the organization's operations while still providing adequate security measures. However, stating reasons why the policy is necessary is not a requirement for a security policy, as it focuses more on the justification rather than the actual implementation and enforcement of the policy.Rate this question:
-
- 7.
Each of the following should serve on a security policy development team except ______.
- A.
Member of management who can enforce the policy
- B.
Member of the legal staff
- C.
Representative from an antivirus vendor
- D.
Senior level administrator
Correct Answer
C. Representative from an antivirus vendorExplanation
A representative from an antivirus vendor should not serve on a security policy development team because their role is to sell antivirus products and services, rather than to develop policies. The team should consist of individuals who have expertise in management, legal matters, and senior level administration to ensure that the policies are comprehensive, legally compliant, and aligned with the organization's goals and requirements.Rate this question:
-
- 8.
- _____ is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them.
- A.
Due obligations
- B.
Due process
- C.
Due diligence
- D.
Due care
Correct Answer
D. Due careExplanation
Due care is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them. It involves being diligent and cautious in managing and safeguarding assets to prevent any harm, damage, or loss. By fulfilling their due care obligations, owners and operators demonstrate their responsibility and commitment to maintaining the integrity and security of the assets under their control.Rate this question:
- 9.
Each of the following is a guideline for developing a security policy except ______.
- A.
Notify users in advance that a new security policy is being developed and explain why the policy is needed
- B.
Provide a sample of people affected by the policy with an opportunity to review and comment
- C.
Prior to deployment, give all users at least two weeks to review and comment
- D.
Require all users to approve the policy before it is implemented
Correct Answer
D. Require all users to approve the policy before it is implementedExplanation
The correct answer is "Require all users to approve the policy before it is implemented." This is not a guideline for developing a security policy because it may not be practical or feasible to obtain approval from all users before implementing the policy. It is more common to involve users in the development process by notifying them in advance, providing opportunities for review and comment, and giving them time to provide feedback. However, the final decision on implementing the policy is typically made by the organization or the designated authority.Rate this question:
-
- 10.
A(n) _____ defines the actions users may perform while accessing systems and networking equipment.
- A.
Internet use policy
- B.
User permission policy
- C.
End user policy
- D.
Acceptable use policy
Correct Answer
D. Acceptable use policyExplanation
An acceptable use policy is a set of rules and guidelines that define the actions and behaviors that are permitted or prohibited while accessing systems and networking equipment. It outlines what users can and cannot do, ensuring that they use the resources responsibly and in accordance with the organization's policies. This policy helps maintain security, protect sensitive information, and prevent misuse or abuse of the network and systems.Rate this question:
-
- 11.
A password management and complexity policy will encourage users to avoid weak passwords by recommending each of the following except _______.
- A.
Do not use a password that is a word found in a dictionary
- B.
Do not use the name of a pet
- C.
Do not use alphabetic characters
- D.
Do not use birthdays
Correct Answer
C. Do not use alphabetic charactersExplanation
A password management and complexity policy will encourage users to avoid weak passwords by recommending each of the following except "Do not use alphabetic characters". This is because alphabetic characters are an essential component of a strong password. Including a combination of uppercase and lowercase letters, along with numbers and special characters, increases the complexity and makes it harder for hackers to guess or crack the password. Therefore, the policy should recommend using alphabetic characters along with other types of characters to create a strong password.Rate this question:
-
- 12.
A personally identifiable information (PII) policy ______.
- A.
Outlines how the organization uses information it collects
- B.
Is required on all Internet Web sites
- C.
Must be certified before it can be used
- D.
Is identical to an AUP
Correct Answer
A. Outlines how the organization uses information it collectsExplanation
The correct answer is "outlines how the organization uses information it collects." A personally identifiable information (PII) policy is a set of guidelines and procedures that an organization follows to ensure the proper handling and use of personal information collected from individuals. It outlines the specific ways in which the organization utilizes the information it collects, including how it is stored, shared, and protected. This policy helps to ensure that the organization complies with privacy laws and regulations and maintains the trust and confidentiality of individuals' personal information.Rate this question:
-
- 13.
When a file is deleted using Microsoft Windows, _______.
- A.
The information itself remains on the hard drive until it is overwritten by new files
- B.
The last character of the file name is changed
- C.
The file contents are physically overwritten with zeros
- D.
It is physically removed from the disk once the Recycle Bin is emptied
Correct Answer
A. The information itself remains on the hard drive until it is overwritten by new filesExplanation
When a file is deleted using Microsoft Windows, the information itself remains on the hard drive until it is overwritten by new files. This means that even though the file is no longer visible or accessible, its data is still present on the hard drive until it is replaced by new data. This is why it is possible to recover deleted files using specialized software until they are overwritten by new files.Rate this question:
-
- 14.
Each of the following is usually contained in a service level agreement except ______.
- A.
Scope of the work to be performed
- B.
Exclusions and exceptions
- C.
Requirements for PII
- D.
Penalties for failure to fulfill obligations
Correct Answer
C. Requirements for PIIExplanation
A service level agreement typically outlines the expectations and responsibilities between a service provider and a client. It includes details such as the scope of work, exclusions and exceptions, and penalties for failure to fulfill obligations. However, requirements for Personally Identifiable Information (PII) are not usually mentioned in a service level agreement. PII requirements are typically addressed in separate agreements or contracts that specifically focus on data privacy and security.Rate this question:
-
- 15.
A classification of information policyis designed to produce a standardized framework for classifying _____.
- A.
Types of policies
- B.
User password violations
- C.
Free hard drive
- D.
Information assets
Correct Answer
D. Information assetsExplanation
A classification of information policy is designed to produce a standardized framework for classifying information assets. This means that the policy aims to establish a consistent and organized system for categorizing and managing different types of information assets within an organization. By doing so, the policy helps ensure that information assets are properly identified, protected, and utilized according to their respective classification.Rate this question:
-
- 16.
_____ may be defined as the study of what people understand to be good and right behavior and how people make those judgments.
- A.
Ethics
- B.
Morals
- C.
Values
- D.
Principles
Correct Answer
A. EthicsExplanation
Ethics is the correct answer because it refers to the study of what individuals perceive as good and right behavior, as well as how they form judgments about such behavior. It involves examining moral principles, values, and beliefs that guide human conduct and decision-making. Ethics helps us understand and evaluate the moral implications of actions and choices, and provides a framework for making ethical judgments and resolving ethical dilemmas.Rate this question:
-
- 17.
For adult learners a(n) _____ approach (the art of helping an adult learn) is often preferred.
- A.
Institutional
- B.
Auditory
- C.
Pedagogical
- D.
Andragogical
Correct Answer
D. AndragogicalExplanation
For adult learners, an andragogical approach is often preferred because it focuses on the unique needs and characteristics of adult learners. Andragogy is the art of helping adults learn, and it recognizes that adults are self-directed, have a wealth of experience, and prefer learning that is relevant and applicable to their lives. This approach encourages active participation, problem-solving, and collaboration, which are all effective strategies for adult learners. In contrast, pedagogical approaches are more suitable for children and focus on teacher-directed instruction. Therefore, the andragogical approach is the most appropriate for adult learners.Rate this question:
-
- 18.
Social engineering ______.
- A.
Relies on tricking and deceiving someone to provide secure information
- B.
Is illegal in the U.S.
- C.
Requires a computer and Internet connection
- D.
Is rarely used today
Correct Answer
A. Relies on tricking and deceiving someone to provide secure informationExplanation
Social engineering is a form of manipulation that exploits human psychology to deceive individuals into divulging confidential information or performing actions that compromise security. It does not necessarily require a computer or internet connection, and while it is illegal in many cases, the answer does not state that it is illegal in the U.S. Social engineering is still widely used today as a tactic by attackers to gain unauthorized access to sensitive data or systems.Rate this question:
-
- 19.
_____ is a technique that targets only specific users.
- A.
Spear phishing
- B.
Phishing
- C.
Pharming
- D.
Yahoo phishing
Correct Answer
A. Spear phishingExplanation
Spear phishing is a technique that targets only specific users. Unlike regular phishing, which casts a wide net to catch as many victims as possible, spear phishing is more personalized and tailored to a specific individual or group. Attackers gather information about their targets to make their phishing attempts more convincing and increase the chances of success. By posing as a trusted entity or using personalized information, spear phishing attacks aim to trick the targeted users into revealing sensitive information or performing certain actions that can be exploited by the attackers.Rate this question:
-
- 20.
Watching an individual enter a security code on a keypad without her permission is known as _______.
- A.
Shoulder surfing
- B.
Keyboard observation (KO)
- C.
Keypad eavesdropping
- D.
Finger scanning
Correct Answer
A. Shoulder surfingExplanation
Shoulder surfing refers to the act of watching someone enter a security code on a keypad without their permission. It involves visually observing the person's actions from a close distance, typically by standing behind or beside them. This practice is often used by individuals with malicious intent to gain unauthorized access to sensitive information or passwords. Therefore, shoulder surfing is the correct term to describe this behavior.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 22, 2023Quiz Edited by
ProProfs Editorial Team -
Apr 26, 2011Quiz Created by
Kcarter89
- Aeronautics Quizzes
- Aerospace Quizzes
- Agricultural Science Quizzes
- Astrology Quizzes
- Astronomy Quizzes
- Atom Quizzes
- Biochemistry Quizzes
- Biology Quizzes
- Biomechanics Quizzes
- Biostatistics Quizzes
- Biotechnology Quizzes
- Botany Quizzes
- Branches Of Science Quizzes
- Chemistry Quizzes
- Cytology Quizzes
- Easy Science Quizzes
- Ecology Quizzes
- Electrical Quizzes
- Embryology Quizzes
- Endocrinology Quizzes
- Environmental Science Quizzes
- Epidemiology Quizzes
- Experiment Quizzes
- Forestry Quizzes
- Fossil Quizzes
- Gas Quizzes
- General Science Quizzes
- Genetics Quizzes
- Histology Quizzes
- Human Biology Quizzes
- Integrated Science Quizzes
- Invention Quizzes
- Library Science Quizzes
- Lighting Quizzes
- Liquid Quizzes
- Marine Biology Quizzes
- Microbiology Quizzes
- Molecular Biology Quizzes
- Nature Quizzes
- Neuroscience Quizzes
- Nuclear Science Quizzes
- Oceanography Quizzes
- Physics Quizzes
- Psychology Quizzes
- Science And Technology Quizzes
- Science Glossary Quizzes
- Science Knowledge Quizzes
- Science Practice Quizzes
- Scientific Method Quizzes
- Scientific Notation Quizzes
- Soil Science Quizzes
- Solar System Quizzes
- Solid Quizzes
- Zoology Quizzes
Back to top