Social Engineering & Information Security Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Kcarter89
K
Kcarter89
Community Contributor
Quizzes Created: 1 | Total Attempts: 1,473
Questions: 20 | Attempts: 1,473

SettingsSettingsSettings
Social Engineering & Information Security Quiz - Quiz

.


Questions and Answers
  • 1. 

    Which of the following is not an approach to trust? 

    • A.

      Trust authorized individuals only.

    • B.

      Trust everyone all of the time.

    • C.

      Trust some people some of the time.

    • D.

      Trust all people all the time.

    Correct Answer
    A. Trust authorized individuals only.
    Explanation
    The correct answer is "Trust authorized individuals only." This option suggests that trust should only be placed in individuals who have been authorized or given specific permission. This approach implies that trust should not be extended to everyone or to all people at all times, but rather limited to a select group of individuals who have been deemed trustworthy.

    Rate this question:

  • 2. 

    Which of the following characterizes the attitude that system support personnel generally have toward security? 

    • A.

      They want to be able to get their work done without restrictive security controls.

    • B.

      They are concerned about the ease of managing systems under tight security controls.

    • C.

      They are concerned about cost of security protection for attacks that may not materialize.

    • D.

      They want to manage how users react to security policies.

    Correct Answer
    B. They are concerned about the ease of managing systems under tight security controls.
    Explanation
    System support personnel generally have a concern about the ease of managing systems under tight security controls. This means that they prioritize the efficiency and smooth operation of the systems they manage. Tight security controls can sometimes create obstacles or extra steps that make their work more difficult or time-consuming. Therefore, they are concerned about striking a balance between strong security measures and the ability to manage and maintain the systems effectively.

    Rate this question:

  • 3. 

    A(n) _____ is a collection of suggestions that should be implemented. 

    • A.

      Standard

    • B.

      Code

    • C.

      Policy

    • D.

      Guideline

    Correct Answer
    D. Guideline
    Explanation
    A guideline is a collection of suggestions that should be implemented. It provides a set of recommendations or best practices to follow in order to achieve a desired outcome or goal. Guidelines are typically used to provide direction or instructions on how to perform a task or make decisions. They serve as a reference point for individuals or organizations to ensure consistency and efficiency in their actions.

    Rate this question:

  • 4. 

    Which of the following is not a characteristic of a policy? 

    • A.

      Policies may be helpful in the event that it is necessary to prosecute violators.

    • B.

      Policies identify what tools and procedures are needed.

    • C.

      Policies define what appropriate behavior for users is.

    • D.

      Policies communicate a unanimous agreement of judgment.

    Correct Answer
    D. Policies communicate a unanimous agreement of judgment.
    Explanation
    The given answer, "Policies communicate a unanimous agreement of judgment," is not a characteristic of a policy. Policies are guidelines or rules that provide direction and guidance on how to act or behave in a certain situation. They do not necessarily reflect a unanimous agreement of judgment, as policies can be created and enforced by a single authority or organization.

    Rate this question:

  • 5. 

    Each of the following is a step in the risk management study except _____.

    • A.

      Threat identification

    • B.

      Threat appraisal

    • C.

      Risk mitigation

    • D.

      Asset identification

    Correct Answer
    B. Threat appraisal
    Explanation
    The correct answer is "threat appraisal." In risk management, the process involves identifying potential threats, assessing their likelihood and impact, and then implementing measures to mitigate those risks. However, threat appraisal is not a step in the risk management study. It is important to distinguish between identifying threats and appraising them, as the latter involves evaluating the severity and potential consequences of each threat.

    Rate this question:

  • 6. 

    Each of the following is what a security policy must do except _____.

    • A.

      State reasons why the policy is necessary

    • B.

      Be able to implement and enforce it

    • C.

      Be concise and easy to understand

    • D.

      Balance protection with productivity

    Correct Answer
    A. State reasons why the policy is necessary
    Explanation
    A security policy must be concise and easy to understand in order to effectively communicate the guidelines and procedures to all individuals within an organization. It should also be able to implement and enforce it to ensure that everyone follows the policy consistently. Additionally, a security policy must balance protection with productivity, as it should not hinder the organization's operations while still providing adequate security measures. However, stating reasons why the policy is necessary is not a requirement for a security policy, as it focuses more on the justification rather than the actual implementation and enforcement of the policy.

    Rate this question:

  • 7. 

    Each of the following should serve on a security policy development team except ______.

    • A.

      Member of management who can enforce the policy

    • B.

      Member of the legal staff

    • C.

      Representative from an antivirus vendor

    • D.

      Senior level administrator

    Correct Answer
    C. Representative from an antivirus vendor
    Explanation
    A representative from an antivirus vendor should not serve on a security policy development team because their role is to sell antivirus products and services, rather than to develop policies. The team should consist of individuals who have expertise in management, legal matters, and senior level administration to ensure that the policies are comprehensive, legally compliant, and aligned with the organization's goals and requirements.

    Rate this question:

  • 8. 

    1. _____ is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them. 
    2.  
    3.  
    4.  
    5.  

    • A.

      Due obligations

    • B.

      Due process

    • C.

      Due diligence

    • D.

      Due care

    Correct Answer
    D. Due care
    Explanation
    Due care is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them. It involves being diligent and cautious in managing and safeguarding assets to prevent any harm, damage, or loss. By fulfilling their due care obligations, owners and operators demonstrate their responsibility and commitment to maintaining the integrity and security of the assets under their control.

    Rate this question:

  • 9. 

    Each of the following is a guideline for developing a security policy except ______.

    • A.

      Notify users in advance that a new security policy is being developed and explain why the policy is needed

    • B.

      Provide a sample of people affected by the policy with an opportunity to review and comment

    • C.

      Prior to deployment, give all users at least two weeks to review and comment

    • D.

      Require all users to approve the policy before it is implemented

    Correct Answer
    D. Require all users to approve the policy before it is implemented
    Explanation
    The correct answer is "Require all users to approve the policy before it is implemented." This is not a guideline for developing a security policy because it may not be practical or feasible to obtain approval from all users before implementing the policy. It is more common to involve users in the development process by notifying them in advance, providing opportunities for review and comment, and giving them time to provide feedback. However, the final decision on implementing the policy is typically made by the organization or the designated authority.

    Rate this question:

  • 10. 

    A(n) _____ defines the actions users may perform while accessing systems and networking equipment.

    • A.

      Internet use policy

    • B.

      User permission policy

    • C.

      End user policy

    • D.

      Acceptable use policy

    Correct Answer
    D. Acceptable use policy
    Explanation
    An acceptable use policy is a set of rules and guidelines that define the actions and behaviors that are permitted or prohibited while accessing systems and networking equipment. It outlines what users can and cannot do, ensuring that they use the resources responsibly and in accordance with the organization's policies. This policy helps maintain security, protect sensitive information, and prevent misuse or abuse of the network and systems.

    Rate this question:

  • 11. 

    A password management and complexity policy will encourage users to avoid weak passwords by recommending each of the following except _______.

    • A.

      Do not use a password that is a word found in a dictionary

    • B.

      Do not use the name of a pet

    • C.

      Do not use alphabetic characters

    • D.

      Do not use birthdays

    Correct Answer
    C. Do not use alphabetic characters
    Explanation
    A password management and complexity policy will encourage users to avoid weak passwords by recommending each of the following except "Do not use alphabetic characters". This is because alphabetic characters are an essential component of a strong password. Including a combination of uppercase and lowercase letters, along with numbers and special characters, increases the complexity and makes it harder for hackers to guess or crack the password. Therefore, the policy should recommend using alphabetic characters along with other types of characters to create a strong password.

    Rate this question:

  • 12. 

    A personally identifiable information (PII) policy ______.

    • A.

      Outlines how the organization uses information it collects

    • B.

      Is required on all Internet Web sites

    • C.

      Must be certified before it can be used

    • D.

      Is identical to an AUP

    Correct Answer
    A. Outlines how the organization uses information it collects
    Explanation
    The correct answer is "outlines how the organization uses information it collects." A personally identifiable information (PII) policy is a set of guidelines and procedures that an organization follows to ensure the proper handling and use of personal information collected from individuals. It outlines the specific ways in which the organization utilizes the information it collects, including how it is stored, shared, and protected. This policy helps to ensure that the organization complies with privacy laws and regulations and maintains the trust and confidentiality of individuals' personal information.

    Rate this question:

  • 13. 

    When a file is deleted using Microsoft Windows, _______.

    • A.

      The information itself remains on the hard drive until it is overwritten by new files

    • B.

      The last character of the file name is changed

    • C.

      The file contents are physically overwritten with zeros

    • D.

      It is physically removed from the disk once the Recycle Bin is emptied

    Correct Answer
    A. The information itself remains on the hard drive until it is overwritten by new files
    Explanation
    When a file is deleted using Microsoft Windows, the information itself remains on the hard drive until it is overwritten by new files. This means that even though the file is no longer visible or accessible, its data is still present on the hard drive until it is replaced by new data. This is why it is possible to recover deleted files using specialized software until they are overwritten by new files.

    Rate this question:

  • 14. 

    Each of the following is usually contained in a service level agreement except ______.

    • A.

      Scope of the work to be performed

    • B.

      Exclusions and exceptions

    • C.

      Requirements for PII

    • D.

      Penalties for failure to fulfill obligations

    Correct Answer
    C. Requirements for PII
    Explanation
    A service level agreement typically outlines the expectations and responsibilities between a service provider and a client. It includes details such as the scope of work, exclusions and exceptions, and penalties for failure to fulfill obligations. However, requirements for Personally Identifiable Information (PII) are not usually mentioned in a service level agreement. PII requirements are typically addressed in separate agreements or contracts that specifically focus on data privacy and security.

    Rate this question:

  • 15. 

    A classification of information policyis designed to produce a standardized framework for classifying _____.

    • A.

      Types of policies

    • B.

      User password violations

    • C.

      Free hard drive

    • D.

      Information assets

    Correct Answer
    D. Information assets
    Explanation
    A classification of information policy is designed to produce a standardized framework for classifying information assets. This means that the policy aims to establish a consistent and organized system for categorizing and managing different types of information assets within an organization. By doing so, the policy helps ensure that information assets are properly identified, protected, and utilized according to their respective classification.

    Rate this question:

  • 16. 

    _____ may be defined as the study of what people understand to be good and right behavior and how people make those judgments.

    • A.

      Ethics

    • B.

      Morals

    • C.

      Values

    • D.

      Principles

    Correct Answer
    A. Ethics
    Explanation
    Ethics is the correct answer because it refers to the study of what individuals perceive as good and right behavior, as well as how they form judgments about such behavior. It involves examining moral principles, values, and beliefs that guide human conduct and decision-making. Ethics helps us understand and evaluate the moral implications of actions and choices, and provides a framework for making ethical judgments and resolving ethical dilemmas.

    Rate this question:

  • 17. 

    For adult learners a(n) _____ approach (the art of helping an adult learn) is often preferred.

    • A.

      Institutional

    • B.

      Auditory

    • C.

      Pedagogical

    • D.

      Andragogical

    Correct Answer
    D. Andragogical
    Explanation
    For adult learners, an andragogical approach is often preferred because it focuses on the unique needs and characteristics of adult learners. Andragogy is the art of helping adults learn, and it recognizes that adults are self-directed, have a wealth of experience, and prefer learning that is relevant and applicable to their lives. This approach encourages active participation, problem-solving, and collaboration, which are all effective strategies for adult learners. In contrast, pedagogical approaches are more suitable for children and focus on teacher-directed instruction. Therefore, the andragogical approach is the most appropriate for adult learners.

    Rate this question:

  • 18. 

    Social engineering ______.

    • A.

      Relies on tricking and deceiving someone to provide secure information

    • B.

      Is illegal in the U.S.

    • C.

      Requires a computer and Internet connection

    • D.

      Is rarely used today

    Correct Answer
    A. Relies on tricking and deceiving someone to provide secure information
    Explanation
    Social engineering is a form of manipulation that exploits human psychology to deceive individuals into divulging confidential information or performing actions that compromise security. It does not necessarily require a computer or internet connection, and while it is illegal in many cases, the answer does not state that it is illegal in the U.S. Social engineering is still widely used today as a tactic by attackers to gain unauthorized access to sensitive data or systems.

    Rate this question:

  • 19. 

    _____ is a technique that targets only specific users.  

    • A.

      Spear phishing

    • B.

      Phishing

    • C.

      Pharming

    • D.

      Yahoo phishing

    Correct Answer
    A. Spear phishing
    Explanation
    Spear phishing is a technique that targets only specific users. Unlike regular phishing, which casts a wide net to catch as many victims as possible, spear phishing is more personalized and tailored to a specific individual or group. Attackers gather information about their targets to make their phishing attempts more convincing and increase the chances of success. By posing as a trusted entity or using personalized information, spear phishing attacks aim to trick the targeted users into revealing sensitive information or performing certain actions that can be exploited by the attackers.

    Rate this question:

  • 20. 

    Watching an individual enter a security code on a keypad without her permission is known as _______.

    • A.

      Shoulder surfing

    • B.

      Keyboard observation (KO)

    • C.

      Keypad eavesdropping

    • D.

      Finger scanning

    Correct Answer
    A. Shoulder surfing
    Explanation
    Shoulder surfing refers to the act of watching someone enter a security code on a keypad without their permission. It involves visually observing the person's actions from a close distance, typically by standing behind or beside them. This practice is often used by individuals with malicious intent to gain unauthorized access to sensitive information or passwords. Therefore, shoulder surfing is the correct term to describe this behavior.

    Rate this question:

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.