Social Engineering & Information Security Quiz

20 Questions

Settings
Please wait...
Engineering Quizzes & Trivia

Questions and Answers
  • 1. 
    Which of the following is not an approach to trust? 
    • A. 

      Trust authorized individuals only.

    • B. 

      Trust everyone all of the time.

    • C. 

      Trust some people some of the time.

    • D. 

      Trust all people all the time.

  • 2. 
    Which of the following characterizes the attitude that system support personnel generally have toward security? 
    • A. 

      They want to be able to get their work done without restrictive security controls.

    • B. 

      They are concerned about the ease of managing systems under tight security controls.

    • C. 

      They are concerned about cost of security protection for attacks that may not materialize.

    • D. 

      They want to manage how users react to security policies.

  • 3. 
    A(n) _____ is a collection of suggestions that should be implemented. 
    • A. 

      Standard

    • B. 

      Code

    • C. 

      Policy

    • D. 

      Guideline

  • 4. 
    Which of the following is not a characteristic of a policy? 
    • A. 

      Policies may be helpful in the event that it is necessary to prosecute violators.

    • B. 

      Policies identify what tools and procedures are needed.

    • C. 

      Policies define what appropriate behavior for users is.

    • D. 

      Policies communicate a unanimous agreement of judgment.

  • 5. 
    Each of the following is a step in the risk management study except _____.
    • A. 

      Threat identification

    • B. 

      Threat appraisal

    • C. 

      Risk mitigation

    • D. 

      Asset identification

  • 6. 
    Each of the following is what a security policy must do except _____.
    • A. 

      State reasons why the policy is necessary

    • B. 

      Be able to implement and enforce it

    • C. 

      Be concise and easy to understand

    • D. 

      Balance protection with productivity

  • 7. 
    Each of the following should serve on a security policy development team except ______.
    • A. 

      Member of management who can enforce the policy

    • B. 

      Member of the legal staff

    • C. 

      Representative from an antivirus vendor

    • D. 

      Senior level administrator

  • 8. 
    1. _____ is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them. 
    2.  
    3.  
    4.  
    5.  
    • A. 

      Due obligations

    • B. 

      Due process

    • C. 

      Due diligence

    • D. 

      Due care

  • 9. 
    Each of the following is a guideline for developing a security policy except ______.
    • A. 

      Notify users in advance that a new security policy is being developed and explain why the policy is needed

    • B. 

      Provide a sample of people affected by the policy with an opportunity to review and comment

    • C. 

      Prior to deployment, give all users at least two weeks to review and comment

    • D. 

      Require all users to approve the policy before it is implemented

  • 10. 
    A(n) _____ defines the actions users may perform while accessing systems and networking equipment.
    • A. 

      Internet use policy

    • B. 

      User permission policy

    • C. 

      End user policy

    • D. 

      Acceptable use policy

  • 11. 
    A password management and complexity policy will encourage users to avoid weak passwords by recommending each of the following except _______.
    • A. 

      Do not use a password that is a word found in a dictionary

    • B. 

      Do not use the name of a pet

    • C. 

      Do not use alphabetic characters

    • D. 

      Do not use birthdays

  • 12. 
    A personally identifiable information (PII) policy ______.
    • A. 

      Outlines how the organization uses information it collects

    • B. 

      Is required on all Internet Web sites

    • C. 

      Must be certified before it can be used

    • D. 

      Is identical to an AUP

  • 13. 
    • A. 

      The information itself remains on the hard drive until it is overwritten by new files

    • B. 

      The last character of the file name is changed

    • C. 

      The file contents are physically overwritten with zeros

    • D. 

      It is physically removed from the disk once the Recycle Bin is emptied

  • 14. 
    Each of the following is usually contained in a service level agreement except ______.
    • A. 

      Scope of the work to be performed

    • B. 

      Exclusions and exceptions

    • C. 

      Requirements for PII

    • D. 

      Penalties for failure to fulfill obligations

  • 15. 
    A classification of information policyis designed to produce a standardized framework for classifying _____.
    • A. 

      Types of policies

    • B. 

      User password violations

    • C. 

      Free hard drive

    • D. 

      Information assets

  • 16. 
    _____ may be defined as the study of what people understand to be good and right behavior and how people make those judgments.
    • A. 

      Ethics

    • B. 

      Morals

    • C. 

      Values

    • D. 

      Principles

  • 17. 
    For adult learners a(n) _____ approach (the art of helping an adult learn) is often preferred.
    • A. 

      Institutional

    • B. 

      Auditory

    • C. 

      Pedagogical

    • D. 

      Andragogical

  • 18. 
    Social engineering ______.
    • A. 

      Relies on tricking and deceiving someone to provide secure information

    • B. 

      Is illegal in the U.S.

    • C. 

      Requires a computer and Internet connection

    • D. 

      Is rarely used today

  • 19. 
    _____ is a technique that targets only specific users.  
    • A. 

      Spear phishing

    • B. 

      Phishing

    • C. 

      Pharming

    • D. 

      Yahoo phishing

  • 20. 
    Watching an individual enter a security code on a keypad without her permission is known as _______.
    • A. 

      Shoulder surfing

    • B. 

      Keyboard observation (KO)

    • C. 

      Keypad eavesdropping

    • D. 

      Finger scanning