Information Security Ultimate Exam Quiz!

51 Questions | Total Attempts: 8097

SettingsSettingsSettings
Information Security Ultimate Exam Quiz! - Quiz

.


Questions and Answers
  • 1. 
    Another name for the information security triad is:
    • A. 

      The FBI triad.

    • B. 

      The ISS triad.

    • C. 

      The CIA triad.

    • D. 

      The IST triad.

  • 2. 
    Risk, as it applies to information technology, is not associated with which one or more of the following items:
    • A. 

      People

    • B. 

      Practices

    • C. 

      Processes

    • D. 

      Principles

  • 3. 
    Which one of these represents the property of keeping an organization information accurate, without error, and without unauthorized modification?
    • A. 

      Availability

    • B. 

      Integrity

    • C. 

      Confidentiality

    • D. 

      Accountability

  • 4. 
    Which one or more access control categories are sufficient to maintain the CIA triad?
    • A. 

      Detective

    • B. 

      Preventative

    • C. 

      Compensating

    • D. 

      Corrective

  • 5. 
    Which one of the following access control services determines the capabilities of a subject when accessing the object?
    • A. 

      Accountability

    • B. 

      Authorization

    • C. 

      Audit

    • D. 

      I&A

  • 6. 
    Which one of the following access control types covers personnel security, monitoring, user and password management, and permissions management?
    • A. 

      Corrective

    • B. 

      Physical

    • C. 

      Administrative

    • D. 

      Technical

  • 7. 
    While applying the access control matrix may be impractical, an access control list can be employed as a solution.
    • A. 

      True

    • B. 

      False

  • 8. 
    Restricting access to objects based on the sensitivity of the information contained in the objects is an example of:
    • A. 

      MAC.

    • B. 

      DAC.

    • C. 

      RBAC.

    • D. 

      ACL.

  • 9. 
    Which one of the following non-discretionary access control techniques limits a subject's access to objects by examining object data so that the subject's access rights can be determined?
    • A. 

      Rule-based

    • B. 

      Role-based

    • C. 

      Time-based

    • D. 

      Content dependent

  • 10. 
    True or False? For identification to be useful, it is sufficient for each identity to be recognizable to the system.
    • A. 

      True

    • B. 

      False

  • 11. 
    What one or more methods are used to authenticate identity?
    • A. 

      Something you have

    • B. 

      Something you do

    • C. 

      Something you are

    • D. 

      Something you know

  • 12. 
    Which one of the following authentication methods is necessary to safeguard systems and facilities in high-security environments?
    • A. 

      A token

    • B. 

      A PIN

    • C. 

      Biometrics

    • D. 

      Strong/two-factor authentication

  • 13. 
    Though single sign-on can be convenient, what is a potential security problem?
    • A. 

      It can allow an unauthenticated user access to all systems.

    • B. 

      It can allow hackers through the firewall.

    • C. 

      It can allow an unauthenticated user access to secure facilities.

    • D. 

      If you forget your user ID and password, you will not have access to any systems.

  • 14. 
    Which one of the following access control administration methods involves distributing the process to localized parts of the enterprise?
    • A. 

      Centralized

    • B. 

      Hybrid

    • C. 

      Decentralized

    • D. 

      RADIUS

  • 15. 
    What is the simplest way to attack an access control system?
    • A. 

      Break into a building.

    • B. 

      Social engineering.

    • C. 

      Capture a user ID and steal a password.

    • D. 

      Guess a password through a brute force process.

  • 16. 
    An attack where an attacker pretends to be someone else to hide his or her actual identity is known as:
    • A. 

      Spoofing.

    • B. 

      Shoulder surfing.

    • C. 

      Theft.

    • D. 

      Guessing.

  • 17. 
    True or False? The audit function is the principal function for monitoring access.
    • A. 

      True

    • B. 

      False

  • 18. 
    Which one of the following penetration test process phases includes gaining more detailed information about the selected or potential target?
    • A. 

      Vulnerability

    • B. 

      Network scanning

    • C. 

      Enumeration

    • D. 

      Reconnaissance

  • 19. 
    True or False? War dialing locates and then attempts to penetrate wireless systems.
    • A. 

      True

    • B. 

      False

  • 20. 
    True or False? Because the TCB ensures system security through the implementation of security policies, protection against system-wide deficiencies is guaranteed.
    • A. 

      True

    • B. 

      False

  • 21. 
    Which of the following descriptions best explains the function of the security perimeter?
    • A. 

      It acts as a physical barrier to the TCB.

    • B. 

      It determines access to objects by subjects

    • C. 

      It separates the trusted and untrusted parts of a computer system.

    • D. 

      It implements the RM in an operating system.

  • 22. 
    Which of the following statements best describes the primary objective for implementing layered protection?
    • A. 

      It eliminates the risk of security infringements.

    • B. 

      It manages the security of computer components.

    • C. 

      It creates a series of layers that impede penetration attempts.

  • 23. 
    Which one or more categories form the software architecture of a computer system?
    • A. 

      Operating systems

    • B. 

      Firmware

    • C. 

      Appliances

    • D. 

      Application programs

  • 24. 
    Which software category is the first line of defense in a computer system?
    • A. 

      Operating system

    • B. 

      Application program

  • 25. 
    Which of the following techniques allows several programs to appear to operate simultaneously in a single-processor computing system?
    • A. 

      Threading

    • B. 

      Multitasking

    • C. 

      Multithreading