The Ultimate Quiz On Information Assets

238 Questions | Total Attempts: 44

SettingsSettingsSettings
Please wait...
Information Quizzes & Trivia

.


Questions and Answers
  • 1. 
    What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?
    • A. 

      Systems diagramming

    • B. 

      Network diagramming

    • C. 

      Application diagramming

    • D. 

      Database diagramming

  • 2. 
    In a CPMT, a(n) ____ should be a high-level manager with influence and resources that can be used to support the project team, promote the objectives of the CP project, and endorse the results that come from the combined effort.
    • A. 

      project manager

    • B. 

      Crisis manager

    • C. 

      Incident manager

    • D. 

      Champion

  • 3. 
    The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.
    • A. 

      Wiretap Act

    • B. 

      Pen/Trap Statute

    • C. 

      Fourth amendment to the U.S. Constitution

    • D. 

      Electronic Communication Protection Act

  • 4. 
    ____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up. 
    • A. 

      Follow-on incidents

    • B. 

      Blue bag operations

    • C. 

      Black bag operations

    • D. 

      War games

  • 5. 
    Information assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction.
    • A. 

      Availability

    • B. 

      Risk assessment

    • C. 

      Integrity

    • D. 

      Confidentiality

  • 6. 
    ____ ensures that only those with the rights and privileges to access information are able to do so.
    • A. 

      Confidentiality

    • B. 

      Risk assessment

    • C. 

      Availability

    • D. 

      Integrity

  • 7. 
    ____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
    • A. 

      Mitigation

    • B. 

      Acceptance

    • C. 

      Transference

    • D. 

      Avoidance

  • 8. 
    A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organizatio.
    • A. 

      Business impact analysis (BIA)

    • B. 

      Business continuity analysis (BCA)

    • C. 

      Incident response analysis (IRA)

    • D. 

      Threat analysis

  • 9. 
    Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.
    • A. 

      Integrity

    • B. 

      Availability

    • C. 

      Confidentiality

    • D. 

      Risk assessment

  • 10. 
    A(n) ____ is used to anticipate, react to, and recover from events that threaten the security of information and information assets in an organization; it is also used to restore the organization to normal modes of business operations;
    • A. 

      Contingency plan

    • B. 

      Security plan

    • C. 

      Threat plan

    • D. 

      Social plan

  • 11. 
    The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.
    • A. 

      C.I.A. triangle

    • B. 

      Asset classification

    • C. 

      Strategic plan

    • D. 

      Disaster recovery plan

  • 12. 
    ____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
    • A. 

      Acceptance

    • B. 

      Avoidance

    • C. 

      Mitigation

    • D. 

      Inheritance

  • 13. 
    The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.
    • A. 

      Trespass

    • B. 

      Polymorphism

    • C. 

      Denial-of-service

    • D. 

      Theft

  • 14. 
    A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.
    • A. 

      Threat

    • B. 

      Intellectual property

    • C. 

      Payload

    • D. 

      Trojan horse

  • 15. 
    A(n) ____ is a plan or course of action used by an organization to convey instructions from its senior management to those who make decisions, take actions, and perform other duties on behalf of the organization.
    • A. 

      Policy

    • B. 

      Residual risk

    • C. 

      Assessment

    • D. 

      Business continuity plan

  • 16. 
    ____ (sometimes referred to as avoidance) is the risk control strategy that attempts to prevent the exploitation of a vulnerability.
    • A. 

      Defense

    • B. 

      Mitigation

    • C. 

      Transference

    • D. 

      Acceptance

  • 17. 
    ____ is the process of moving an organization toward its vision.
    • A. 

      Strategic planning

    • B. 

      Contingency planning

    • C. 

      Enterprise information planning

    • D. 

      Security planning

  • 18. 
    A(n) ____ attack&seeks$to*[email protected]\access[to>services0byXeither tying up a server's available resources or causing it to shut down.
    • A. 

      DoS

    • B. 

      Spyware

    • C. 

      Trojan horse

    • D. 

      Social engineering

  • 19. 
    A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
    • A. 

      Incident

    • B. 

      Trespass

    • C. 

      Trojan horse

    • D. 

      Risk

  • 20. 
    A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made.
    • A. 

      Risk assessment

    • B. 

      Mitigation plan

    • C. 

      Risk management

    • D. 

      Disaster recovery plan

  • 21. 
    ____ assigns a risk rating or score to each information asset. Although this number does not mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.
    • A. 

      Avoidance

    • B. 

      BC

    • C. 

      DR

    • D. 

      Risk assessment

  • 22. 
    ____ hack systems to conduct terrorist activities through network or Internet pathways.
    • A. 

      Programmers

    • B. 

      Social engineers

    • C. 

      Script kiddies

    • D. 

      Cyberterrorists

  • 23. 
    A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.
    • A. 

      Disaster recovery plan

    • B. 

      Risk assessment plan

    • C. 

      Business continuity plan

    • D. 

      Incident response plan

  • 24. 
    ____ is a risk control approach that attempts to shift the risk to other assets, other processes, or other organizations.
    • A. 

      Transference

    • B. 

      Avoidance

    • C. 

      Acceptance

    • D. 

      Mitigation

  • 25. 
    The ____ job functions and organizational roles focus on protecting the organization's information systems and stored information from attacks.
    • A. 

      Organizational management and professionals

    • B. 

      Information security management and professionals

    • C. 

      Information technology management and professionals

    • D. 

      Human resource management and professional