1.
Information security's primary mission is to ensure that system and their contents retain their confidentiality at all costs.
Correct Answer
B. False
Explanation
The statement is false because while confidentiality is an important aspect of information security, it is not the primary mission. The primary mission of information security is to protect the confidentiality, integrity, and availability of systems and their contents. This means ensuring that information is not only kept confidential, but also accurate, reliable, and accessible when needed.
2.
Much human error or failure can be prevented with training and ongoing awareness activities.
Correct Answer
A. True
Explanation
Training and ongoing awareness activities can help to prevent human error or failure. By providing individuals with the necessary knowledge and skills, training can reduce the likelihood of mistakes or failures occurring. Additionally, ongoing awareness activities can help to reinforce this training and keep individuals vigilant and informed about potential risks or pitfalls. Therefore, it is reasonable to conclude that much human error or failure can be prevented through these measures.
3.
Attacks conducted by scripts are usually unpredictable
Correct Answer
B. False
Explanation
Attacks conducted by scripts are usually predictable, as they follow predefined instructions or patterns programmed into the script. This allows security systems to detect and defend against such attacks more effectively.
4.
Compared to web site defacement, vandalism from within a network is less malicious in intent and more public.
Correct Answer
B. False
Explanation
Vandalism from within a network is more malicious in intent and less public compared to web site defacement. This means that when vandalism occurs within a network, it is typically done with the intention of causing harm or disruption. Additionally, it is less public because it is usually targeted towards specific systems or networks, whereas web site defacement is more visible to the public as it involves altering the appearance or content of a website. Therefore, the statement "Compared to web site defacement, vandalism from within a network is less malicious in intent and more public" is false.
5.
A worm requires that another program is running before it can begin functioning.
Correct Answer
B. False
Explanation
A worm is a self-replicating program that does not require another program to be running in order to function. It can independently spread across computer networks and systems, exploiting vulnerabilities to infect and propagate itself. Therefore, the statement that a worm requires another program to be running before it can begin functioning is false.
6.
Organizations can use dictionaries to screen passwords during the reset process and thus guard against easy-to-guess passwords.
Correct Answer
A. True
Explanation
Using dictionaries to screen passwords during the reset process can help organizations protect against easy-to-guess passwords. By comparing the passwords entered by users against a dictionary of commonly used or easily guessable passwords, organizations can identify and reject weak passwords, thereby enhancing the security of their systems. This practice is commonly employed to prevent unauthorized access and reduce the risk of security breaches.
7.
Denial-of-Service attacks cannot be launched against routers.
Correct Answer
B. False
Explanation
Denial-of-Service (DoS) attacks can indeed be launched against routers. A DoS attack is a malicious attempt to disrupt the normal functioning of a network or system by overwhelming it with a flood of illegitimate requests or traffic. Routers, being an integral part of a network, can become targets of such attacks. By overwhelming a router with an excessive amount of traffic or exploiting vulnerabilities in its software, an attacker can render it unable to process legitimate network traffic, effectively causing a denial of service. Therefore, the statement that DoS attacks cannot be launched against routers is false.
8.
Ouality security programs begin and end with policy.
Correct Answer
A. True
Explanation
Quality security programs require a clear and well-defined policy as the foundation. Policies outline the objectives, rules, and guidelines that govern the security program. They provide a framework for implementing security controls, procedures, and practices. Without a solid policy in place, it is challenging to establish consistent and effective security measures. Therefore, it is true that quality security programs begin and end with policy.