Question 1

Which of the following is not part of the U.S. Government Internet Crime Legislation?

Accepted Answer

A) A penalty of 10 to 20 years imprisonment for attempting to cause injury by means of the Internet, and a penalty of life imprisonment if death occurs. 
B) ISPs are exempt from liability if they report suspicions to the government that an Internet crime might be committed. 
C) ISPs are required to maintain data about all communications events for one year. 
D) The use of electronic surveillance tools for 48 hours pending authorization by courts to use such tools is permitted. 
A) A penalty of 10 to 20 years imprisonment for attempting to cause injury by means of the Internet, and a penalty of life imprisonment if death occurs. 
B) ISPs are exempt from liability if they report suspicions to the government that an Internet crime might be committed. 
C) ISPs are required to maintain data about all communications events for one year. 
D) The use of electronic surveillance tools for 48 hours pending authorization by courts to use such tools is permitted.

Question 2

List the five phases to developing a security policy.

Accepted Answer

Phase 1 - Project initiation,

Question 3

The International Standard Organization is a nonprofit organization dedicated to assist computer users with making their systems more secure.

Accepted Answer

A) True 
 B)False

Question 4

When the impact severity can cause significant damage and cost but the firm will survive, it is classified as:

Accepted Answer

A) severe impact. 
B) minor impact. 
C) major impact. 
D) significant impact. 
A) severe impact. 
B) minor impact. 
C) major impact. 
D) significant impact.

Question 5

The contingency plan specifies those measures that ensure the safety of employees when disaster strikes.

Accepted Answer

A) True 
 B)False

Question 6

Which one of the following is not a general practice that retailers should follow as identified by Visa?

Accepted Answer

A) Do not leave data or computers unsecured. 
B) Destroy data when it is no longer needed. 
C) Screen employees who have access to data. 
D) Regularly test the security system. 
A) Do not leave data or computers unsecured. 
B) Destroy data when it is no longer needed. 
C) Screen employees who have access to data. 
D) Regularly test the security system.

Question 7

A packet- filtering firewall is the most effective type of firewall.

Accepted Answer

A) True 
 B)False

Question 8

In which phase of an information security policy would the project team consult with all interested and affected parties to determine the requirements of the new policy?

Accepted Answer

A) project initiation 
B) policy development 
C) policy dissemination 
D) consultation and approval 
A) project initiation 
B) policy development 
C) policy dissemination 
D) consultation and approval

Question 9

The organization that aims its certification at intrusion detection, firewall and perimeter protection, and operating system security is the:

Accepted Answer

A) SANS Institute. 
B) Information Systems Audit and Control Association. 
C) International Standards Organization. 
D) International Information System Security Certification Consortium. 
A) SANS Institute. 
B) Information Systems Audit and Control Association. 
C) International Standards Organization. 
D) International Information System Security Certification Consortium.

Question 10

Insider threat prediction tools have been developed that consider such characteristics as the person 's position in the firm, access to sensitive data, ability to alter hardware components, the types of applications used, the files owned, and the usage of certain network protocols.

Accepted Answer

A) True 
 B)False

Question 11

Who is the CIAO and to whom does he or she report?

Accepted Answer

The CIAO is the corporate info

Question 12

A control is a mechanism that is implemented to either protect the firm from risks or to minimize the impact of the risks on the firm should they occur.

Accepted Answer

A) True 
 B)False

Question 13

Identification and authentication make use of ___________.

Accepted Answer

The answer of Identification and authentication make use of ___________....

Question 14

Identification and authentication make use of___________ , or descriptions of authorized users.

Accepted Answer

The answer of Identification and authentication make use of___________ ,...

Question 15

When the database and software library are made available to persons not entitled to have access, the type of information security risk is:

Accepted Answer

A) unauthorized destruction and denial of service. 
B) unauthorized use. 
C) unauthorized disclosure and theft. 
D) unauthorized modification. 
A) unauthorized destruction and denial of service. 
B) unauthorized use. 
C) unauthorized disclosure and theft. 
D) unauthorized modification.

Question 16

Which of the following is not a step in information security management?

Accepted Answer

A) Define the controls that the threats can impose. 
B) Establish an information security policy. 
C) Implement controls that address the risks. 
D) Identify the threats that can attack the firm's information resources. 
A) Define the controls that the threats can impose. 
B) Establish an information security policy. 
C) Implement controls that address the risks. 
D) Identify the threats that can attack the firm's information resources.

Question 17

The backup plan where hardware, software, and data are duplicated so that when one set is inoperable, the backup set can continue the processing is called redundancy.

Accepted Answer

A) True 
 B)False

Question 18

Which type of control is built into systems by the system developers during the system development life cycle?

Accepted Answer

A) formal control 
B) informal control 
C) technical control 
D) access control 
A) formal control 
B) informal control 
C) technical control 
D) access control

Question 19

Cryptography is the use of coding by means of mathematical processes.

Accepted Answer

A) True 
 B)False

Question 20

Identify the four steps of information security management.

Accepted Answer

1) Identifying the threats that can atta

Exam 9: Information Security

Which of the following is not part of the U.S. Government Internet Crime Legislation?

List the five phases to developing a security policy.

The International Standard Organization is a nonprofit organization dedicated to assist computer users with making their systems more secure.

When the impact severity can cause significant damage and cost but the firm will survive, it is classified as:

The contingency plan specifies those measures that ensure the safety of employees when disaster strikes.

Which one of the following is not a general practice that retailers should follow as identified by Visa?

A packet- filtering firewall is the most effective type of firewall.

In which phase of an information security policy would the project team consult with all interested and affected parties to determine the requirements of the new policy?

The organization that aims its certification at intrusion detection, firewall and perimeter protection, and operating system security is the:

Insider threat prediction tools have been developed that consider such characteristics as the person 's position in the firm, access to sensitive data, ability to alter hardware components, the types of applications used, the files owned, and the usage of certain network protocols.

Who is the CIAO and to whom does he or she report?

A control is a mechanism that is implemented to either protect the firm from risks or to minimize the impact of the risks on the firm should they occur.

Identification and authentication make use of ___________.

Identification and authentication make use of___________ , or descriptions of authorized users.

When the database and software library are made available to persons not entitled to have access, the type of information security risk is:

Which of the following is not a step in information security management?

The backup plan where hardware, software, and data are duplicated so that when one set is inoperable, the backup set can continue the processing is called redundancy.

Which type of control is built into systems by the system developers during the system development life cycle?

Cryptography is the use of coding by means of mathematical processes.

Identify the four steps of information security management.

Introduction to Information Systems

Information Systems for Competitive Advantage

Using Information Technology to Engage in Electronic Commerce

System Users and Developers

Computing and Communications Resources

Database Management Systems

Systems Development

Information in Action

Ethical Implications of Information Technology

Decision Support Systems

Everyday Technology Skills

Web/HTML Project Using Microsoft FrontPage

Web/HTML Project Using Notepad

Web/HTML Student Survey

Web/HTML Book Purchase

Spreadsheet Basics

Spreadsheets with Data Capture - Vacation Choice

Spreadsheets with Data Capture - Movie Ticket Purchase

Database Forms and Reports

Database Queries - Customer Database

Database Queries - Inventory Database

Reports Based on Queries

Filters