Question 1

Which of the following is true regarding an incident-response plan?

Accepted Answer

A)  The plan should provide decentralized reporting of all security incidents. 
B)  The plan should require minimal training on the part of employees. 
C)  The plan should identify critical personnel and their off-hours contact information. 
D)  The plan should be simple enough to ensure a fast response with limited practice. 
A)  The plan should provide decentralized reporting of all security incidents. 
B)  The plan should require minimal training on the part of employees. 
C)  The plan should identify critical personnel and their off-hours contact information. 
D)  The plan should be simple enough to ensure a fast response with limited practice.

Question 2

Following a disaster,hot sites provide office space,but customers themselves must provide and install the equipment needed to continue operations.

Accepted Answer

A) True 
 B)False

Question 3

An employee carelessly releases proprietary data to the media.This is a case of ________ resulting from ________.

Accepted Answer

A)  loss of infrastructure; human error 
B)  unauthorized data disclosure; human error 
C)  loss of infrastructure; malicious activity 
D)  unauthorized data disclosure; malicious activity. 
A)  loss of infrastructure; human error 
B)  unauthorized data disclosure; human error 
C)  loss of infrastructure; malicious activity 
D)  unauthorized data disclosure; malicious activity.

Question 4

Incorrectly increasing a customer's discount is an example of incorrect data modification.

Accepted Answer

A) True 
 B)False

Question 5

________ occurs when a person gains unauthorized access to a computer system.

Accepted Answer

A)  Usurpation 
B)  Spoofing 
C)  Hacking 
D)  Phishing 
A)  Usurpation 
B)  Spoofing 
C)  Hacking 
D)  Phishing

Question 6

A(n)________ sits outside the organizational network and is the first device that Internet traffic encounters.

Accepted Answer

A)  internal firewall 
B)  perimeter firewall 
C)  packet-filtering firewall 
D)  malware firewall 
A)  internal firewall 
B)  perimeter firewall 
C)  packet-filtering firewall 
D)  malware firewall

Question 7

Sniffing is usually initiated via email.

Accepted Answer

A) True 
 B)False

Question 8

In terms of password management,when an account is created,users should ________.

Accepted Answer

A)  create two passwords and switch back and forth between those two 
B)  immediately change the password they are given to a password of their own 
C)  maintain the same password they are given for all future authentication purposes 
D)  ensure that they do not change their passwords frequently, thereby reducing the risk of password loss 
A)  create two passwords and switch back and forth between those two 
B)  immediately change the password they are given to a password of their own 
C)  maintain the same password they are given for all future authentication purposes 
D)  ensure that they do not change their passwords frequently, thereby reducing the risk of password loss

Question 9

A user name ________ a user.

Accepted Answer

A)  authenticates 
B)  identifies 
C)  conceals 
D)  encrypts 
A)  authenticates 
B)  identifies 
C)  conceals 
D)  encrypts

Question 10

A password ________ a user.

Accepted Answer

A)  authenticates 
B)  identifies 
C)  conceals 
D)  encrypts 
A)  authenticates 
B)  identifies 
C)  conceals 
D)  encrypts

Question 11

A ________ pretends to be a legitimate company and sends emails requesting confidential data.

Accepted Answer

A)  hacker 
B)  phisher 
C)  drive-by sniffer 
D)  sniffer 
A)  hacker 
B)  phisher 
C)  drive-by sniffer 
D)  sniffer

Question 12

Activity log analysis is an important ________ function.

Accepted Answer

A)  account administration 
B)  security monitoring 
C)  backup 
D)  data administration 
A)  account administration 
B)  security monitoring 
C)  backup 
D)  data administration

Question 13

Users of smart cards are required to enter a ________ to be authenticated.

Accepted Answer

A)  PIN 
B)  password 
C)  biometric detail 
D)  key 
A)  PIN 
B)  password 
C)  biometric detail 
D)  key

Question 14

Every organization should have a(n)________ as part of the security program,which should include how employees are to react to security problems,whom they should contact,the reports they should make,and steps they can take to reduce further loss.

Accepted Answer

A)  key escrow 
B)  smart card 
C)  human safeguard plan 
D)  incident-response plan 
A)  key escrow 
B)  smart card 
C)  human safeguard plan 
D)  incident-response plan

Question 15

In the context of human safeguards against security threats,the security sensitivity for each position should be documented.

Accepted Answer

A) True 
 B)False

Question 16

The broadest definition of ________ includes viruses,worms,Trojan horses,spyware,and adware.

Accepted Answer

A)  malware 
B)  metadata 
C)  software 
D)  widgets 
A)  malware 
B)  metadata 
C)  software 
D)  widgets

Question 17

Technical safeguards include passwords and encryption.

Accepted Answer

A) True 
 B)False

Question 18

A problem in a customer billing system that occurs due to errors made during software installation is a case of ________ resulting from ________.

Accepted Answer

A)  faulty service; human error 
B)  distributed denial of service; malicious activity 
C)  faulty service; malicious activity 
D)  distributed denial of service; human error 
A)  faulty service; human error 
B)  distributed denial of service; malicious activity 
C)  faulty service; malicious activity 
D)  distributed denial of service; human error

Question 19

Which of the following is a technical safeguard against security threats?

Accepted Answer

A)  passwords 
B)  backup and recovery 
C)  compliance 
D)  identification and authorization 
A)  passwords 
B)  backup and recovery 
C)  compliance 
D)  identification and authorization

Question 20

Which of the following is a synonym for phishing?

Accepted Answer

A)  drive-by sniffing 
B)  e-mail spoofing 
C)  IP spoofing 
D)  system hacking 
A)  drive-by sniffing 
B)  e-mail spoofing 
C)  IP spoofing 
D)  system hacking

Exam 12: Information Security Management

Which of the following is true regarding an incident-response plan?

Following a disaster,hot sites provide office space,but customers themselves must provide and install the equipment needed to continue operations.

An employee carelessly releases proprietary data to the media.This is a case of ________ resulting from ________.

Incorrectly increasing a customer's discount is an example of incorrect data modification.

________ occurs when a person gains unauthorized access to a computer system.

A(n)________ sits outside the organizational network and is the first device that Internet traffic encounters.

Sniffing is usually initiated via email.

In terms of password management,when an account is created,users should ________.

A user name ________ a user.

A password ________ a user.

A ________ pretends to be a legitimate company and sends emails requesting confidential data.

Activity log analysis is an important ________ function.

Users of smart cards are required to enter a ________ to be authenticated.

Every organization should have a(n)________ as part of the security program,which should include how employees are to react to security problems,whom they should contact,the reports they should make,and steps they can take to reduce further loss.

In the context of human safeguards against security threats,the security sensitivity for each position should be documented.

The broadest definition of ________ includes viruses,worms,Trojan horses,spyware,and adware.

Technical safeguards include passwords and encryption.

A problem in a customer billing system that occurs due to errors made during software installation is a case of ________ resulting from ________.

Which of the following is a technical safeguard against security threats?

Which of the following is a synonym for phishing?

The Importance of MIS

Business Processes, Information, and Information Systems

Organizational Strategy, Information Systems, and Competitive Advantage

Hardware and Software

Database Processing

Data Communications

Business Process Management

E-Commerce, Web 2.0, and Social Networking

Business Intelligence and Information Systems for Decision Making

Information Systems Development

Information Systems Management

Improving Your Collaboration Skills

Using Collaboration Information Systems

Information Systems and Decision Making

Knowledge Management and Expert Systems

Introduction to Microsoft Excel

Preparing a Computer Budget Using Excel

Database Design

Using Microsoft Access 2010

Using Excel and Access Together

Remote, Nomadic, and Mobile Systems

Functional Processes, Applications, and Systems

Enterprise Resource Planning (ERP)Systems

Supply Chain Management

Processing Social Capital: Facebook, Twitter, and User-Generated Content (UGC)

Database Marketing

Reporting Systems and OLAP

Geographic Information Systems

Business Process Management

Systems Development Project Management

Outsourcing

International MIS

Filters

An employee carelessly releases proprietary data to the media.This is a case of resulting from .

A problem in a customer billing system that occurs due to errors made during software installation is a case of resulting from .