Question 1

Some of the most common guidelines issued by Web sites when designing a secure password include:

Accepted Answer

A)  The password should be at least eight characters long and include at least one number and other nonalphabet character. 
B)  The password should be short and straightforward. 
C)  The password should include names of family members or pets, so as to be easily remembered. 
D)  The password should be random and more than 12 characters long to avoid risk of being guessed by a hacker. 
E)  The password should be the same as your name so as to trick the hacker. 
A)  The password should be at least eight characters long and include at least one number and other nonalphabet character. 
B)  The password should be short and straightforward. 
C)  The password should include names of family members or pets, so as to be easily remembered. 
D)  The password should be random and more than 12 characters long to avoid risk of being guessed by a hacker. 
E)  The password should be the same as your name so as to trick the hacker.

Question 2

Offering financial or valuable incentives to gain information, access, or favors is a proven method used by social engineering experts.

Accepted Answer

A) True 
 B)False

Question 3

What are the steps to be taken by an employee to ensure organizational security?

Accepted Answer

Employees need to know a firm's policies

Question 4

A system that monitors network use for potential hacking attempts and takes preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel is known as a(n):

Accepted Answer

A)  firewall system. 
B)  whitelist. 
C)  intrusion detection system. 
D)  honeypot system. 
E)  patching system. 
A)  firewall system. 
B)  whitelist. 
C)  intrusion detection system. 
D)  honeypot system. 
E)  patching system.

Question 5

Which of the following is a valid statement on information security?

Accepted Answer

A)  Security breaches cannot be prevented despite the adoption of the best security policies. 
B)  Technology lapses are solely responsible for almost all security breaches. 
C)  Information security is everybody's responsibility. 
D)  Greater expenditure on security products is the only way to contain security breaches. 
E)  A reactive, rather than proactive, approach is better suited for dealing with security breaches. 
A)  Security breaches cannot be prevented despite the adoption of the best security policies. 
B)  Technology lapses are solely responsible for almost all security breaches. 
C)  Information security is everybody's responsibility. 
D)  Greater expenditure on security products is the only way to contain security breaches. 
E)  A reactive, rather than proactive, approach is better suited for dealing with security breaches.

Question 6

Which of the followings aspects of international law would enable a cyber-criminal operating across borders to evade prosecution?

Accepted Answer

A)  Lack of technology to identify the origin of a security attack 
B)  Non-recognition of commission of a security-related crime 
C)  Unwillingness of developed countries to share technical know-how with lesser-developed countries 
D)  Non-existent extradition agreements between two countries 
E)  Technological incompatibility between the two countries 
A)  Lack of technology to identify the origin of a security attack 
B)  Non-recognition of commission of a security-related crime 
C)  Unwillingness of developed countries to share technical know-how with lesser-developed countries 
D)  Non-existent extradition agreements between two countries 
E)  Technological incompatibility between the two countries

Question 7

Computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. These exploits are called:

Accepted Answer

A)  rootkits. 
B)  trojans. 
C)  viruses. 
D)  worms. 
E)  honeypots. 
A)  rootkits. 
B)  trojans. 
C)  viruses. 
D)  worms. 
E)  honeypots.

Question 8

Multiple administrators jointly controlling key systems are an unnecessary burden that adds to the complexity of managing security in an organization.

Accepted Answer

A) True 
 B)False

Question 9

_____ are systems that act as controls for network traffic, blocking unauthorized traffic while permitting acceptable use.

Accepted Answer

The answer of _____ are systems that act as controls...

Question 10

The ISO 27000 series of evolving standards represent the set of best practices for developing and improving organizational security.

Accepted Answer

A) True 
 B)False

Question 11

A(n) _____ is someone who uncovers computer weaknesses without exploiting them.

Accepted Answer

A)  hacktivist 
B)  data harvester 
C)  corporate spy 
D)  white hat hacker 
E)  ethical cyber criminal 
A)  hacktivist 
B)  data harvester 
C)  corporate spy 
D)  white hat hacker 
E)  ethical cyber criminal

Question 12

The term _____ originally referred to a particularly skilled programmer.

Accepted Answer

A)  data harvester 
B)  cracke 
C)  hacker 
D)  black hat 
E)  hacktivist 
A)  data harvester 
B)  cracke 
C)  hacker 
D)  black hat 
E)  hacktivist

Question 13

What are some of the key lessons to be learned from the TJX security breach?

Accepted Answer

The TJX security breach is a very import

Question 14

Implementation of information security in an organization should essentially start with:

Accepted Answer

A)  upgrading to the latest hardware and software available in the market. 
B)  researching and complying with the latest industry guidelines. 
C)  investing in the best infrastructure. 
D)  inventory-style auditing and risk assessment of threats. 
E)  employing a security consultant. 
A)  upgrading to the latest hardware and software available in the market. 
B)  researching and complying with the latest industry guidelines. 
C)  investing in the best infrastructure. 
D)  inventory-style auditing and risk assessment of threats. 
E)  employing a security consultant.

Question 15

Which of the following types of infiltration techniques does one open up to by posting sensitive personal information and details about one's workplace on social networking sites?

Accepted Answer

A)  Phishing 
B)  Social engineering 
C)  Password theft 
D)  Virus infections 
E)  Physical threats 
A)  Phishing 
B)  Social engineering 
C)  Password theft 
D)  Virus infections 
E)  Physical threats

Question 16

You have received an e-mail that looks suspiciously close to a phishing mail. What is the best course of action to be followed?

Accepted Answer

A)  Click on the link in the mail 
B)  Click on the link in the mail and provide any information you are asked for 
C)  Do not click on any links, or download any enclosures 
D)  Click on the link and download the anti-virus software 
E)  Forward the mail to your colleagues 
A)  Click on the link in the mail 
B)  Click on the link in the mail and provide any information you are asked for 
C)  Do not click on any links, or download any enclosures 
D)  Click on the link and download the anti-virus software 
E)  Forward the mail to your colleagues

Question 17

Which of the following statements holds true for the term encryption?

Accepted Answer

A)  It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software. 
B)  It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source. 
C)  It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key. 
D)  It refers to a seemingly tempting, but bogus target meant to draw hacking attempts. 
E)  It refers to highly restrictive programs that permit communication only with approved entities and / or in an approved manner. 
A)  It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software. 
B)  It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source. 
C)  It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key. 
D)  It refers to a seemingly tempting, but bogus target meant to draw hacking attempts. 
E)  It refers to highly restrictive programs that permit communication only with approved entities and / or in an approved manner.

Question 18

Lobbying for legislation that imposes severe penalties on crooks can help lower adversary costs.

Accepted Answer

A) True 
 B)False

Question 19

_____, probably the most notorious known act of cyberwarfare effort to date (one expert called it "the most sophisticated worm ever created"), is suspected to have been launched by either U.S. or Israeli intelligence (or both), and it infiltrated Iranian nuclear facilities and reprogrammed the industrial control software operating hundreds of uranium-enriching centrifuges.

Accepted Answer

The answer of _____, probably the most notorious known act...

Question 20

Attacks that exhaust all possible password combinations in order to break into an account are called _____ attacks.

Accepted Answer

A)  strong arm 
B)  permuted 
C)  brute-force 
D)  zero-day 
E)  infinity 
A)  strong arm 
B)  permuted 
C)  brute-force 
D)  zero-day 
E)  infinity

Some of the most common guidelines issued by Web sites when designing a secure password include:

Offering financial or valuable incentives to gain information, access, or favors is a proven method used by social engineering experts.

What are the steps to be taken by an employee to ensure organizational security?

A system that monitors network use for potential hacking attempts and takes preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel is known as a(n):

Which of the following is a valid statement on information security?

Which of the followings aspects of international law would enable a cyber-criminal operating across borders to evade prosecution?

Computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. These exploits are called:

Multiple administrators jointly controlling key systems are an unnecessary burden that adds to the complexity of managing security in an organization.

_____ are systems that act as controls for network traffic, blocking unauthorized traffic while permitting acceptable use.

The ISO 27000 series of evolving standards represent the set of best practices for developing and improving organizational security.

A(n) _____ is someone who uncovers computer weaknesses without exploiting them.

The term _____ originally referred to a particularly skilled programmer.

What are some of the key lessons to be learned from the TJX security breach?

Implementation of information security in an organization should essentially start with:

Which of the following types of infiltration techniques does one open up to by posting sensitive personal information and details about one's workplace on social networking sites?

You have received an e-mail that looks suspiciously close to a phishing mail. What is the best course of action to be followed?

Which of the following statements holds true for the term encryption?

Lobbying for legislation that imposes severe penalties on crooks can help lower adversary costs.

Attacks that exhaust all possible password combinations in order to break into an account are called _____ attacks.

Setting the Stage: Technology and the Modern Enterprise

Strategy and Technology: Concepts and Frameworks for Understanding What Separates Winners From Losers

Zara: Fast Fashion From Savvy Systems

Netflix in Two Acts: the Making of an E-Commerce Giant and the Uncertain Future of Atoms to Bits

Moores Law and More: Fast, Cheap Computing, Disruptive Innovation, and What This Means for the Manager

Amazoncom: an Empire Stretching From Cardboard Box to Kindle to Cloud

Understanding Network Effects: Strategies for Competing in a Platform-Centric, Winner-Take-All World

Social Media, Peer Production, and Web 20

Facebook: Building a Business From the Social Graph

Understanding Software: a Primer for Managers

Software in Flux: Partly Cloudy and Sometimes Free

The Data Asset: Databases, Business Intelligence, Big Data, and Competitive Advantage

A Managers Guide to the Internet and Telecommunications

Google in Three Parts: Search, Online Advertising, and Beyond

Filters

Exam 14: Information Security: Barbarians at the Gateway and Just About Everywhere Else

Some of the most common guidelines issued by Web sites when designing a secure password include:

Offering financial or valuable incentives to gain information, access, or favors is a proven method used by social engineering experts.

What are the steps to be taken by an employee to ensure organizational security?

A system that monitors network use for potential hacking attempts and takes preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel is known as a(n):

Which of the following is a valid statement on information security?

Which of the followings aspects of international law would enable a cyber-criminal operating across borders to evade prosecution?

Computer systems are often infected with malware by means of exploits that sneak in masquerading as something they are not. These exploits are called:

Multiple administrators jointly controlling key systems are an unnecessary burden that adds to the complexity of managing security in an organization.

_____ are systems that act as controls for network traffic, blocking unauthorized traffic while permitting acceptable use.

The ISO 27000 series of evolving standards represent the set of best practices for developing and improving organizational security.

A(n) _____ is someone who uncovers computer weaknesses without exploiting them.

The term _____ originally referred to a particularly skilled programmer.

What are some of the key lessons to be learned from the TJX security breach?

Implementation of information security in an organization should essentially start with:

Which of the following types of infiltration techniques does one open up to by posting sensitive personal information and details about one's workplace on social networking sites?

You have received an e-mail that looks suspiciously close to a phishing mail. What is the best course of action to be followed?

Which of the following statements holds true for the term encryption?

Lobbying for legislation that imposes severe penalties on crooks can help lower adversary costs.

Attacks that exhaust all possible password combinations in order to break into an account are called _____ attacks.

Setting the Stage: Technology and the Modern Enterprise

Strategy and Technology: Concepts and Frameworks for Understanding What Separates Winners From Losers

Zara: Fast Fashion From Savvy Systems

Netflix in Two Acts: the Making of an E-Commerce Giant and the Uncertain Future of Atoms to Bits

Moores Law and More: Fast, Cheap Computing, Disruptive Innovation, and What This Means for the Manager

Amazoncom: an Empire Stretching From Cardboard Box to Kindle to Cloud

Understanding Network Effects: Strategies for Competing in a Platform-Centric, Winner-Take-All World

Social Media, Peer Production, and Web 20

Facebook: Building a Business From the Social Graph

Understanding Software: a Primer for Managers

Software in Flux: Partly Cloudy and Sometimes Free

The Data Asset: Databases, Business Intelligence, Big Data, and Competitive Advantage

A Managers Guide to the Internet and Telecommunications

Google in Three Parts: Search, Online Advertising, and Beyond

Filters