Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 1: Introduction to Information Security

Full screen (f)
exit full mode
Question
By balancing information security and access, a completely secure information system can be created.
Use Space or
up arrow
down arrow
to flip the card.
Question
The value of information comes from the characteristics it possesses.
Question
Which security project team role is filled by a senior executive who promotes the project and ensures that it is supported, both financially and administratively, at the highest levels of the organization?

A) Team leader
C) Chief information officer
B) Champion
D) Chief information security officer
Question
The security blueprint is a detailed version of the security framework.
Question
Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency?

A) Cyberterrorist
C) Phreaker
B) Packet monkey
D) Hacktivist
Question
Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system?

A) Buffer overflow
C) Spam
B) Mail bomb
D) Timing attack
Question
Which attack is used when a copy of the hash of the user's password has been obtained?

A) Rainbow attack
C) Dictionary attack
B) Brute force attack
D) Spoofing
Question
An unlocked door is an example of a(n) ____.

A) vulnerability
C) risk
B) threat
D) exploit
Question
The McCumber Cube provides a ____ description of the architectural approach widely used in computer and information security.

A) linear
C) graphical
B) triangular
D) semantic
Question
In information security, ____ exists when a vulnerability known to an attacker is present.

A) threat
C) risk
B) loss
D) exposure
Question
One of the basic tenets of security architectures is the spheres of security.
Question
Which resource is a physical asset?

A) Web site
C) Data
B) Computer system
D) Information
Question
Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure?

A) Exploit
C) Vulnerability
B) Exposure
D) Loss
Question
Which term describes a subject or object's ability to use, manipulate, modify, or affect another subject or object?

A) Attack
C) Exploit
B) Possession
D) Access
Question
The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____.

A) confidentiality, integrity, and asset
B) confidentiality, integrity, and availability
C) confidentiality, information, and availability
D) communication, information, and asset
Question
An indirect attack involves a hacker using a personal computer to break into a system.
Question
A(n) ____ is an application error that occurs when more data is sent to a buffer than it can handle.

A) timing attack
C) dictionary attack
B) application control list
D) buffer overflow
Question
Which threat is the most common intellectual property (IP) breach?

A) Software piracy
C) Shoulder surfing
B) Spoofing
D) Password cracking
Question
Organizations must minimize ____ to match their risk appetite.

A) threats
C) risk
B) access
D) loss
Question
Which individual is considered to be a script kiddie who uses automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a denial of service?

A) Cyberterrorist
C) Phreaker
B) Packet monkey
D) Hacktivist
Question
The ____ are the foundation of a security framework.

A) spheres of security
C) layered implementations of security
B) NIST documents
D) CIA triads
Question
A(n) ____ is a written statement of the organization's purpose.

A) vision
C) framework
B) strategic plan
D) mission
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
End users who work with the information to perform their daily jobs supporting the mission of the organization, and who therefore share the responsibility for data security.
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
A term referring to the quality or state of being genuine or original rather than a reproduction or fabrication.
Question
A(n) ____________________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world.
Question
When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable.

A) Comprehension (understanding)
C) Review (reading)
B) Compliance (agreement)
D) Dissemination (distribution)
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
People who work directly with data owners and are responsible for the storage, maintenance, and protection of the information.
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
A term meaning information is free from mistakes or errors and has the value that the end user expects it to have.
Question
An enterprise information security policy (EISP) is also known as a(n) ____.

A) issue-specific security policy
C) systems-specific security policy
B) general security policy
D) strategic planning policy
Question
____________________ is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
Enables authorized users to access information without interference or obstruction, and to receive it in the required format.
Question
Implementing multiple types of technology and thereby preventing the failure of one system from compromising the security of information is referred to as ____________________.
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
The quality or state of having value for some purpose or end.
Question
A(n) ____________________ is a program or device that monitors data traveling over a network.
Question
____________________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages whose IP addresses indicate to the recipient that the messages are coming from a trusted host.
Question
There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules.

A) assessment control lists
C) application control lists
B) authenticity control lists
D) access control lists
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
The protection of information from disclosure or exposure to unauthorized individuals or systems.
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
A term meaning information remains whole, complete, and uncorrupted.
Question
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
People responsible for the security and use of a particular set of information.
Question
Which security project team role is filled by individuals who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies?

A) Security policy developers
C) Security professionals
B) Risk assessment specialists
D) Team leader
Question
Describe how benchmarking and best practices are used and where more information on best practices may be found.
Question
Describe the issue-specific security policy (ISSP) and list three issues it may cover.
Question
How does a distributed denial-of-service (DDoS) attack work and why are they so dangerous?
Question
Define configuration rule policies and compare them to access control lists(ACLs).
Question
Define social engineering and briefly describe how it is accomplished.
Question
List the four important organizational functions an information security program performs.
Question
How does a man-in-the-middle attack work?
Question
Discuss the layered implementation of security.
Question
Describe the chief information security officer (CISO) position.
Question
Describe the purpose of the Security Area Working Group and RFC 2196.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 1: Introduction to Information Security
1
By balancing information security and access, a completely secure information system can be created.
False
2
The value of information comes from the characteristics it possesses.
True
3
Which security project team role is filled by a senior executive who promotes the project and ensures that it is supported, both financially and administratively, at the highest levels of the organization?

A) Team leader
C) Chief information officer
B) Champion
D) Chief information security officer
B
4
The security blueprint is a detailed version of the security framework.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency?

A) Cyberterrorist
C) Phreaker
B) Packet monkey
D) Hacktivist
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system?

A) Buffer overflow
C) Spam
B) Mail bomb
D) Timing attack
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
Which attack is used when a copy of the hash of the user's password has been obtained?

A) Rainbow attack
C) Dictionary attack
B) Brute force attack
D) Spoofing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
An unlocked door is an example of a(n) ____.

A) vulnerability
C) risk
B) threat
D) exploit
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
The McCumber Cube provides a ____ description of the architectural approach widely used in computer and information security.

A) linear
C) graphical
B) triangular
D) semantic
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
In information security, ____ exists when a vulnerability known to an attacker is present.

A) threat
C) risk
B) loss
D) exposure
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
One of the basic tenets of security architectures is the spheres of security.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Which resource is a physical asset?

A) Web site
C) Data
B) Computer system
D) Information
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
Which term identifies a single instance of an information asset suffering damage, unintended or unauthorized modification, or disclosure?

A) Exploit
C) Vulnerability
B) Exposure
D) Loss
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Which term describes a subject or object's ability to use, manipulate, modify, or affect another subject or object?

A) Attack
C) Exploit
B) Possession
D) Access
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____.

A) confidentiality, integrity, and asset
B) confidentiality, integrity, and availability
C) confidentiality, information, and availability
D) communication, information, and asset
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
An indirect attack involves a hacker using a personal computer to break into a system.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
A(n) ____ is an application error that occurs when more data is sent to a buffer than it can handle.

A) timing attack
C) dictionary attack
B) application control list
D) buffer overflow
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Which threat is the most common intellectual property (IP) breach?

A) Software piracy
C) Shoulder surfing
B) Spoofing
D) Password cracking
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Organizations must minimize ____ to match their risk appetite.

A) threats
C) risk
B) access
D) loss
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Which individual is considered to be a script kiddie who uses automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a denial of service?

A) Cyberterrorist
C) Phreaker
B) Packet monkey
D) Hacktivist
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
The ____ are the foundation of a security framework.

A) spheres of security
C) layered implementations of security
B) NIST documents
D) CIA triads
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
A(n) ____ is a written statement of the organization's purpose.

A) vision
C) framework
B) strategic plan
D) mission
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
End users who work with the information to perform their daily jobs supporting the mission of the organization, and who therefore share the responsibility for data security.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
A term referring to the quality or state of being genuine or original rather than a reproduction or fabrication.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
A(n) ____________________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable.

A) Comprehension (understanding)
C) Review (reading)
B) Compliance (agreement)
D) Dissemination (distribution)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
People who work directly with data owners and are responsible for the storage, maintenance, and protection of the information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
A term meaning information is free from mistakes or errors and has the value that the end user expects it to have.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
An enterprise information security policy (EISP) is also known as a(n) ____.

A) issue-specific security policy
C) systems-specific security policy
B) general security policy
D) strategic planning policy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
____________________ is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
Enables authorized users to access information without interference or obstruction, and to receive it in the required format.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Implementing multiple types of technology and thereby preventing the failure of one system from compromising the security of information is referred to as ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
The quality or state of having value for some purpose or end.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
A(n) ____________________ is a program or device that monitors data traveling over a network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
____________________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages whose IP addresses indicate to the recipient that the messages are coming from a trusted host.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules.

A) assessment control lists
C) application control lists
B) authenticity control lists
D) access control lists
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
The protection of information from disclosure or exposure to unauthorized individuals or systems.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
A term meaning information remains whole, complete, and uncorrupted.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Match each item with a statement below.
a.Accuracy
f.Data users
b.Authenticity
g.Integrity
c.Availability
h.Utility
d.Confidentiality
i.Data custodians
e.Data owners
People responsible for the security and use of a particular set of information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Which security project team role is filled by individuals who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies?

A) Security policy developers
C) Security professionals
B) Risk assessment specialists
D) Team leader
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Describe how benchmarking and best practices are used and where more information on best practices may be found.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Describe the issue-specific security policy (ISSP) and list three issues it may cover.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
How does a distributed denial-of-service (DDoS) attack work and why are they so dangerous?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Define configuration rule policies and compare them to access control lists(ACLs).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Define social engineering and briefly describe how it is accomplished.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
List the four important organizational functions an information security program performs.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
How does a man-in-the-middle attack work?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Discuss the layered implementation of security.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Describe the chief information security officer (CISO) position.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Describe the purpose of the Security Area Working Group and RFC 2196.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree