Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 13: Information Security Management

Full screen (f)
exit full mode
Question
Unauthorized data disclosures can occur from malicious human activity.
Use Space or
up arrow
down arrow
to flip the card.
Question
Everyone in the department must adequately safeguard company assets.This statement is in accordance with the elements of company security outlined in the NIST Handbook.
Question
The IT department should set the security policy for an organization.
Question
Drive-by spoofers take computers with wireless connections through an area and search for unprotected wireless networks.
Question
When a hacker floods a Web server with millions of bogus service requests so that it cannot service legitimate requests,this is called a denial-of-service attack.
Question
People who intentionally gain unauthorized access to computer systems are called hackers.
Question
Spoofing is a technique for intercepting computer communications.
Question
According to the elements of company security outlined in the NIST Handbook,computer security should not be constrained by societal factors.
Question
Any action,device,procedure,technique,or other measure that reduces a system's vulnerability to a threat is a safeguard.
Question
Drive-by sniffers can be prevented from accessing wireless networks by protecting them.
Question
The Privacy Act of 1974 gives individuals the right to access health data.
Question
Phishing is when someone sends an email pretending to be a legitimate company and asking for confidential data,such as account numbers.
Question
An example of malicious human activity could include an employee who,in the course of backing up a database,inadvertently installs an old database on top of the current one.
Question
Denial of service always occurs because of malicious attacks on the system.
Question
Faulty service can be caused by usurpation.
Question
Pretexting occurs when you receive a confidential SMS by mistake.
Question
Risk management can only be approximated because of uncertainty.
Question
An example of a human mistake is an employee entering the wrong data into an account.
Question
Email spoofing is a synonym for phishing.
Question
Uncertainty is the likelihood of an adverse occurrence.
Question
With symmetric encryption,both parties use the same key.
Question
Technical safeguards involve the hardware and software components of an information system.
Question
Tangible consequences include such things as loss of customer goodwill due to an outage.
Question
Windows,Linux,Unix,and other operating systems employ Kerberos and thus can authenticate user requests across networks of computers using a mixture of these operating systems.
Question
WEP is considered to be state-of-the-art wireless security.
Question
Wireless networks are more secure than wired networks.
Question
Encryption is an example of a technical safeguard.
Question
Public keys are supplied by third parties called certificate authorities.
Question
Probable loss is the probability that a given asset will be compromised by a given threat,despite the safeguards.
Question
Smart cards are convenient and easy to use since they don't require any PIN numbers for authentication.
Question
Vulnerabilities in a security system are its weaknesses.
Question
The Gramm-Leach-Bliley Act set limits on how health care providers use your medical information.
Question
A retina scan would be considered a biometric authentication technique.
Question
Viruses and worms are examples of malware.
Question
The "bottom line" of risk assessment is termed probable loss.
Question
HIPAA sets limits on who can receive your health information.
Question
A CA verifies the legitimacy of the business sending the digital certificate.
Question
Digital signatures use public keys to encrypt the message digest.
Question
Secure Socket Layer (SSL)is a protocol that is restricted to asymmetric encryption.
Question
One should never send sensitive data over the Internet unless they see "https://" in the browser's address bar.
Question
Even if a potential new hire will not have access to sensitive data and systems,they should be extensively screened for security purposes.
Question
It makes business sense for every company to have backup facilities because they are inexpensive.
Question
Firewalls produce activity logs of their activities,including lists of all dropped packets,infiltration attempts,and unauthorized access attempts from within the firewall.
Question
To protect against lost or sabotaged encryption keys,a trusted party should keep a copy of the key.
Question
Following a disaster,hot sites provide office space,but customers themselves must come and provide and install the equipment needed to continue operations.
Question
Data safeguards are measures used to protect computer hardware from external threat.
Question
A botnet is a network of bots that is created and managed by the individual or organization that infected the network with the bot program.
Question
Organizations need a rehearsed incident-response plan in place.
Question
When an account is created,the new user should continue to use the safe password provided to him.
Question
A Trojan horse is a virus that masquerades as a useful program or file.
Question
Adware can change the user's default window or modify search results and switch the user's search engine.
Question
Most spyware is benign in that it does not perform malicious acts or steal data.
Question
Hardened sites use special versions of the operating system,and they lock down or eliminate operating systems features and functions that are not required by the application.
Question
A bot is a computer program that is surreptitiously installed and that takes actions unknown and uncontrolled by the computer's owner or administrator.
Question
The different systems procedure types are: normal operations,review,control,and recovery.
Question
Care must be taken when terminating employees because they may take harmful and malicious actions.
Question
Most antimalware programs check email attachments for malware code.
Question
The best safeguard against a natural disaster is to have a safe location.
Question
A worm propagates by attaching itself to normal programs.
Question
Key escrow refers to the safety procedure of using a private key for encryption.
Question
A survey conducted by the Computer Security Institute revealed that the number of virus attacks has steadily increased during the last ten years.
Question
A security policy covering personal use of computers at work would be an example of a ________.

A)data policy
B)issue-specific policy
C)system-specific policy
D)personnel policy
Question
________ occurs when a person gains unauthorized access to a computer system.

A)Pretexting
B)Phishing
C)Hacking
D)Spoofing
Question
Which of the following usually happens in a malicious denial-of-service attack?

A)A hacker monitors and intercepts wireless traffic at will.
B)A hacker floods a Web server with millions of bogus service requests.
C)A hacker uses unauthorized programs to invade a computer system and replace legitimate programs.
D)A phisher pretends to be a legitimate company and sends an email requesting confidential data.
Question
Which of the following presents the largest risk for infrastructure loss?

A)thefts
B)terror attacks
C)natural disasters
D)human mistakes
Question
Which of the following is a critical security function of senior-management involvement?

A)implementing disaster-recovery safeguards
B)protecting the organizational network from sneak attacks
C)training junior employees about the security policy
D)managing risk by balancing the costs and benefits of the security program
Question
________ is a technique for intercepting computer communications.

A)Spoofing
B)Phishing
C)Sniffing
D)Pretexting
Question
Which of the following is an example of a data safeguard?

A)administration
B)assessment
C)compliance
D)physical security
Question
Customers do not want to have their retinas scanned before they can place an order.Which element of computer security described in the NIST Handbook is discussed here?

A)System owners have computer security responsibilities outside their own organizations.
B)Computer security is an integral element of sound management.
C)Computer security should be periodically reassessed.
D)Computer security is constrained by societal factors.
Question
The ________ pretends to be a legitimate company and sends an email requesting confidential data,such as account numbers,Social Security numbers,account passwords,and so forth.

A)hawker
B)phisher
C)spoofer
D)sniffer
Question
Email spoofing is a synonym for ________.

A)spoofing
B)phishing
C)pretexting
D)sniffing
Question
Which of the following could most likely be the result of hacking?

A)unexplained reduction in account balance
B)certain Web sites being blocked from viewing due to security reasons
C)mysterious increase in the amount spam received in your inbox
D)pop-up ads appearing frequently
Question
Which of the following is a critical security function of senior-management involvement?

A)safeguarding computer hardware and software
B)planning response to security incidents
C)establishing the security policy
D)managing the security program on a real-time basis
Question
________ is when someone deceives by pretending to be someone else.

A)Hacking
B)Baiting
C)Sniffing
D)Pretexting
Question
Which of the following is an example of a human safeguard?

A)procedure design
B)firewalls
C)malware protection
D)application design
Question
Which of the following is an example of a sniffing technique?

A)IP spoofing
B)Adblocker
C)Cache
D)Adware
Question
An example of a system-specific security policy would be ________.

A)limiting personal use of its computer systems
B)deciding what customer data from the order-entry system will be shared with other organizations
C)a general statement of the organization's security program
D)inspection of personal email for compliance
Question
Which of the following is an example of a technical safeguard?

A)backup and recovery
B)encryption
C)procedure design
D)compliance
Question
Which of the following is not considered malicious human activity?

A)hacking
B)intentional destruction of data
C)terrorism
D)poorly written programs
Question
________ take computers with wireless connections through an area and search for unprotected wireless networks and then monitor and intercept wireless traffic at will.

A)Drive-by sniffers
B)Drive-by spoofers
C)Pretexters
D)Drive-by phishers
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/137
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 13: Information Security Management
1
Unauthorized data disclosures can occur from malicious human activity.
True
2
Everyone in the department must adequately safeguard company assets.This statement is in accordance with the elements of company security outlined in the NIST Handbook.
False
3
The IT department should set the security policy for an organization.
False
4
Drive-by spoofers take computers with wireless connections through an area and search for unprotected wireless networks.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
5
When a hacker floods a Web server with millions of bogus service requests so that it cannot service legitimate requests,this is called a denial-of-service attack.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
6
People who intentionally gain unauthorized access to computer systems are called hackers.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
7
Spoofing is a technique for intercepting computer communications.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
8
According to the elements of company security outlined in the NIST Handbook,computer security should not be constrained by societal factors.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
9
Any action,device,procedure,technique,or other measure that reduces a system's vulnerability to a threat is a safeguard.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
10
Drive-by sniffers can be prevented from accessing wireless networks by protecting them.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
11
The Privacy Act of 1974 gives individuals the right to access health data.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
12
Phishing is when someone sends an email pretending to be a legitimate company and asking for confidential data,such as account numbers.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
13
An example of malicious human activity could include an employee who,in the course of backing up a database,inadvertently installs an old database on top of the current one.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
14
Denial of service always occurs because of malicious attacks on the system.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
15
Faulty service can be caused by usurpation.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
16
Pretexting occurs when you receive a confidential SMS by mistake.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
17
Risk management can only be approximated because of uncertainty.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
18
An example of a human mistake is an employee entering the wrong data into an account.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
19
Email spoofing is a synonym for phishing.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
20
Uncertainty is the likelihood of an adverse occurrence.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
21
With symmetric encryption,both parties use the same key.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
22
Technical safeguards involve the hardware and software components of an information system.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
23
Tangible consequences include such things as loss of customer goodwill due to an outage.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
24
Windows,Linux,Unix,and other operating systems employ Kerberos and thus can authenticate user requests across networks of computers using a mixture of these operating systems.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
25
WEP is considered to be state-of-the-art wireless security.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
26
Wireless networks are more secure than wired networks.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
27
Encryption is an example of a technical safeguard.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
28
Public keys are supplied by third parties called certificate authorities.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
29
Probable loss is the probability that a given asset will be compromised by a given threat,despite the safeguards.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
30
Smart cards are convenient and easy to use since they don't require any PIN numbers for authentication.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
31
Vulnerabilities in a security system are its weaknesses.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
32
The Gramm-Leach-Bliley Act set limits on how health care providers use your medical information.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
33
A retina scan would be considered a biometric authentication technique.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
34
Viruses and worms are examples of malware.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
35
The "bottom line" of risk assessment is termed probable loss.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
36
HIPAA sets limits on who can receive your health information.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
37
A CA verifies the legitimacy of the business sending the digital certificate.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
38
Digital signatures use public keys to encrypt the message digest.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
39
Secure Socket Layer (SSL)is a protocol that is restricted to asymmetric encryption.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
40
One should never send sensitive data over the Internet unless they see "https://" in the browser's address bar.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
41
Even if a potential new hire will not have access to sensitive data and systems,they should be extensively screened for security purposes.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
42
It makes business sense for every company to have backup facilities because they are inexpensive.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
43
Firewalls produce activity logs of their activities,including lists of all dropped packets,infiltration attempts,and unauthorized access attempts from within the firewall.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
44
To protect against lost or sabotaged encryption keys,a trusted party should keep a copy of the key.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
45
Following a disaster,hot sites provide office space,but customers themselves must come and provide and install the equipment needed to continue operations.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
46
Data safeguards are measures used to protect computer hardware from external threat.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
47
A botnet is a network of bots that is created and managed by the individual or organization that infected the network with the bot program.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
48
Organizations need a rehearsed incident-response plan in place.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
49
When an account is created,the new user should continue to use the safe password provided to him.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
50
A Trojan horse is a virus that masquerades as a useful program or file.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
51
Adware can change the user's default window or modify search results and switch the user's search engine.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
52
Most spyware is benign in that it does not perform malicious acts or steal data.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
53
Hardened sites use special versions of the operating system,and they lock down or eliminate operating systems features and functions that are not required by the application.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
54
A bot is a computer program that is surreptitiously installed and that takes actions unknown and uncontrolled by the computer's owner or administrator.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
55
The different systems procedure types are: normal operations,review,control,and recovery.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
56
Care must be taken when terminating employees because they may take harmful and malicious actions.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
57
Most antimalware programs check email attachments for malware code.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
58
The best safeguard against a natural disaster is to have a safe location.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
59
A worm propagates by attaching itself to normal programs.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
60
Key escrow refers to the safety procedure of using a private key for encryption.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
61
A survey conducted by the Computer Security Institute revealed that the number of virus attacks has steadily increased during the last ten years.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
62
A security policy covering personal use of computers at work would be an example of a ________.

A)data policy
B)issue-specific policy
C)system-specific policy
D)personnel policy
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
63
________ occurs when a person gains unauthorized access to a computer system.

A)Pretexting
B)Phishing
C)Hacking
D)Spoofing
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following usually happens in a malicious denial-of-service attack?

A)A hacker monitors and intercepts wireless traffic at will.
B)A hacker floods a Web server with millions of bogus service requests.
C)A hacker uses unauthorized programs to invade a computer system and replace legitimate programs.
D)A phisher pretends to be a legitimate company and sends an email requesting confidential data.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
65
Which of the following presents the largest risk for infrastructure loss?

A)thefts
B)terror attacks
C)natural disasters
D)human mistakes
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
66
Which of the following is a critical security function of senior-management involvement?

A)implementing disaster-recovery safeguards
B)protecting the organizational network from sneak attacks
C)training junior employees about the security policy
D)managing risk by balancing the costs and benefits of the security program
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
67
________ is a technique for intercepting computer communications.

A)Spoofing
B)Phishing
C)Sniffing
D)Pretexting
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
68
Which of the following is an example of a data safeguard?

A)administration
B)assessment
C)compliance
D)physical security
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
69
Customers do not want to have their retinas scanned before they can place an order.Which element of computer security described in the NIST Handbook is discussed here?

A)System owners have computer security responsibilities outside their own organizations.
B)Computer security is an integral element of sound management.
C)Computer security should be periodically reassessed.
D)Computer security is constrained by societal factors.
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
70
The ________ pretends to be a legitimate company and sends an email requesting confidential data,such as account numbers,Social Security numbers,account passwords,and so forth.

A)hawker
B)phisher
C)spoofer
D)sniffer
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
71
Email spoofing is a synonym for ________.

A)spoofing
B)phishing
C)pretexting
D)sniffing
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
72
Which of the following could most likely be the result of hacking?

A)unexplained reduction in account balance
B)certain Web sites being blocked from viewing due to security reasons
C)mysterious increase in the amount spam received in your inbox
D)pop-up ads appearing frequently
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
73
Which of the following is a critical security function of senior-management involvement?

A)safeguarding computer hardware and software
B)planning response to security incidents
C)establishing the security policy
D)managing the security program on a real-time basis
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
74
________ is when someone deceives by pretending to be someone else.

A)Hacking
B)Baiting
C)Sniffing
D)Pretexting
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
75
Which of the following is an example of a human safeguard?

A)procedure design
B)firewalls
C)malware protection
D)application design
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
76
Which of the following is an example of a sniffing technique?

A)IP spoofing
B)Adblocker
C)Cache
D)Adware
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
77
An example of a system-specific security policy would be ________.

A)limiting personal use of its computer systems
B)deciding what customer data from the order-entry system will be shared with other organizations
C)a general statement of the organization's security program
D)inspection of personal email for compliance
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
78
Which of the following is an example of a technical safeguard?

A)backup and recovery
B)encryption
C)procedure design
D)compliance
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
79
Which of the following is not considered malicious human activity?

A)hacking
B)intentional destruction of data
C)terrorism
D)poorly written programs
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
80
________ take computers with wireless connections through an area and search for unprotected wireless networks and then monitor and intercept wireless traffic at will.

A)Drive-by sniffers
B)Drive-by spoofers
C)Pretexters
D)Drive-by phishers
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 137 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree