CIS 481-20: INTRO TO INFORM SECURITY EXAM 1

• Question 1

  2 out of 2 points

  	During which phase of the security systems development life cycle (SecSDLC) would an in-depth examination of the current threats and controls take place?
  	Selected Answer:   Analysis Correct Answer:  Analysis

• Question 2

  1 out of 1 points

  	Information security can be an absolute assurance.
  	Selected Answer:  False Correct Answer:  False

• Question 3

  1 out of 1 points

  	A breach of possession always results in a breach of confidentiality.
  	Selected Answer:  False Correct Answer:  False

• Question 4

  2 out of 2 points

  	____ is simply how often you expect a specific type of attack to occur over the course of a year.
  	Selected Answer:   ARO Correct Answer:  ARO

• Question 5

  1 out of 1 points

  	With the theft of electronic information, the evidence of a crime is readily apparent to the average end user.
  	Selected Answer:  False Correct Answer:  False

• Question 6

  2 out of 2 points

  	Calculate the Annualized Loss Expectancy for a threat that costs $500 per incident and is expected to occur once per week. Enter the calculated number below (just the number, no $, no commas). Recall, ALE = SLE * ARO .
  	Selected Answer:  26000 Correct Answer:  26,000 Answer range +/- 0 (26000.0 - 26000.0)

• Question 7

  2 out of 2 points

  	____ are software programs that hide their true nature, and reveal their designed behavior only when activated.
  	Selected Answer:   Trojan horses Correct Answer:  Trojan horses

• Question 8

  2 out of 2 points

  	Information has __________ when it is whole, complete, and uncorrupted.
  	Selected Answer:   Integrity Correct Answer:  Integrity

• Question 9

  2 out of 2 points

  	A computer is the ____ of an attack when it is used to conduct the attack.
  	Selected Answer:   subject Correct Answer:  subject

• Question 10

  2 out of 2 points

  	____ of information is the quality or state of being genuine or original.
  	Selected Answer:   Authenticity Correct Answer:  Authenticity

• Question 11

  1 out of 1 points

  	To achieve balance — that is, to operate an information system that satisfies the user and the security professional — the security level must allow reasonable access, yet protect against threats.
  	Selected Answer:  True Correct Answer:  True

• Question 12

  2 out of 2 points

  	__________ is the redirection of legitimate Web traffic to an illegitimate site for the purpose of obtaining private information, often by exploiting the Domain Name Server system so that it transforms a legitimate host name into the invalid site's IP address.
  	Selected Answer:   Pharming Correct Answer:  Pharming

• Question 13

  1 out of 1 points

  	If every vulnerability identified in the organization is handled through the acceptance risk strategy, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general.
  	Selected Answer:  True Correct Answer:  True

• Question 14

  2 out of 2 points

  	In the Paul-Elder model of critical thinking, there are several universal intellectual standards that are applied to thinking to assess its quality. Match each intellectual standard with its associated description.
  	Question Correct Match Selected Match Clarity  D.  Understandable, the meaning can be grasped  D.  Understandable, the meaning can be grasped Accuracy  A.  Free from errors or distortions  A.  Free from errors or distortions

• Question 15

  2 out of 2 points

  	Information has __________ when it is free from mistakes or errors and has the value that the end user expects.
  	Selected Answer:   Accuracy Correct Answer:  Accuracy

• Question 16

  0 out of 2 points

  	____ feasibility determines what can and cannot occur based on the consensus and relationships among the communities of interest.
  	Selected Answer:   Operational Correct Answer:  Political

• Question 17

  2 out of 2 points

  	____ law represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people.
  	Selected Answer:   Civil Correct Answer:  Civil

• Question 18

  1 out of 1 points

  	The top-down approach to information security has a higher probability of success than the bottom-up approach.
  	Selected Answer:  True Correct Answer:  True

• Question 19

  1 out of 1 points

  	A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress.
  	Selected Answer:  False Correct Answer:  False

• Question 20

  2 out of 2 points

  	The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.
  	Selected Answer:   Health Insurance Correct Answer:  Health Insurance

• Question 21

  1 out of 1 points

  	A key difference between laws and ethics is that ethics carry the sanctions of a governing authority and laws do not.
  	Selected Answer:  False Correct Answer:  False

• Question 22

  2 out of 2 points

  	____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
  	Selected Answer:   Physical Correct Answer:  Physical

• Question 23

  2 out of 2 points

  	____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.
  	Selected Answer:   Zombies Correct Answer:  Zombies

• Question 24

  2 out of 2 points

  	A(n) ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
  	Selected Answer:   distributed denial-of-service Correct Answer:  distributed denial-of-service