Question 1
pts
(TCO F) Which of the following is NOT a type of electrical power disturbance?
Surge
Inrush
You Answered
Sag
Correct Answer
Greyout
Fault
Prolonged high voltage (CISSP Guide, p. 526)
Initial surge of power at the beginning (CISSP Guide, p. 526)
Momentary low voltage (CISSP Guide, p. 526)
(CORRECT ANSWER) No such thing
Momentary power loss (CISSP Guide, p. 526)
Question 2
pts
(TCO G) Which of the following statements is FALSE?
Traditional computer/communications security strategies have been focused on prevention, detection,
and response.
Correct Answer
Security risk analysis may be a lengthy process, but it is recommended in traditional business operations
as well as just-in-time, web-based business operations.
You Answered
Unquantifiable assets, like business reputation, make accurate risk assessment in the traditional sense
nearly impossible.
, According to the Gordon-Loeb model for investing in information security, it is generally uneconomical to
invest in information security activities (including cybersecurity-related activities). More than 37% of the
expected loss would occur from a security breach.
According to Andrew Jaquith, program manager for the Yankee Group, risk assessment is calculated
using unreliable assumptions instead of objective data, and relies on unrealistic concepts.
(Securing E-Business Systems, p. 132)
(CORRECT ANSWER) Modern web-based business operations change too quickly for
traditional risk analysis techniques (Securing E-Business Systems, p. 133).
(Week 5 lecture)
(Week 5 lecture)
(Week 5 lecture)
Question 3
Not yet graded / 30 pts
(TCO A) Assess how errors in software coding can compromise the three core goals of information
security.
Your Answer:
Data Confidentiality - Software vulnerabilities are often the result of "bugs," and exploitation by hackers
can expose data.
Data Integrity - As with confidentiality, buggy software can result in an exploitation in which a hacker can
modify data.
Data Availability - Poor code is a common cause of system instabilities and crashes.
(Securing E-Business Systems, p. 18)
Question 4
Not yet graded / 30 pts
(TCO A) Name, define, and give an example of each of the seven e-business cost-effectiveness and
efficiency specifications.
Your Answer:
Accessible - Systems and information can be acquired and managed easily (e.g., remote administration)
Interoperable - Systems' interfaces provide the ability to interact with disparate systems (e.g., network
protocol stacks)
Adaptable - Systems can perform needed functions not originally intended (e.g., addition of tables to an
existing database)
Flexible - Systems can be modified to meet new requirements (e.g., open-source operating systems)
Portable - System can be moved to a different environment (e.g., Linux running or Intel or Sparc
platforms)
Expandable - Scalable outwardly without loss of performance (e.g., increase in network hosts without
appreciable decrease in network performance)
Reusable - Systems or system components that can be used in a different implementation (e.g., program
code modules designed for recycling)
(Securing E-Business Systems, p. 23)
pts
(TCO F) Which of the following is NOT a type of electrical power disturbance?
Surge
Inrush
You Answered
Sag
Correct Answer
Greyout
Fault
Prolonged high voltage (CISSP Guide, p. 526)
Initial surge of power at the beginning (CISSP Guide, p. 526)
Momentary low voltage (CISSP Guide, p. 526)
(CORRECT ANSWER) No such thing
Momentary power loss (CISSP Guide, p. 526)
Question 2
pts
(TCO G) Which of the following statements is FALSE?
Traditional computer/communications security strategies have been focused on prevention, detection,
and response.
Correct Answer
Security risk analysis may be a lengthy process, but it is recommended in traditional business operations
as well as just-in-time, web-based business operations.
You Answered
Unquantifiable assets, like business reputation, make accurate risk assessment in the traditional sense
nearly impossible.
, According to the Gordon-Loeb model for investing in information security, it is generally uneconomical to
invest in information security activities (including cybersecurity-related activities). More than 37% of the
expected loss would occur from a security breach.
According to Andrew Jaquith, program manager for the Yankee Group, risk assessment is calculated
using unreliable assumptions instead of objective data, and relies on unrealistic concepts.
(Securing E-Business Systems, p. 132)
(CORRECT ANSWER) Modern web-based business operations change too quickly for
traditional risk analysis techniques (Securing E-Business Systems, p. 133).
(Week 5 lecture)
(Week 5 lecture)
(Week 5 lecture)
Question 3
Not yet graded / 30 pts
(TCO A) Assess how errors in software coding can compromise the three core goals of information
security.
Your Answer:
Data Confidentiality - Software vulnerabilities are often the result of "bugs," and exploitation by hackers
can expose data.
Data Integrity - As with confidentiality, buggy software can result in an exploitation in which a hacker can
modify data.
Data Availability - Poor code is a common cause of system instabilities and crashes.
(Securing E-Business Systems, p. 18)
Question 4
Not yet graded / 30 pts
(TCO A) Name, define, and give an example of each of the seven e-business cost-effectiveness and
efficiency specifications.
Your Answer:
Accessible - Systems and information can be acquired and managed easily (e.g., remote administration)
Interoperable - Systems' interfaces provide the ability to interact with disparate systems (e.g., network
protocol stacks)
Adaptable - Systems can perform needed functions not originally intended (e.g., addition of tables to an
existing database)
Flexible - Systems can be modified to meet new requirements (e.g., open-source operating systems)
Portable - System can be moved to a different environment (e.g., Linux running or Intel or Sparc
platforms)
Expandable - Scalable outwardly without loss of performance (e.g., increase in network hosts without
appreciable decrease in network performance)
Reusable - Systems or system components that can be used in a different implementation (e.g., program
code modules designed for recycling)
(Securing E-Business Systems, p. 23)
