Name:
TEST BANK Class:
Chapter 01: Introduction to the Management of Information Security
Date:
TEST BANK
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Chapter 01: Introduction to the Management of Information Security
True / False
1. Corruption of information can occur only while information is being stored.
a. True
b. False
ANSWER: False
2. The authorization process takes place before the authentication process.
a. True
b. False
ANSWER: False
3. A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users
who subsequently visit those sites become infected.
a. True
b. False
ANSWER: True
4. DoS attacks cannot be launched against routers.
a. True
b. False
ANSWER: False
5. The first step in solving problems is to gather facts and make assumptions.
a. True
b. False
ANSWER: False
Modified True / False
6. A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket
sniffer. __________
ANSWER: False - packet
7. One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver
with excessive quantities of e-mail. __________
ANSWER: False - bomb
8. When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy
equipment. __________
ANSWER: False - spike
9. "Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized
to have by looking over another individual’s shoulder or viewing the information from a distance. __________
ANSWER: False - surfing
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Chapter 01: Introduction to the Management of Information Security
10. The term phreaker is now commonly associated with an individual who cracks or removes software protection that is
designed to prevent unauthorized duplication. __________
ANSWER: False - cracker
11. The application of computing and network resources to try every possible combination of options of a password is
called a dictionary attack. __________
ANSWER: False - brute force
12. The macro virus infects the key operating system files located in a computer’s start-up sector. __________
ANSWER: False - boot
13. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the
intent to destroy or steal information. __________
ANSWER: True
14. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it
undetectable by techniques that look for pre-configured signatures. __________
ANSWER: True
Multiple Choice
15. Communications security involves the protection of which of the following?
a. radio handsets b. people, physical assets
c. the IT department d. media, technology, and content
ANSWER: d
16. The protection of voice and data components, connections, and content is known as __________ security.
a. network
b. national
c. cyber
d. operational
ANSWER: a
17. The protection of confidentiality, integrity, and availability of data regardless of its location is known as __________
security.
a. information
b. network
c. cyber
d. operational
ANSWER: a
18. A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted
is the __________ security model.
a. CNSS
b. USMC
c. USNA
Copyright Cengage Learning. Powered by Cognero. Page 3
, Name: Class: Date:
Chapter 01: Introduction to the Management of Information Security
d. NPC
ANSWER: a
19. Which of the following is a C.I.A. triad characteristic that addresses the threat from corruption, damage, destruction,
or other disruption of its authentic state?
a. integrity b. availability
c. authentication d. accountability
ANSWER: a
20. According to the C.I.A. triad, which of the following is the most desirable characteristic for privacy?
a. confidentiality b. availability
c. integrity d. accountability
ANSWER: a
21. Which of the following is recognition that data used by an organization should only be used for the purposes stated by
the information owner at the time it was collected?
a. accountability b. availability
c. privacy d. confidentiality
ANSWER: c
22. Which of the following is a C.I.A. triad characteristic that ensures only those with sufficient privileges and a
demonstrated need may access certain information?
a. integrity b. availability
c. authentication d. confidentiality
ANSWER: d
23. The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which
process?
a. accountability b. authorization
c. identification d. authentication
ANSWER: d
24. A process that defines what the user is permitted to do is known as __________.
a. identification b. authorization
c. accountability d. authentication
ANSWER: b
25. What do audit logs that track user activity on an information system provide?
a. identification b. authorization
c. accountability d. authentication
ANSWER: c
26. Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n)
__________.
a. threat
Copyright Cengage Learning. Powered by Cognero. Page 4
TEST BANK Class:
Chapter 01: Introduction to the Management of Information Security
Date:
TEST BANK
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Chapter 01: Introduction to the Management of Information Security
True / False
1. Corruption of information can occur only while information is being stored.
a. True
b. False
ANSWER: False
2. The authorization process takes place before the authentication process.
a. True
b. False
ANSWER: False
3. A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users
who subsequently visit those sites become infected.
a. True
b. False
ANSWER: True
4. DoS attacks cannot be launched against routers.
a. True
b. False
ANSWER: False
5. The first step in solving problems is to gather facts and make assumptions.
a. True
b. False
ANSWER: False
Modified True / False
6. A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket
sniffer. __________
ANSWER: False - packet
7. One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver
with excessive quantities of e-mail. __________
ANSWER: False - bomb
8. When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy
equipment. __________
ANSWER: False - spike
9. "Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized
to have by looking over another individual’s shoulder or viewing the information from a distance. __________
ANSWER: False - surfing
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Chapter 01: Introduction to the Management of Information Security
10. The term phreaker is now commonly associated with an individual who cracks or removes software protection that is
designed to prevent unauthorized duplication. __________
ANSWER: False - cracker
11. The application of computing and network resources to try every possible combination of options of a password is
called a dictionary attack. __________
ANSWER: False - brute force
12. The macro virus infects the key operating system files located in a computer’s start-up sector. __________
ANSWER: False - boot
13. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the
intent to destroy or steal information. __________
ANSWER: True
14. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it
undetectable by techniques that look for pre-configured signatures. __________
ANSWER: True
Multiple Choice
15. Communications security involves the protection of which of the following?
a. radio handsets b. people, physical assets
c. the IT department d. media, technology, and content
ANSWER: d
16. The protection of voice and data components, connections, and content is known as __________ security.
a. network
b. national
c. cyber
d. operational
ANSWER: a
17. The protection of confidentiality, integrity, and availability of data regardless of its location is known as __________
security.
a. information
b. network
c. cyber
d. operational
ANSWER: a
18. A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted
is the __________ security model.
a. CNSS
b. USMC
c. USNA
Copyright Cengage Learning. Powered by Cognero. Page 3
, Name: Class: Date:
Chapter 01: Introduction to the Management of Information Security
d. NPC
ANSWER: a
19. Which of the following is a C.I.A. triad characteristic that addresses the threat from corruption, damage, destruction,
or other disruption of its authentic state?
a. integrity b. availability
c. authentication d. accountability
ANSWER: a
20. According to the C.I.A. triad, which of the following is the most desirable characteristic for privacy?
a. confidentiality b. availability
c. integrity d. accountability
ANSWER: a
21. Which of the following is recognition that data used by an organization should only be used for the purposes stated by
the information owner at the time it was collected?
a. accountability b. availability
c. privacy d. confidentiality
ANSWER: c
22. Which of the following is a C.I.A. triad characteristic that ensures only those with sufficient privileges and a
demonstrated need may access certain information?
a. integrity b. availability
c. authentication d. confidentiality
ANSWER: d
23. The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which
process?
a. accountability b. authorization
c. identification d. authentication
ANSWER: d
24. A process that defines what the user is permitted to do is known as __________.
a. identification b. authorization
c. accountability d. authentication
ANSWER: b
25. What do audit logs that track user activity on an information system provide?
a. identification b. authorization
c. accountability d. authentication
ANSWER: c
26. Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n)
__________.
a. threat
Copyright Cengage Learning. Powered by Cognero. Page 4
