Chapter 1 - ITSY 1300, Chapter 2 - ITSY 1300, Chapter 3 - ITSY 1300, Chapter 4 - ITSY 1300. Questions with Accurate Answers

Chapter 1 - ITSY 1300, Chapter 2 - ITSY
1300, Chapter 3 - ITSY 1300, Chapter 4
- ITSY 1300

An information system is the entire set of __________, people, procedures, and
networks that make possible the use of information resources in the organization.
Select one:

a.
data
b.
software
c.
hardware
d.
All of the above - answerd.
All of the above

Applications systems developed within the framework of the traditional SDLC are
designed to anticipate a software attack that requires some degree of application
reconstruction.
Select one:

True
False - answerFalse

Part of the logical design phase of the SecSDLC is planning for partial or catastrophic
loss. ____ dictates what immediate steps are taken when an attack occurs.
Select one:
a.
Security response
b.
Continuity planning
c.
Disaster recovery
d.
Incident response - answerd.
Incident response

__________ security addresses the issues necessary to protect the tangible items,
objects, or areas of an organization from unauthorized access and misuse.

,Select one:
a.
Object
b.
Personal
c.
Physical
d.
Standard - answerc.
Physical

Which of the following phases is often considered the longest and most expensive
phase of the systems development life cycle?
Select one:
a.
investigation
b.
implementation
c.
logical design
d.
maintenance and change - answerd.
maintenance and change

Which of the following is a valid type of role when it comes to data ownership?
Select one:
a.
All of the above
b.
Data owners
c.
Data custodians
d.
Data users - answera.
All of the above

Of the two approaches to information security implementation, the top-down approach
has a higher probability of success. _________________________
Select one:
True
False - answerTrue

The possession of information is the quality or state of having value for some purpose
or end.
Select one:
True

,False - answerFalse

The investigation phase of the SecSDLC begins with a directive from upper
management.
Select one:
True
False - answerTrue

__________ has become a widely accepted evaluation standard for training and
education related to the security of information systems.
Select one:
a.
NSTISSI No. 4011
b.
ISO 17788
c.
NIST SP 800-12
d.
IEEE 802.11(g) - answera.
NSTISSI No. 4011
b.

MULTICS stands for Multiple Information and Computing Service.
_________________________
Select one:
True
False - answerFalse

Policies are detailed written instructions for accomplishing a specific task.
_________________________
Select one:
True
False - answerFalse

The Analysis phase of the SecSDLC begins the methodology initiated by a directive
from upper management. _________________________
Select one:
True
False - answerFalse

The roles of information security professionals are almost always aligned with the goals
and mission of the information security community of interest.
Select one:
True
False - answerTrue

, Risk evaluation is the process of identifying, assessing, and evaluating the levels of risk
facing the organization, specifically the threats to the organization's security and to the
information stored and processed by the organization. _________________________
Select one:
True
False - answerFalse

A computer is the __________ of an attack when it is used to conduct an attack against
another computer.
Select one:
a.
object
b.
target
c.
facilitator
d.
subject - answerd.
subject

Confidentiality ensures that only those with the rights and privileges to access
information are able to do so. _________________________
Select one:
True
False - answerTrue

A breach of possession always results in a breach of confidentiality.
Select one:
True
False - answerFalse

People with the primary responsibility for administering the systems that house the
information used by the organization perform the ____ role.
Select one:
a.
Security professionals
b.
Security policy developers
c.
System administrators
d.
End users - answerc.
System administrators

An e-mail virus involves sending an e-mail message with a modified field.
Select one: