WGU C843 Managing Information Security: Final Exam Questions With Answers - Latest Graded A+ | 2023/2024 (VERIFIED)

Which of the following is the principle of management that develops, creates, and implements strategies for the accomplishment of objectives? A leading B planning C organizing D controlling - ANSWER B Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. A MIN B MSL C SLA D SSL - ANSWER C Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls? A brute force B DoS C back door D hoax - ANSWER C The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. A True B False - ANSWER B The authorization process takes place before the authentication process. A True B False - ANSWER B One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. A False B True - ANSWER A What do audit logs that track user activity on an information system provide? A accountability B authentication C identification D authorization - ANSWER A A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. A False B True - ANSWER A Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information? A Integrity B Availability C Authentication D Confidentiality - ANSWER D According to the C.I.A. triad, which of the following is a desirable characteristic for computer security? A availability B authorization C authentication D accountability - ANSWER A ____________________ are malware programs that hide their true nature, and reveal their designed behavior only when activated. A Spam B Worms C Viruses D Trojan horses - ANSWER D In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. A sniff-in-the-middle B server-in-the-middle C man-in-the-middle D zombie-in-the-middle - ANSWER C A short-term interruption in electrical power availability is known as a ____. A blackout B lag C fault D brownout - ANSWER C The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. A False B True - ANSWER B Communications security involves the protection of which of the following?. A media, technology, and content B radio handsets C people, physical assets D the IT department - ANSWER A Which of the following is not among the 'deadly sins of software security'? A Extortion sins B Implementation sins C Web application sins D Networking sins - ANSWER A A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. A True B False - ANSWER A Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines? A policy B programs C people D planning - ANSWER A Ethics carry the sanction of a governing authority. A False B True - ANSWER A Which act is a collection of statutes that regulates the interception of wire, electronic, and oral communications? A Federal Privacy Act of 1974 B National Information Infrastructure Protection Act of 1996 C The Telecommunications Deregulation and Competition Act of 1996 D The Electronic Communications Privacy Act of 1986 - ANSWER D Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them? A Sarbanes-Oxley B HIPAA C Gramm-Leach-Bliley D ECPA - ANSWER B Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals. A ISACA B (ISC)2 C ACM D SANS - ANSWER B The Secret Service is charged with the detection and arrest of any person committing a U.S. federal offense relating to computer fraud, as well as false identification crimes. A True B False - ANSWER A Due diligence requires that an organization make a valid and ongoing effort to protect others. A False B True - ANSWER B It is the responsibility of InfoSec professionals to understand state laws and standards. A True B False - ANSWER B Which law extends protection to intellectual property, which includes words published in electronic formats? A U.S. Copyright Law B Security and Freedom through Encryption Act C Sarbanes-Oxley Act D Freedom of Information Act - ANSWER A Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics? A Normative ethics B Deontological ethics C Applied ethics D Meta-ethics - ANSWER B Which ethical standard is based on the notion that life in community yields a positive outcome for the individual, requiring each individual to contribute to that community? A utilitarian B virtue C fairness or justice D common good - ANSWER D Which law addresses privacy and security concerns associated with the electronic transmission of PHI? A National Information Infrastructure Protection Act of 1996 B Health Information Technology for Economic and Clinical Health Act C American Recovery and Reinvestment Act D USA Patriot Act of 2001 - ANSWER B Deterrence is the best method for preventing an illegal or unethical activity. A False B True - ANSWER B Which of the following is compensation for a wrong committed by an employee acting with or without authorization? A restitution B due diligence C jurisdiction D liability - ANSWER A Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right? A Descriptive ethics B Normative ethics C Deontological ethics D Applied ethics - ANSWER A Information ambiguation occurs when pieces of non-private data are combined to create information that violates privacy. A False B True - ANSWER A Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls. A persecution B rehabilitation C remediation D deterrence - ANSWER D