Information Security And Assurance - C725: Questions
With Solutions (Detailed)
Which social engineering attack tricks someone into downloading a fake patch
that allows a hacker to compromise a system? Right Ans - Malicious
software updateS trick an end user to download a fake patch that allows a
hacker to compromise a system.
Which social engineering attack is based on a user pretending to be someone
else to elicit information from a victim? Right Ans - Impersonation is a
human-based social engineering attack where a person pretends to be
someone else to elicit information from a victim.
Information security is primarily a discipline to manage the behavior of _____.
Right Ans - People
Careers in information security are booming because of which of the following
factors? Right Ans - Threats of cyberterrorism, Government regulations,
Growth of the Internet
Which of the following best represents the three objectives of information
security? Right Ans - Confidentiality, integrity, and availability
A program for information security should include which of the following
elements? Right Ans - Intentional attacks only
The growing demand for InfoSec specialists is occurring predominantly in
which of the following types of organizations? Right Ans - Government,
Corporations, Not-for-profit foundations
Which college curriculum is more appropriate for a career in information
security? Right Ans - Computer information sciences and Business
administration
What is meant by the phrase "the umbrella of information security"? Right
Ans - IS incorporates many different pursuits and disciplines.
,The formal study of information security has accelerated primarily for what
reason? Right Ans - Increasingly interconnected global networks
Which of the following would make an individual seeking a career in
information security more marketable? Right Ans - CISSP, GIAC, and
evaluating virus-protection software on a home computer
A career in information security... Right Ans - has better job growth outlook
than other areas within IT
A sound information security policy... Right Ans - A sound information
security policy is a balance between the cost of protecting information and the
value of the information being protected.
Which of the following topics are part of an information security practice?
Right Ans - Laws, ethical practices, access controls, and security architecture
Which of the following roles helps development teams meet security
requirements? Right Ans - Security consultants
Who is responsible for ensuring that systems are auditable and protected
from excessive privileges? Right Ans - Security administrators
What role(s) is responsible for ensuring that third-party suppliers and
outsourced functions remain in security compliance? Right Ans - Vendor
managers
What represents the three goals of information security? Right Ans - CIA
triad
Best describes the assurance that data has not been changed unintentionally
due to an accident or malice Right Ans - integrity
Related to information security, confidentiality is the opposite of Right Ans
- disclosure
The CIA triad is often represented by Right Ans - triangle
, Defense in depth is needed to ensure that which three mandatory activities
are present in a security system? Right Ans - prevention, detection, and
response
The weakest link in any security system is Right Ans - the process and
human element
the two types of IT security requirements Right Ans - Functional and
assurance
Security functional requirements describe Right Ans - What a security
system should do by design
Security assurance requirements describe Right Ans - how to test the
system.
the probability that a threat to an information system will materialize?
Right Ans - Risk
best describes the absence of weakness in a system that may possibility be
exploited? Right Ans - Vulnerability
Controls are implemented... Right Ans - to eliminate risk and eliminate the
potential loss
best describes a cookbook on how to take advantage of a vulnerability
Right Ans - Exploit
Three types of security controls Right Ans - People, Processes, and
Technology
Process controls for IT security include Right Ans - assignment of roles for
least privilege, separation of duties, and documented procedures
How many keys are used in asymmetric encryption? Right Ans - two keys
are used to encrypt and decrypt a message
Symmetric Cryptography Right Ans - The same key is used to lock and
unlock the cipher
With Solutions (Detailed)
Which social engineering attack tricks someone into downloading a fake patch
that allows a hacker to compromise a system? Right Ans - Malicious
software updateS trick an end user to download a fake patch that allows a
hacker to compromise a system.
Which social engineering attack is based on a user pretending to be someone
else to elicit information from a victim? Right Ans - Impersonation is a
human-based social engineering attack where a person pretends to be
someone else to elicit information from a victim.
Information security is primarily a discipline to manage the behavior of _____.
Right Ans - People
Careers in information security are booming because of which of the following
factors? Right Ans - Threats of cyberterrorism, Government regulations,
Growth of the Internet
Which of the following best represents the three objectives of information
security? Right Ans - Confidentiality, integrity, and availability
A program for information security should include which of the following
elements? Right Ans - Intentional attacks only
The growing demand for InfoSec specialists is occurring predominantly in
which of the following types of organizations? Right Ans - Government,
Corporations, Not-for-profit foundations
Which college curriculum is more appropriate for a career in information
security? Right Ans - Computer information sciences and Business
administration
What is meant by the phrase "the umbrella of information security"? Right
Ans - IS incorporates many different pursuits and disciplines.
,The formal study of information security has accelerated primarily for what
reason? Right Ans - Increasingly interconnected global networks
Which of the following would make an individual seeking a career in
information security more marketable? Right Ans - CISSP, GIAC, and
evaluating virus-protection software on a home computer
A career in information security... Right Ans - has better job growth outlook
than other areas within IT
A sound information security policy... Right Ans - A sound information
security policy is a balance between the cost of protecting information and the
value of the information being protected.
Which of the following topics are part of an information security practice?
Right Ans - Laws, ethical practices, access controls, and security architecture
Which of the following roles helps development teams meet security
requirements? Right Ans - Security consultants
Who is responsible for ensuring that systems are auditable and protected
from excessive privileges? Right Ans - Security administrators
What role(s) is responsible for ensuring that third-party suppliers and
outsourced functions remain in security compliance? Right Ans - Vendor
managers
What represents the three goals of information security? Right Ans - CIA
triad
Best describes the assurance that data has not been changed unintentionally
due to an accident or malice Right Ans - integrity
Related to information security, confidentiality is the opposite of Right Ans
- disclosure
The CIA triad is often represented by Right Ans - triangle
, Defense in depth is needed to ensure that which three mandatory activities
are present in a security system? Right Ans - prevention, detection, and
response
The weakest link in any security system is Right Ans - the process and
human element
the two types of IT security requirements Right Ans - Functional and
assurance
Security functional requirements describe Right Ans - What a security
system should do by design
Security assurance requirements describe Right Ans - how to test the
system.
the probability that a threat to an information system will materialize?
Right Ans - Risk
best describes the absence of weakness in a system that may possibility be
exploited? Right Ans - Vulnerability
Controls are implemented... Right Ans - to eliminate risk and eliminate the
potential loss
best describes a cookbook on how to take advantage of a vulnerability
Right Ans - Exploit
Three types of security controls Right Ans - People, Processes, and
Technology
Process controls for IT security include Right Ans - assignment of roles for
least privilege, separation of duties, and documented procedures
How many keys are used in asymmetric encryption? Right Ans - two keys
are used to encrypt and decrypt a message
Symmetric Cryptography Right Ans - The same key is used to lock and
unlock the cipher
