ITN 262 -2025 EXAM QUESTIONS WITH
CORRECT ANSWERS.
What are the fundamental or cornerstone principles of information security?
Confidentiality, Integrity and Availability
A personal laptop is something you own and possess. A company laptop or cell phone is
something you possess. Can you install, modify or update software applications on a
company laptop or any other company-own mobile device?
false
What is Malware?
Short for malicious software. It is designed to infiltrate, damage, corruupt or stealth data from an
information system
What is an attack on network communications that actively creates or modifies network
traffic
active attack
Free software applications such as drive-by downloads, and other application from third-
parties often track and monitor your location when installed on your personally-owned
mobile devices such as laptops, cellphones, palmtops and other connected wearables.
true
According to Smith (2021), information security decisions should be made based on rule-
based (following a standard), relativistic (best practices), and risk assessment (calculated
risk) based decisions.
true
What is risk assessment?
A way by which we look at risk and choose security measures accordingly
Risk assessment also includes:
, A reassessment of risks as part of the life cycle of critical informaiton assets
Measuring success to protect and prevent critical information assets include:
Continuous monitoring for attacks or other failures, and recovering from problems quickly
What does the acronym NIST SP stand for?
National Institute of Standards and Technology Special Publication
According to NIST, what does the acronym RMF stand for?
Risk Management Framework
NIST SP 800-37 Rev 8 is the most current publication for the Risk Management
Framework.
false
Cyber threat agents are cybercriminals such as Kevin Mitnick and Jerry Schneider.
true
The United States Federal government uses "Rule-Based" standard and other guidelines
for RMF Risk Assessment such as: A.Confidentiality, Authentication and Authorization
B.Properties
Estimations on the impact of cybersecurity failures
C.Assessments in terms of impact levels such as Not Applicable, Low, Moderate, High
all of the above
NIST SP 800-53 Rev 4 Covers Security and Privacy Controls for Federal Information
Systems which also supports the Risk Management Framework
true
These are the following steps to the Risk Management Framework EXCEPT:
Completely eliminate risk to include residual risks
According to Smith (2021), PRMF stands for:
CORRECT ANSWERS.
What are the fundamental or cornerstone principles of information security?
Confidentiality, Integrity and Availability
A personal laptop is something you own and possess. A company laptop or cell phone is
something you possess. Can you install, modify or update software applications on a
company laptop or any other company-own mobile device?
false
What is Malware?
Short for malicious software. It is designed to infiltrate, damage, corruupt or stealth data from an
information system
What is an attack on network communications that actively creates or modifies network
traffic
active attack
Free software applications such as drive-by downloads, and other application from third-
parties often track and monitor your location when installed on your personally-owned
mobile devices such as laptops, cellphones, palmtops and other connected wearables.
true
According to Smith (2021), information security decisions should be made based on rule-
based (following a standard), relativistic (best practices), and risk assessment (calculated
risk) based decisions.
true
What is risk assessment?
A way by which we look at risk and choose security measures accordingly
Risk assessment also includes:
, A reassessment of risks as part of the life cycle of critical informaiton assets
Measuring success to protect and prevent critical information assets include:
Continuous monitoring for attacks or other failures, and recovering from problems quickly
What does the acronym NIST SP stand for?
National Institute of Standards and Technology Special Publication
According to NIST, what does the acronym RMF stand for?
Risk Management Framework
NIST SP 800-37 Rev 8 is the most current publication for the Risk Management
Framework.
false
Cyber threat agents are cybercriminals such as Kevin Mitnick and Jerry Schneider.
true
The United States Federal government uses "Rule-Based" standard and other guidelines
for RMF Risk Assessment such as: A.Confidentiality, Authentication and Authorization
B.Properties
Estimations on the impact of cybersecurity failures
C.Assessments in terms of impact levels such as Not Applicable, Low, Moderate, High
all of the above
NIST SP 800-53 Rev 4 Covers Security and Privacy Controls for Federal Information
Systems which also supports the Risk Management Framework
true
These are the following steps to the Risk Management Framework EXCEPT:
Completely eliminate risk to include residual risks
According to Smith (2021), PRMF stands for: