Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

Management of Information Security Midterm Question and answers 100% correct 2025/2026

Rating
-
Sold
-
Pages
127
Grade
A+
Uploaded on
10-10-2025
Written in
2025/2026

Management of Information Security Midterm Question and answers 100% correct 2025/2026 A statement explicitly declaring the business of the organization and its intended areas of operations is a ____________. - correct answer Mission statement Data Security - correct answer Commonly used as a surrogate for information security, the focus of protecting information in its various states- at rest, in processing, and in transmission Which of the following is NOT a unique function of Information Security Management? - correct answer principles Information security is the protection of the confidentiality, integrity, and availability of information assets, in storage, processing, and transmission via the application of policy, education, training, awareness, and technology. - corr

Show more Read less
Institution
Management Of Information Security
Course
Management of Information Security

Content preview

Management of Information Security
Midterm Question and answers 100%
correct 2025/2026
A statement explicitly declaring the business of the organization and its intended areas of operations is a
____________. - correct answer ✔Mission statement



Data Security - correct answer ✔Commonly used as a surrogate for information security, the focus of
protecting information in its various states- at rest, in processing, and in transmission



Which of the following is NOT a unique function of Information Security Management? - correct answer
✔principles



Information security is the protection of the confidentiality, integrity, and availability of information
assets, in storage, processing, and transmission via the application of policy, education, training,
awareness, and technology. - correct answer ✔True



The protection of voice and data components, connections, and content is known as _________
security. - correct answer ✔network



The __________ phase of the SecSDLC, the team studies the documents from earlier and looks at of
relevant legal issues that could affect the design of the security solution. - correct answer ✔Analysis



A potential weakness in an asset or its defensive control system(s) is known as a(n) __________ - correct
answer ✔vulnerability



Rule-based policies are less specific to the operation of a system than access control lists. - correct
answer ✔false

,Policies must specify penalties for unacceptable behavior and define an appeals process. - correct
answer ✔True



Having an established risk management program means that an organization's assets are completely
protected. - correct answer ✔False



A detailed outline of the scope of the policy development project is created during which phase of the
SecSDLC? - correct answer ✔investigation



Which type of device exists to intercept requests for information from external users and provide the
requested information by retrieving it from an internal server? - correct answer ✔proxy server



Which of the following access control processes confirms the identity of the entity seeking access to a
logical or physical area? - correct answer ✔authentication



The IT community often takes on the leadership role in addressing risk. - correct answer ✔False



One of the goals of an issue-specific security policy is to indemnify the organization against liability for
an employee's inappropriate or illegal use of the system. - correct answer ✔True



In the bull's-eye model, the ____________________ layer is the place where threats from public
networks meet the organization's networking infrastructure. - correct answer ✔networks



According to the C.I.A. triad, which of the following is the most desirable characteristic for privacy -
correct answer ✔confidentiality



The __________ phase of the SecSDLC has team members create and develop the blueprint for security
and develop critical contingency plans for incident response. - correct answer ✔Justification

,Which type of attack involves sending a large nyumber of connection or information requests to a
target? - correct answer ✔denial of service (DoS)



A methodology for the design and implementation of an information system that is a formal
development strategy is referred to as a __________. - correct answer ✔Systems Development Life
Cycle(SDLC)



The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of
which process? - correct answer ✔authentication



IT - correct answer ✔supports the business objectives of the

organization by supplying and supporting IT

appropriate to the business' needs



Database security - correct answer ✔A subset of information security that focuses on the assessment
and protection of information stored in repositories



MAC addresses are considered a reliable identifier for devices with network interfaces because they are
essentially foolproof. - correct answer ✔False



Which of the following is NOT among the three types of InfoSec policies based on NIST's Special
Publication 800-14 - correct answer ✔user-specific security policy



The "Authorized Uses" section of an ISSP specifies what the identified technology cannot be used for. -
correct answer ✔False



Acts of __________ can lead to unauthorized real or virtual actions that enable information gatherers to
enter premises or systems they have not been authorized to access. - correct answer ✔trespass

, General business - correct answer ✔articulates and communicates

organizational policy and objectives and allocates

resources to the other groups



a hacker who intentionally removes or bypasses software copyright protection designed to prevent
unauthorized duplication or use is known as a - correct answer ✔cracker



The ____ is the individual primarily responsible for the assessment, management, and implementation
of information security in the organization. - correct answer ✔Chief Information Security Officer(CISO)



It is possible to take a very complex operation and diagram it in PERT if you can answer three key
questions about each activity. Which of the following is NOT one of them? - correct answer ✔What
other activities require the same resources as this activity?



Attack - correct answer ✔An ongoing act against an asset that could result in a loss of its value



Which of the following is NOT one of the administrative challenges to the operation of firewalls? -
correct answer ✔replacement



Rule-based policies are less specific to the operation of a system than access control lists. (T/F) - correct
answer ✔false



Access control lists regulate who, what, when, where, and why authorized users can access a system. -
correct answer ✔False



An intentional or unintentional act that can damage or otherwise compromise information and the
systems that support it is known as a(n) __________. - correct answer ✔attack

Written for

Institution
Management of Information Security
Course
Management of Information Security

Document information

Uploaded on
October 10, 2025
Number of pages
127
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$25.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
Academia199 Chamberlain College Of Nursing
View profile
Follow You need to be logged in order to follow users or courses
Sold
369
Member since
4 year
Number of followers
209
Documents
19905
Last sold
2 weeks ago

3.9

52 reviews

5
28
4
7
3
7
2
3
1
7

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions