Name:
Class:
Date:
Module 1 Introduction to Information Security True / False 1. During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. a. True b. False ANSWER: True POINTS: 1 DIFFICULTY: Easy REFERENCES: H1: Introduction to Information Security p. 2 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 3/2/2017 3:48 PM 2. Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: What is Security? p. 8 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 12/4/2016 1:54 PM 3. When a computer is the subject of an attack, it is the entity being attacked. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 10 H1: What is Security? H2: Key Information Security Concepts QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security Page 1
Name:
Class:
Date:
Module 1 Introduction to Information Security DATE CREATED: DATE MODIFIED:
9/14/2016 10:29 AM 9/14/2016 10:29 AM
4. The value of information comes from the characteristics it possesses. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 11 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 5. E-mail spoofing involves sending an e-mail message with a harmful attachment. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 13 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 12/4/2016 2:02 PM 6. The possession of information is the quality or state of having value for some purpose or end. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 13 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information Page 2
Name:
Class:
Date:
Module 1 Introduction to Information Security DATE CREATED: DATE MODIFIED:
security 9/14/2016 10:29 AM 9/14/2016 10:29 AM
7. A breach of possession may not always result in a breach of confidentiality. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 14 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 3/8/2017 11:50 AM 8. Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 16 H1: Components of An Information System H2: Data QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 3/8/2017 11:50 AM 9. Information security can be an absolute. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 17 H1: Security and The Organization H2: Balancing Information Security and Access QUESTION TYPE: True / False HAS VARIABLES: False Page 3
Name:
Class:
Date:
Module 1 Introduction to Information Security LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 10. To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 17 H1: Security and The Organization H2: Balancing Information Security and Access QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 3/8/2017 5:20 PM 11. The bottom-up approach to information security has a higher probability of success than the top-down approach. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 18 H1: Security and The Organization H2: Approaches to Information Security Implementation QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 12. Using a methodology will usually have no effect on the probability of success. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Security and The Organization H2: Approaches to Information Security Implementation p. 18 QUESTION TYPE: True / False Page 4
Name:
Class:
Date:
Module 1 Introduction to Information Security HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 12/4/2016 2:12 PM 13. A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Security and The Organization H2: Security Professionals p. 20 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 14. A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Data Responsibilities QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 15. The roles of information security professionals focus on protecting the organization’s information systems and stored information from attacks. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 20 Page 5
Name:
Class:
Date:
Module 1 Introduction to Information Security H1: Security and The Organization H2: Communities of Interest QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/8/2021 10:44 AM Modified True / False 16. Every organization, whether public or private and regardless of size, has information it wants to protect. ______ ANSWER: True POINTS: 1 REFERENCES: H1: Introduction to Information Security p. 2 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.1 - Define information security DATE CREATED: 4/6/2021 8:48 AM DATE MODIFIED: 4/8/2021 10:46 AM 17. The history of information security begins with the concept of communications security. ______ ANSWER: False - computer POINTS: 1 REFERENCES: H1: Introduction to Information Security p. 3 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 4/6/2021 8:50 AM DATE MODIFIED: 4/8/2021 10:46 AM 18. RAND Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security. ______ ANSWER: True POINTS: 1 REFERENCES: p. 5 H1: Introduction to Information Security H2: The 1970s and ’80s QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 6
Name:
Class:
Date:
Module 1 Introduction to Information Security STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 4/6/2021 8:53 AM DATE MODIFIED: 4/8/2021 10:46 AM 19. Much of the early research on computer security centered on a system called Management Information and Computing Service (MULTICS). _______ ANSWER: False - Multiplexed POINTS: 1 REFERENCES: p. 6 H1: Introduction to Information Security H2: The 1970s and ’80s QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/8/2021 10:46 AM 20. According to the CNSS, networking is “the protection of information and its critical elements.” _______ ANSWER: False - information security POINTS: 1 REFERENCES: p. 8 H1: What is Security? QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.1 - Define information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM 21. Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. _______ ANSWER: True POINTS: 1 REFERENCES: p. 9 H1: What is Security? H2: Key Information Security Concepts QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security Page 7
Name:
Class:
Date:
Module 1 Introduction to Information Security DATE CREATED: DATE MODIFIED:
9/14/2016 10:29 AM 4/7/2021 6:36 PM
22. When unauthorized individuals or systems can view information, confidentiality is breached. _______ ANSWER: True POINTS: 1 REFERENCES: p. 11 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM 23. Confidentiality ensures that only those with the rights and privileges to access information are able to do so. _______ ANSWER: True POINTS: 1 REFERENCES: p. 11 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM 24. Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects. _______ ANSWER: False - accuracy POINTS: 1 REFERENCES: p. 13 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM Page 8
Name:
Class:
Date:
Module 1 Introduction to Information Security 25. Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _______ ANSWER: True POINTS: 1 REFERENCES: p. 15 H1: Components of An Information System H2: Hardware QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM 26. A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information. _______ ANSWER: False - information POINTS: 1 REFERENCES: p. 15 H1: Components of An Information System QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM 27. Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach. _______ ANSWER: True POINTS: 1 REFERENCES: p. 18 H1: Security and The Organization H2: Approaches to Information Security Implementation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM Page 9
Name:
Class:
Date:
Module 1 Introduction to Information Security 28. The role of the project manager—typically an executive such as a chief information officer (CIO) or the vice president of information technology (VP-IT)—in this effort cannot be overstated. _______ ANSWER: False - champion POINTS: 1 REFERENCES: p.18 H1: Security and The Organization H2: Approaches to Information Security Implementation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/8/2021 10:48 AM 29. Of the two approaches to information security implementation, the top-down approach has a higher probability of success. _______ ANSWER: True POINTS: 1 REFERENCES: p. 18 H1: Security and The Organization H2: Approaches to Information Security Implementation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM 30. A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. _______ ANSWER: True POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Security Professionals QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:36 PM Page 10
Name:
Class:
Date:
Module 1 Introduction to Information Security Multiple Choice 31. __________ is a network project that preceded the Internet. a. NIST b. ARPANET c. FIPS d. DES ANSWER: b POINTS: 1 REFERENCES: p. 3 H1: Introduction to Information Security H2: The 1960s QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 32. Which of the following was not an identified fundamental problem with ARPANET security? a. phone numbers for access were closely held and distributed on a need-to-know basis b. vulnerability of password structure and formats c. lack of safety procedures for dial-up connections d. nonexistent user identification and authorizations ANSWER: a POINTS: 1 REFERENCES: p. 4 H1: Introduction to Information Security H2: The 1970s and ’80s QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 4/6/2021 9:04 AM DATE MODIFIED: 4/6/2021 9:07 AM 33. The famous study entitled “Protection Analysis: Final Report” focused on a project undertaken by ARPA to understand and detect __________ in operating systems security. a. bugs b. vulnerabilities c. malware d. maintenance hooks ANSWER: b POINTS: 1 REFERENCES: p. 5 H1: Introduction to Information Security H2: The 1970s and ’80s QUESTION TYPE: Multiple Choice Page 11
Name:
Class:
Date:
Module 1 Introduction to Information Security HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 3/8/2017 5:05 PM 34. __________ was the first operating system to integrate security as one of its core functions. a. UNIX b. DOS c. MULTICS d. ARPANET ANSWER: c POINTS: 1 REFERENCES: p. 6 H1: Introduction to Information Security H2: The 1970s and ’80s QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 3/8/2017 5:05 PM 35. In 1993, the first ______ conference was held in Las Vegas. Originally, it was established as a gathering for people interested in information security, including authors, lawyers, government employees, and law enforcement officials. a. DEFCON b. CyberCom c. Black Hat d. World Security ANSWER: a POINTS: 1 REFERENCES: p. 7 H1: Introduction to Information Security H2: The 1990s QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 4/6/2021 9:10 AM DATE MODIFIED: 4/8/2021 10:49 AM 36. The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________. a. communications security b. network security Page 12
Name:
Class:
Date:
Module 1 Introduction to Information Security c. physical security d. information security ANSWER: POINTS: REFERENCES:
d 1 p. 8 H1: What Is Security? QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.1 - Define information security DATE CREATED: 12/5/2016 7:15 PM DATE MODIFIED: 12/5/2016 7:22 PM 37. A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection. a. indirect b. direct c. software d. hardware ANSWER: b POINTS: 1 REFERENCES: p. 9 H1: What is Security? H2: Key Information Security Concepts QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 3/8/2017 5:07 PM 38. A subject or object’s ability to use, manipulate, modify, or affect another subject or object is known as ___________. a. access b. assets c. exploits d. risk ANSWER: a POINTS: 1 REFERENCES: p. 9 H1: What Is Security? H2: Key Information Security Concepts QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 12/5/2016 7:18 PM DATE MODIFIED: 3/8/2017 5:14 PM Page 13
Name:
Class:
Date:
Module 1 Introduction to Information Security 39. An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________. a. access method b. asset c. exploit d. risk ANSWER: b POINTS: 1 REFERENCES: p. 9 H1: What Is Security? H2: Key Information Security Concepts QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 12/5/2016 7:22 PM DATE MODIFIED: 3/8/2017 5:16 PM 40. A computer is the __________ of an attack when it is used to conduct an attack against another computer. a. subject b. object c. target d. facilitator ANSWER: a POINTS: 1 REFERENCES: p. 10 H1: What is Security? H1: What is Security? H2: Key Information Security Concepts QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 41. A technique used to compromise a system is known as a(n) ___________. a. access method b. asset c. exploit d. risk ANSWER: c POINTS: 1 REFERENCES: p. 10 H1: What Is Security? H2: Key Information Security Concepts Page 14
Name:
Class:
Date:
Module 1 Introduction to Information Security QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 12/5/2016 7:22 PM DATE MODIFIED: 3/8/2017 5:16 PM 42. In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value. a. result b. smashing c. hash d. code ANSWER: c POINTS: 1 REFERENCES: p. 12 H1: What Is Security? H1: What Is Security? QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 9/14/2016 10:30 AM 43. __________ of information is the quality or state of being genuine or original. a. Authenticity b. Spoofing c. Confidentiality d. Authorization ANSWER: a POINTS: 1 REFERENCES: p. 13 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 44. __________ has become a widely accepted evaluation standard for training and education related to the security of information systems and is hosted by CNSS. a. NIST SP 800-12 b. NSTISSI No. 4011 c. IEEE 802.11(g) d. ISO 17788 ANSWER: b POINTS: 1 Page 15
Name:
Class:
Date:
Module 1 Introduction to Information Security REFERENCES:
p. 14 H1: What Is Security? H2: CNSS Security Model QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/8/2021 10:50 AM 45. __________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. a. Physical b. Personal c. Object d. Standard ANSWER: a POINTS: 1 REFERENCES: p. 15 H1: Components of An Information System H2: Hardware QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 12/5/2016 12:35 PM 46. An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization. a. software b. hardware c. data d. All of the above ANSWER: d POINTS: 1 REFERENCES: p. 15 H1: Components of An Information System H2: Software QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 3/8/2017 5:07 PM 47. The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________. a. communications security b. network security Page 16
Name:
Class:
Date:
Module 1 Introduction to Information Security c. physical security d. information security ANSWER: POINTS: REFERENCES:
c 1 p. 15 H1: Components of An Information System H2: Hardware QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 12/5/2016 7:16 PM DATE MODIFIED: 12/5/2016 7:21 PM 48. The ______ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. a. ISO b. CIO c. CISO d. CTO ANSWER: c POINTS: 1 REFERENCES: p. 19 H1: Security and The Organization H2: Security Professionals QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 49. Which of the following is a valid type of role when it comes to data ownership? a. Data owners b. Data custodians c. Data users d. All of the above ANSWER: d POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Data Responsibilities QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 9/14/2016 10:30 AM Page 17
Name:
Class:
Date:
Module 1 Introduction to Information Security 50. People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____. a. Security policy developers b. Security professionals c. System administrators d. End users ANSWER: c POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Security Professionals QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 3/8/2017 5:14 PM 51. Individuals who control, and are therefore ultimately responsible for, the security and use of a particular set of information are known as data __________. a. owners b. custodians c. trustees d. users ANSWER: a POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Data Responsibilities QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 4/6/2021 9:16 AM DATE MODIFIED: 4/6/2021 9:18 AM 52. Individuals who are assigned the task of managing a particular set of information and coordinating its protection, storage, and use are known as data __________. a. owners b. custodians c. trustees d. users ANSWER: c POINTS: 1 Page 18
Name:
Class:
Date:
Module 1 Introduction to Information Security REFERENCES:
p. 20 H1: Security and The Organization H2: Data Responsibilities QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 4/6/2021 9:20 AM DATE MODIFIED: 4/6/2021 9:20 AM 53. The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called ______. a. Information Technology Management and Professionals b. Organizational Management and Professionals c. Information Security Management and Professionals d. Executive Management ANSWER: a POINTS: 1 REFERENCES: p. 21 H1: Security and The Organization H2: Communities of Interest QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 4/6/2021 9:21 AM DATE MODIFIED: 4/8/2021 10:51 AM Completion 54. The history of information security begins with the concept of ________ security. ANSWER: computer POINTS: 1 REFERENCES: p. 3 H1: Introduction to Information Security QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.1 - Define information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 55. During the early years, information security was a straightforward process composed predominantly of ________ security and simple document classification schemes. ANSWER: physical Page 19
Name:
Class:
Date:
Module 1 Introduction to Information Security POINTS: REFERENCES:
1 p. 3 H1: Introduction to Information Security QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.1 - Define information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 56. During the ________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks, so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers. ANSWER: Cold POINTS: 1 REFERENCES: p. 3 H1: Introduction to Information Security H2: The 1960s QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 57. The Internet brought ________ to virtually all computers that could reach a phone line or an Internet-connected local area network. ANSWER: connectivity POINTS: 1 REFERENCES: p. 3 H1: Introduction to Information Security H2: The 1990s QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.2 - Discuss the history of computer security and explain how it evolved into Information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 58. The CNSS model of information security evolved from a concept developed by the computer security industry known as the ________ triad. ANSWER: CIA C.I.A. Page 20
Name:
Class:
Date:
Module 1 Introduction to Information Security Confidentiality, Integrity, and Availability POINTS: 1 REFERENCES: p. 8 H1: What is Security? QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.1 - Define information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 59. A computer is the ________ of an attack when it is the entity being targeted. ANSWER: object POINTS: 1 REFERENCES: p. 10 H1: What is Security? H2: Key Information Security Concepts QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 60. The probability of an unwanted occurrence, such as an adverse event or loss, is known as a(n) _________. ANSWER: risk POINTS: 1 REFERENCES: p. 10 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 12/5/2016 7:29 PM DATE MODIFIED: 4/5/2021 3:35 PM 61. Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) _________. ANSWER: threat POINTS: 1 REFERENCES: p. 10 H1: What is Security? Page 21
Name:
Class:
Date:
Module 1 Introduction to Information Security H2: Critical Characteristics of Information QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 12/5/2016 7:29 PM DATE MODIFIED: 12/5/2016 7:31 PM 62. In an organization, the value of ________ of information is especially high when it involves personal information about employees, customers, or patients. ANSWER: confidentiality POINTS: 1 REFERENCES: p. 11 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 63. A potential weakness in an asset or its defensive control system(s) is known as a(n) _________. ANSWER: vulnerability POINTS: 1 REFERENCES: p. 11 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 12/5/2016 7:28 PM DATE MODIFIED: 12/5/2016 7:34 PM 64. Information has ________ when it is whole, complete, and uncorrupted. ANSWER: integrity POINTS: 1 REFERENCES: p. 12 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Completion Page 22
Name:
Class:
Date:
Module 1 Introduction to Information Security HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 65. ________ enables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format. ANSWER: Availability POINTS: 1 REFERENCES: p. 13 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 66. ________ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication. ANSWER: Authenticity POINTS: 1 REFERENCES: p. 13 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 67. The ________ of information is the quality or state of ownership or control of some object or item. ANSWER: possession POINTS: 1 REFERENCES: p. 13 H1: What is Security? H2: Critical Characteristics of Information QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 23
Name:
Class:
Date:
Module 1 Introduction to Information Security LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 68. The ________ component of an information system comprises applications, operating systems, and assorted command utilities. ANSWER: software POINTS: 1 REFERENCES: p. 15 H1: Components of An Information System H2: Software QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 69. Software is often created under the constraints of ________ management, placing limits on time, cost, and manpower. ANSWER: project POINTS: 1 REFERENCES: p. 15 H1: Components of An Information System H2: Software QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 70. A frequently overlooked component of an information system, ________ are the written instructions for accomplishing a specific task. ANSWER: procedures POINTS: 1 REFERENCES: p. 16 H1: Components of An Information System H2: Procedures QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information Page 24
Name:
Class:
Date:
Module 1 Introduction to Information Security DATE CREATED: DATE MODIFIED:
security 9/14/2016 10:30 AM 4/7/2021 6:36 PM
71. The senior technology officer is typically the chief ________ officer. ANSWER: information POINTS: 1 REFERENCES: p. 19 H1: Security and The Organization H2: Security Professionals QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM 72. A(n) ________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives. ANSWER: community of interest POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Communities of Interest QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:36 PM Essay 73. Describe the multiple types of security systems present in many organizations. ANSWER: A successful organization should have multiple layers of security in place to protect its operations, including physical, networks, and information: Physical security, to protect physical items, objects, or areas from unauthorized access and misuse Network security, to protect networking components, connections, and contents Information security, to protect the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission. It is achieved via the application of policy, education, training and awareness, and technology. Page 25
Name:
Class:
Date:
Module 1 Introduction to Information Security POINTS: REFERENCES:
1 p. 8 H1: What is Security? QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.1 - Define information security DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 4/5/2021 3:40 PM 74. Outline types of data ownership and their respective responsibilities. ANSWER: Data owners: Those responsible for the security and use of a particular set of information. They are usually members of senior management and could be CIOs. The data owners usually determine the level of data classification associated with the data, as well as the changes to that classification required by organizational change. Data custodians: Working directly with data owners, data custodians are responsible for the storage, maintenance, and protection of the information. The duties of a data custodian often include overseeing data storage and backups, implementing the specific procedures and policies laid out in the security policies and plans, and reporting to the data owner. Data users: End users who work with the information to perform their daily jobs supporting the mission of the organization. Data users are included as individuals with an information security role. POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Data Responsibilities QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 9/14/2016 10:30 AM Subjective Short Answer 75. What is the difference between a threat agent and a threat source? ANSWER: A threat agent is the facilitator of an attack, whereas a threat source is a category of objects, people, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire, then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. POINTS:
1 Page 26
Name:
Class:
Date:
Module 1 Introduction to Information Security REFERENCES:
p. 11 H1: What is Security? H2: Key Information Security Concepts QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 4/6/2021 9:25 AM DATE MODIFIED: 4/6/2021 9:28 AM 76. Describe the need for balance between information security and access to information inherent in information systems. ANSWER: To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access yet protect against threats. POINTS: 1 REFERENCES: p. 17 H1: Security and The Organization H2: Balancing Information Security and Access QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 4/6/2021 9:32 AM DATE MODIFIED: 4/6/2021 9:32 AM 77. Should the overall approach to security be more managerial or technical? ANSWER: The approach to security should be more managerial than technical, although the technical ability of the resources who perform day-to-day activities is critical. The top-down approach to security implementation is by far the best. It has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the opportunity to influence organizational culture. POINTS: 1 REFERENCES: p. 18 H1: Security and The Organization H2: Approaches to Information Security Implementation QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.01.3 - Define key terms and critical concepts of information security DATE CREATED: 4/6/2021 9:35 AM DATE MODIFIED: 4/6/2021 9:36 AM 78. Describe the role of a data trustee. Page 27
Name:
Class:
Date:
Module 1 Introduction to Information Security ANSWER:
Data trustees are individuals appointed by data owners to oversee the management of a particular set of information and to coordinate with data custodians for its storage, protection, and use. Because data owners are typically top-level executives and managers too busy to oversee the management of their data, they will typically appoint a senior subordinate as a data trustee to handle those responsibilities. POINTS: 1 REFERENCES: p. 20 H1: Security and The Organization H2: Data Responsibilities QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.01.4 - Name the individuals who had a great impact on the profession of dentistry. DATE CREATED: 4/6/2021 9:39 AM DATE MODIFIED: 4/6/2021 9:40 AM
Page 28
Name:
Class:
Date:
Module 2 The Need for Information Security True / False 1. Media are items of fact collected by an organization and include raw numbers, facts, and words. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction p. 28 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.1 - Discuss the need for information security DATE CREATED: 12/28/2016 9:32 AM DATE MODIFIED: 3/8/2017 5:28 PM 2. Information security’s primary mission is to ensure that systems and their contents retain their confidentiality at any cost. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction p. 28 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.1 - Discuss the need for information security DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 3. Media as a subset of information assets are the systems and networks that store, process, and transmit information. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 28 H1: Introduction QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.1 - Discuss the need for information security DATE CREATED: 12/28/2016 9:34 AM DATE MODIFIED: 12/28/2016 9:35 AM 4. The information security function in an organization safeguards its technology assets. a. True Page 1
Name:
Class:
Date:
Module 2 The Need for Information Security b. False ANSWER: POINTS: REFERENCES:
True 1 p. 28 H1: Introduction QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.1 - Discuss the need for information security DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:25 PM 5. As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 28 H1: Introduction H2: Business Needs First QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.1 - Discuss the need for information security DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:25 PM 6. Two watchdog organizations that investigate allegations of software abuse are the Software & Information Industry Association (SIIA) and National Security Agency (NSA). a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: The 12 Categories of Threats H2: Compromises to Intellectual Property p. 35 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:26 PM 7. A number of technical mechanisms—digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media—have been used to deter or prevent the theft of software intellectual property. Page 2
Name:
Class:
Date:
Module 2 The Need for Information Security a. True b. False ANSWER: POINTS: REFERENCES:
True 1 p. 35 H1: The 12 Categories of Threats H2: Compromises to Intellectual Property QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 8. Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people’s information systems. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: The 12 Categories of Threats H2: Espionage or Trespass p. 39 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 9. Attacks conducted by scripts are usually unpredictable. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 42 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM Page 3
Name:
Class:
Date:
Module 2 The Need for Information Security 10. With the removal of copyright protection mechanisms, software can be easily and illegally distributed
and installed. a. True b. False ANSWER: POINTS: REFERENCES:
True 1 H1: The 12 Categories of Threats H2: Espionage or Trespass p. 45 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/26/2021 6:41 PM 11. Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easyto-guess passwords. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 46 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 12. Forces of nature, sometimes called acts of God, can present some of the most dangerous threats because they usually occur with very little warning and are beyond the control of people. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 47 H1: The 12 Categories of Threats H2: Forces of Nature QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats Page 4
Name:
Class:
Date:
Module 2 The Need for Information Security DATE CREATED: DATE MODIFIED:
9/14/2016 10:31 AM 3/8/2017 5:27 PM
13. Much human error or failure can be prevented with effective training and ongoing awareness activities. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 50 H1: The 12 Categories of Threats H2: Human Error or Failure QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 14. An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 51 H1: The 12 Categories of Threats H2: Human Error or Failure QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 15. Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 56 H1: The 12 Categories of Threats H2: Sabotage or Vandalism QUESTION TYPE: True / False HAS VARIABLES: False Page 5
Name:
Class:
Date:
Module 2 The Need for Information Security LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 16. Suppose an act of theft performed by a hacker was accompanied by defacement actions to delay discovery. The first act is obviously in the category of “theft” but the second act is another category—in this case it is a “force of nature.” a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: The 12 Categories of Threats H2: Sabotage or Vandalism p. 56 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.2 - Explain why a successful information security program is the shared responsibility of the entire organization DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:26 PM 17. A worm requires that another program is running before it can begin functioning. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: The 12 Categories of Threats H2: Software Attacks p. 60 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 18. A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 62 H1: The 12 Categories of Threats H2: Software Attacks Page 6
Name:
Class:
Date:
Module 2 The Need for Information Security QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 19. DoS attacks cannot be launched against routers. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 63 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 20. An e-mail bomb is a form of DoS attack. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 64 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/5/2021 7:35 PM 21. A sniffer program can reveal data transmitted on a network segment, including passwords, the embedded and attached files—such as word-processing documents—and sensitive data transmitted to or from applications. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 65 Page 7
Name:
Class:
Date:
Module 2 The Need for Information Security H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/9/2017 9:40 AM 22. When electronic information is stolen, the crime is readily apparent. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 73 H1: The 12 Categories of Threats H2: Theft QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:27 PM Modified True / False 23. Media assets are the focus of information security and are the information that has value to the organization, as well as the systems that store, process, and transmit the information. ______ ANSWER: False - Information POINTS: 1 REFERENCES: p. 28 H1: Introduction to Information Security QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.1 - Discuss the need for information security DATE CREATED: 12/28/2016 9:35 AM DATE MODIFIED: 4/26/2021 6:41 PM 24. Intellectual property is defined as “the creation, ownership, and control of ideas as well as the representation of those ideas.” ______ ANSWER: True POINTS: 1 REFERENCES: p. 34 H1: The 12 Categories of Threats Page 8
Name:
Class:
Date:
Module 2 The Need for Information Security H2: Compromises to Intellectual Property QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 25. When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. ______ ANSWER: False - spike POINTS: 1 REFERENCES: p. 39 H1: The 12 Categories of Threats H2: Deviations in Quality of Service QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 26. Hackers are “persons who access systems and information without authorization and often illegally.” ______ ANSWER: True POINTS: 1 REFERENCES: H1: The 12 Categories of Threats H2: Compromises to Intellectual Property p. 40 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 27. "Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance. ______ ANSWER: False - surfing POINTS: 1 REFERENCES: p. 40 H1: The 12 Categories of Threats H2: Compromises to Intellectual Property Page 9
Name:
Class:
Date:
Module 2 The Need for Information Security QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 28. Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. ______ ANSWER: False - monkeys POINTS: 1 REFERENCES: p. 42 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 29. The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. ______ ANSWER: False - cracker POINTS: 1 REFERENCES: p. 45 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 30. The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. ______ ANSWER: False - brute force POINTS: 1 REFERENCES: p. 45 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Modified True / False Page 10
Name:
Class:
Date:
Module 2 The Need for Information Security HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 31. Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. ______ ANSWER: True POINTS: 1 REFERENCES: p. 57 H1: The 12 Categories of Threats H2: Sabotage or Vandalism QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 32. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. ______ ANSWER: True POINTS: 1 REFERENCES: p. 58 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 33. Software code known as a(n) cookie can allow an attacker to track a victim's activity on Web sites. ______ ANSWER: True POINTS: 1 REFERENCES: p. 59 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 11
Name:
Class:
Date:
Module 2 The Need for Information Security LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 34. The macro virus infects the key operating system files located in a computer’s start-up sector. ______ ANSWER: False - boot POINTS: 1 REFERENCES: p. 60 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 35. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. ______ ANSWER: True POINTS: 1 REFERENCES: p. 62 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 36. Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. ______ ANSWER: False - virus False - worm POINTS: 1 REFERENCES: p. 63 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 12
Name:
Class:
Date:
Module 2 The Need for Information Security LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 37. One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. ______ ANSWER: False - bomb POINTS: 1 REFERENCES: p. 64 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 38. A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. ______ ANSWER: False - packet POINTS: 1 REFERENCES: p. 65 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM Multiple Choice 39. Which of the following functions does information security perform for an organization? a. Protecting the organization’s ability to function. b. Enabling the safe operation of applications implemented on the organization’s IT systems. c. Protecting the data the organization collects and uses. d. All of the above. ANSWER: d POINTS: 1 REFERENCES: p. 28 Page 13
Name:
Class:
Date:
Module 2 The Need for Information Security H1: Introduction to Information Security QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.1 - Discuss the need for information security DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 40. The process of maintaining the confidentiality, integrity, and availability of data managed by a DBMS is known as ______ security. a. database b. data c. information d. residual ANSWER: a POINTS: 1 REFERENCES: H1: Introduction to Information Security H2: Business Needs First p. 29 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.2 - Explain why a successful information security program is the shared responsibility of the entire organization DATE CREATED: 12/28/2016 9:39 AM DATE MODIFIED: 4/7/2021 6:34 PM 41. Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. a. SSL b. SLA c. MSL d. MIN ANSWER: b POINTS: 1 REFERENCES: p. 37 H1: The 12 Categories of Threats H2: Deviations in Quality of Service QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 42. A short-term interruption in electrical power availability is known as a ____. a. fault b. brownout c. blackout d. lag ANSWER: a Page 14
Name:
Class:
Date:
Module 2 The Need for Information Security POINTS: REFERENCES:
1 p. 39 H1: The 12 Categories of Threats H2: Deviations in Quality of Service QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 43. When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting ______. a. industrial espionage b. competitive intelligence c. opposition research d. hostile investigation ANSWER: a POINTS: 1 REFERENCES: p. 39 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/15/2016 12:27 PM DATE MODIFIED: 4/7/2021 6:34 PM 44. A long-term interruption (outage) in electrical power availability is known as a(n) ______. a. blackout b. sag c. brownout d. fault ANSWER: a POINTS: 1 REFERENCES: p. 39 H1: The 12 Categories of Threats H2: Deviations in Quality of Service QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/28/2016 9:44 AM DATE MODIFIED: 4/7/2021 6:34 PM Page 15
Name:
Class:
Date:
Module 2 The Need for Information Security 45. Hackers can be generalized into two skill groups: expert and ______. a. novice b. journeyman c. packet monkey d. professional ANSWER: a POINTS: 1 REFERENCES: p. 40 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 46. Acts of ______ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. a. bypass b. theft c. trespass d. security ANSWER: c POINTS: 1 REFERENCES: p. 40 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 47. The ______ data file contains the hashed representation of the user’s password. a. SLA b. SNMP c. FBI d. SAM ANSWER: d POINTS: 1 REFERENCES: p. 46 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM Page 16
Name:
Class:
Date:
Module 2 The Need for Information Security DATE MODIFIED:
4/7/2021 6:34 PM
48. A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system’s encrypted password file is known as a(n) ______. a. rainbow table b. dictionary c. crib d. crack file ANSWER: a POINTS: 1 REFERENCES: p. 46 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/28/2016 10:21 AM DATE MODIFIED: 4/7/2021 6:34 PM 49. Human error or failure often can be prevented with training, ongoing awareness activities, and ______. a. threats b. controls c. hugs d. paperwork ANSWER: b POINTS: 1 REFERENCES: p. 50 H1: The 12 Categories of Threats H2: Human Error or Failure QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 7:05 PM 50. Advance-Fee fraud is an example of a ______ attack. a. social engineering b. virus c. worm d. spam ANSWER: a POINTS: 1 REFERENCES: p. 51 H1: The 12 Categories of Threats H2: Human Error or Failure QUESTION TYPE: Multiple Choice Page 17
Name:
Class:
Date:
Module 2 The Need for Information Security HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/26/2021 6:42 PM 51. One form of online vandalism is ______ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. a. hacktivist b. phreak c. hackcyber d. cyberhack ANSWER: a POINTS: 1 REFERENCES: p. 56 H1: The 12 Categories of Threats H2: Sabotage or Vandalism QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 52. ______ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents. a. infoterrorism b. cyberterrorism c. hacking d. cracking ANSWER: b POINTS: 1 REFERENCES: p. 57 H1: The 12 Categories of Threats H2: Sabotage or Vandalism QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 53. ____ is any technology that aids in gathering information about a person or organization without their knowledge. a. A bot b. Spyware c. A Trojan d. A worm ANSWER: b POINTS: 1 REFERENCES: p. 59 H1: The 12 Categories of Threats Page 18
Name:
Class:
Date:
Module 2 The Need for Information Security H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:29 PM 54. ______ are malware programs that hide their true nature and reveal their designed behavior only when activated. a. Viruses b. Worms c. Spam d. Trojan horses ANSWER: d POINTS: 1 REFERENCES: p. 62 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 55. Which of the following is an example of a Trojan horse program? a. Netsky b. MyDoom c. Klez d. Happy99.exe ANSWER: d POINTS: 1 REFERENCES: p. 62 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 9/14/2016 10:31 AM 56. As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ______. a. false alarms b. polymorphisms c. hoaxes d. urban legends ANSWER: c POINTS: 1 REFERENCES: p. 63 Page 19
Name:
Class:
Date:
Module 2 The Need for Information Security H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 57. In a ______ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources. a. denial-of-service b. distributed denial-of-service c. virus d. spam ANSWER: a POINTS: 1 REFERENCES: p. 63 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 58. A ______ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. a. denial-of-service b. distributed denial-of-service c. virus d. spam ANSWER: b POINTS: 1 REFERENCES: p. 63 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 59. ______ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. a. Drones b. Helpers c. Zombies d. Servants Page 20
Name:
Class:
Date:
Module 2 The Need for Information Security ANSWER: POINTS: REFERENCES:
c 1 p. 63 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 60. In the ______ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. a. zombie-in-the-middle b. sniff-in-the-middle c. server-in-the-middle d. man-in-the-middle ANSWER: d POINTS: 1 REFERENCES: p. 66 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 61. The ______ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. a. WWW b. TCP c. FTP d. HTTP ANSWER: b POINTS: 1 REFERENCES: p. 66 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 62. The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as ______. Page 21
Name:
Class:
Date:
Module 2 The Need for Information Security a. pharming b. phishing c. sniffing d. spoofing ANSWER: POINTS: REFERENCES:
a 1 p. 66 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/28/2016 10:24 AM DATE MODIFIED: 4/7/2021 6:34 PM 63. The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures, is known as ______. a. mean time between failure (MTBF) b. mean time to diagnose (MTTD) c. mean time to failure (MTTF) d. mean time to repair (MTTR) ANSWER: a POINTS: 1 REFERENCES: p. 67 H1: The 12 Categories of Threats H2: Technical Hardware Failures or Errors QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/28/2016 10:27 AM DATE MODIFIED: 4/7/2021 6:34 PM 64. The average amount of time until the next hardware failure is known as ______. a. mean time between failure (MTBF) b. mean time to diagnose (MTTD) c. mean time to failure (MTTF) d. mean time to repair (MTTR) ANSWER: c POINTS: 1 REFERENCES: p. 67 H1: The 12 Categories of Threats H2: Technical Hardware Failures or Errors Page 22
Name:
Class:
Date:
Module 2 The Need for Information Security QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/28/2016 10:29 AM DATE MODIFIED: 4/7/2021 6:34 PM 65. Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) longer than ______ characters in Internet Explorer 4.0, the browser will crash. a. 64 b. 128 c. 256 d. 512 ANSWER: c POINTS: 1 REFERENCES: p. 69 H1: The 12 Categories of Threats H2: Technical Software Failures or Errors QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM Completion 66. A(n) ______ is a potential risk to an information asset. ANSWER: threat POINTS: 1 REFERENCES: H1: Information Security Threats And Attacks p. 30 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 67. A(n) ______ is an act against an asset that could result in a loss. ANSWER: attack POINTS: 1 REFERENCES: p. 30 H1: Information Security Threats And Attacks Page 23
Name:
Class:
Date:
Module 2 The Need for Information Security QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 68. Duplication of software-based intellectual property is more commonly known as software ______. ANSWER: piracy POINTS: 1 REFERENCES: p. 34 H1: The 12 Categories of Threats H2: Compromises to Intellectual Property QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 69. ______ is the percentage of time a particular service is available. ANSWER: uptime up-time up time POINTS: 1 REFERENCES: p. 38 H1: The 12 Categories of Threats H2: Deviations in Quality of Service QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/28/2016 9:42 AM DATE MODIFIED: 4/7/2021 6:34 PM 70. A momentary low voltage is called a(n) ______. ANSWER: sag POINTS: 1 REFERENCES: p. 39 H1: The 12 Categories of Threats H2: Compromises to Intellectual Property QUESTION TYPE: Completion Page 24
Name:
Class:
Date:
Module 2 The Need for Information Security HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/8/2021 11:39 AM 71. Some information gathering techniques are quite legal—for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ______. ANSWER: intelligence POINTS: 1 REFERENCES: p. 39 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 72. When information gatherers employ techniques in a commercial setting that cross the threshold of what is legal or ethical, they are conducting industrial ______. ANSWER: espionage POINTS: 1 REFERENCES: p. 39 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 73. The expert hacker sometimes is called a(n) ______ hacker. ANSWER: elite POINTS: 1 REFERENCES: p. 40 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Completion HAS VARIABLES: False Page 25
Name:
Class:
Date:
Module 2 The Need for Information Security STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 74. Script ______ are hackers of limited skill who use expertly written software to attack a system. ANSWER: kiddies POINTS: 1 REFERENCES: p. 42 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 75. A(n) ______ hacks the public telephone network to make free calls or disrupt services. ANSWER: phreaker POINTS: 1 REFERENCES: p. 45 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 76. Attempting to reverse-calculate a password is called ______. ANSWER: cracking POINTS: 1 REFERENCES: p. 45 H1: The 12 Categories of Threats H2: Espionage or Trespass QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats Page 26
Name:
Class:
Date:
Module 2 The Need for Information Security DATE CREATED: DATE MODIFIED:
9/14/2016 10:31 AM 4/7/2021 6:34 PM
77. In the context of information security, ESD is the acronym for ______ discharge. ANSWER: electrostatic POINTS: 1 REFERENCES: p. 49 H1: The 12 Categories of Threats H2: Forces of Nature QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/8/2021 11:46 AM 78. In the context of information security, ______ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. ANSWER: social engineering POINTS: 1 REFERENCES: p. 50 H1: The 12 Categories of Threats H2: Human Error or Failure QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/8/2021 11:46 AM 79. The ______ fraud is a social engineering attack that involves convincing the victim to participate in a seeming moneymaking venture while getting the victim to pay fees or bribes or to refund uncleared international payments. ANSWER: advance-fee advance fee POINTS: 1 REFERENCES: p. 51 H1: The 12 Categories of Threats H2: Human Error or Failure QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats Page 27
Name:
Class:
Date:
Module 2 The Need for Information Security DATE CREATED: DATE MODIFIED:
9/14/2016 10:31 AM 4/7/2021 6:34 PM
80. A computer virus consists of segments of code that perform ______ actions. ANSWER: malicious POINTS: 1 REFERENCES: p. 59 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 81. A(n) ______ is a malicious program that replicates itself constantly without requiring another program environment. ANSWER: worm POINTS: 1 REFERENCES: p. 60 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 82. A virus or worm can have a payload that installs a(n) ______ door or trap door component in a system, which allows the attacker to access the system at will with special privileges. ANSWER: back POINTS: 1 REFERENCES: p. 63 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM Page 28
Name:
Class:
Date:
Module 2 The Need for Information Security 83. ______ is unsolicited commercial e-mail. ANSWER: Spam POINTS: 1 REFERENCES: p. 64 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 84. ______ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. ANSWER: Spoofing POINTS: 1 REFERENCES: p. 65 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM 85. ______ occurs when an application running on a Web server inserts commands into a user’s browser session and causes information to be sent to a hostile server. ANSWER: cross-site scripting (XSS) cross-site scripting XSS cross site scripting (XSS) cross site scripting POINTS: REFERENCES:
1 p. 68 H1: The 12 Categories of Threats H2: Technical Software Failures or Errors QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 29
Name:
Class:
Date:
Module 2 The Need for Information Security LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 12/28/2016 10:30 AM DATE MODIFIED: 4/7/2021 6:34 PM 86. A(n) ______ is an application error that occurs when more data is sent to a program than it is designed to handle. ANSWER: buffer overrun buffer overflow POINTS: 1 REFERENCES: p. 69 H1: The 12 Categories of Threats H2: Technical Software Failures or Errors QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 4/7/2021 6:34 PM Essay 87. There are 12 general categories of threat to an organization's people, information, and systems. List at least six of the general categories of threat and identify at least one example of those listed. ANSWER: Compromises to intellectual property Software attacks Deviations in quality of service Espionage or trespass Forces of nature Human error or failure Information extortion Sabotage or vandalism Theft Technical hardware failures or errors Technical software failures or errors Technological obsolescence POINTS: 1 REFERENCES: p. 34 H1: The 12 Categories of Threats QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:38 PM Page 30
Name:
Class:
Date:
Module 2 The Need for Information Security 88. Describe viruses and worms. ANSWER: A computer virus consists of segments of code that perform malicious actions. This code behaves very much like a virus pathogen attacking animals and plants, using the cell’s own replication machinery to propagate and attack. The code attaches itself to the existing program and takes control of that program’s access to the targeted computer. The viruscontrolled target program then carries out the virus’s plan by replicating itself into additional targeted systems. A worm is a malicious program that replicates itself constantly without requiring another program to provide a safe environment for replication. Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth. POINTS: 1 REFERENCES: p. 59 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:38 PM 89. Describe the capabilities of a sniffer. ANSWER: A sniffer is a program or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information from a network. Unauthorized sniffers can be extremely dangerous to a network’s security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker’s arsenal. Sniffers often work on TCP/IP networks, where they’re sometimes called packet sniffers. Sniffers add risk to the network because many systems and users send information on local networks in clear text. A sniffer program shows all the data going by, including passwords, the data inside files, and screens full of sensitive data from applications. POINTS: 1 REFERENCES: p. 65 H1: The 12 Categories of Threats H2: Software Attacks QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 9/14/2016 10:31 AM DATE MODIFIED: 3/8/2017 5:39 PM Subjective Short Answer Page 31
Name:
Class:
Date:
Module 2 The Need for Information Security 90. Why is information security a management problem? What can management do that technology cannot? ANSWER: General management, IT management, and information security management are each responsible for implementing information security that protects the organization’s ability to function. Although many business and government managers shy away from addressing information security because they perceive it to be a technically complex task, implementing information security actually has more to do with management than technology. Just as managing payroll involves management more than mathematical wage computations, managing information security has more to do with policy and its enforcement than the technology of its implementation. POINTS: REFERENCES:
1 p. 29 H1: Introduction To The Need For Information Security H2: Business Needs First QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.2 - Explain why a successful information security program is the shared responsibility of the entire organization DATE CREATED: 4/8/2021 12:11 PM DATE MODIFIED: 4/8/2021 12:12 PM 91. What is information extortion? Describe how such an attack can cause losses. ANSWER:
When an attacker can control access to an asset, it can be held hostage to the attacker’s demands. For example, if attackers gain access to a database and then encrypt its data, they may extort money or other value from the owner by threatening to share the encryption key and the data with others. POINTS: 1 REFERENCES: p. 54 H1: The 12 Categories of Threats H2: Information Extortion QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.3 - List and describe the threats posed to information security and common attacks associated with those threats DATE CREATED: 4/8/2021 12:17 PM DATE MODIFIED: 4/8/2021 12:18 PM 92. What is a SQL Injection? ANSWER: SQL injection occurs when developers fail to properly validate user input before using it to query a relational database allowing an attacker to gain unauthorized access to data. POINTS: 1 REFERENCES: H1: The 12 Categories of Threats H2: Technical Software Failures or Errors Page 32
Name:
Class:
Date:
Module 2 The Need for Information Security p. 68 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.02.4 - List the common information security issues that result from poor software development efforts DATE CREATED: 4/8/2021 12:21 PM DATE MODIFIED: 4/8/2021 12:23 PM
Page 33
Name:
Class:
Date:
Module 3 Information Security Management True / False 1. A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Information Security Policy, Standards, And Practices H2: Policy as the Foundation for Planning p. 88 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:37 AM DATE MODIFIED: 3/8/2017 6:27 PM 2. Good security programs begin and end with policy. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 88 H1: Information Security Policy, Standards, And Practices QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:37 AM DATE MODIFIED: 9/14/2016 10:37 AM 3. The ISSP is a plan which sets out the requirements that must be met by the information security blueprint or framework. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 91 H1: Information Security Policy, Standards, And Practices H2: Issue-Specific Security Policy QUESTION TYPE: True / False HAS VARIABLES: False Page 1
Name:
Class:
Date:
Module 3 Information Security Management LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:37 AM DATE MODIFIED: 12/28/2016 3:23 PM 4. You can create a single, comprehensive ISSP document covering all information security issues. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 92 H1: Information Security Policy, Standards, And Practices H2: Issue-Specific Security Policy QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:37 AM DATE MODIFIED: 3/8/2017 6:28 PM 5. Each policy should contain procedures and a timetable for periodic review. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 94 H1: Information Security Policy, Standards, And Practices H2: Issue-Specific Security Policy QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:37 AM DATE MODIFIED: 9/14/2016 10:37 AM 6. A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company will provide for the employee's legal defense. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 94 Page 2
Name:
Class:
Date:
Module 3 Information Security Management H1: Information Security Policy, Standards, And Practices H2: Issue-Specific Security Policy QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:37 AM DATE MODIFIED: 4/27/2021 7:31 PM 7. A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 95 H1: Information Security Policy, Standards, And Practices H2: System-Specific Security Policy QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:37 AM DATE MODIFIED: 9/14/2016 10:37 AM 8. ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 97 H1: Information Security Policy, Standards, And Practices H2: System-Specific Security Policy QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 9. To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making Page 3
Name:
Class:
Date:
Module 3 Information Security Management recommendations for reviews, and policy issuance and planned revision dates. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Information Security Policy, Standards, And Practices H2: Policy Management p. 103 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively implementing security policy in the organization DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 3/8/2017 6:28 PM 10. The policy administrator is responsible for the creation, revision, distribution, and storage of the policy. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Information Security Policy, Standards, And Practices H2: Policy Management p. 103 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively implementing security policy in the organization DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 11. Every member of the organization's InfoSec department must have a formal degree or certification in information security. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Security Education, Training, And Awareness Program H2: Security Education p. 105 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively Page 4
Name:
Class:
Date:
Module 3 Information Security Management DATE CREATED: DATE MODIFIED:
implementing security policy in the organization 9/14/2016 10:38 AM 9/14/2016 10:38 AM
12. Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Security Education, Training, And Awareness Program H2: Security Training p. 106 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively implementing security policy in the organization DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 13. The security framework is a more detailed version of the security blueprint. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 107 H1: Information Security Blueprint, Models, and Frameworks QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 14. The complete details of ISO/IEC 27002 are widely available to everyone. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 107 H1: Information Security Blueprint, Models, and Frameworks H2: The ISO 27000 Series QUESTION TYPE: True / False HAS VARIABLES: False Page 5
Name:
Class:
Date:
Module 3 Information Security Management LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 12/28/2016 3:52 PM 15. The ISO/IEC 27000 series is derived from an earlier standard, BS7799. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 107 H1: Information Security Blueprint, Models, and Frameworks H2: The ISO 27000 Series QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 12/28/2016 3:49 PM 16. The global information security community has universally agreed with the justification for the code of practices as identified in the ISO/IEC 17799. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 108 H1: Information Security Blueprint, Models, and Frameworks H2: The ISO 27000 Series QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 17. Failure to develop an information security system based on the organization’s mission, vision, and culture guarantees the failure of the information security program. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 110 H1: Information Security Blueprint, Models, and Frameworks H2: NIST Security Models QUESTION TYPE: True / False HAS VARIABLES: False Page 6
Name:
Class:
Date:
Module 3 Information Security Management LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 18. NIST 800-14's Principles for Securing Information Technology Systems can be used to make sure the needed key elements of a successful effort are factored into the design of an information security program and to produce a blueprint for an effective security architecture. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 110 H1: Information Security Blueprint, Models, and Frameworks H2: NIST Security Models QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 3/8/2017 6:28 PM 19. NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans, and provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 111 H1: Information Security Blueprint, Models, and Frameworks H2: NIST Security Models QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 20. In 2016, NIST published a new Federal Master Cybersecurity Framework to create a mandatory framework for managing cybersecurity risk for the delivery of critical infrastructure services at every organization in the United States, based on vendor-specific technologies. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 111 H1: Information Security Blueprint, Models, and Frameworks Page 7
Name:
Class:
Date:
Module 3 Information Security Management H2: NIST Security Models QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 3/8/2017 6:29 PM 21. Managerial controls set the direction and scope of the security process and provide detailed instructions for its conduct. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 114 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 3/8/2017 6:29 PM 22. To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 115 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM Modified True / False 23. The operational plan documents the organization’s intended long-term direction and efforts for the next several years. _____ ANSWER: False - strategic POINTS: 1 REFERENCES: p. 84 H1: Information Security Planning And Governance Page 8
Name:
Class:
Date:
Module 3 Information Security Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 24. Guidelines are detailed statements of what must be done to comply with policy. _____ ANSWER: False - Standards POINTS: 1 REFERENCES: p. 88 H1: Information Security Policy, Standards, And Practices H2: Policy as the Foundation for Planning QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 25. A(n) strategic information security policy is also known as a general security policy, and sets the strategic direction, scope, and tone for all security efforts. _____ ANSWER: False - enterprise POINTS: 1 REFERENCES: p. 91 H1: Information Security Policy, Standards, And Practices H2: Enterprise Information Security Policy QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:32 PM 26. Systems-specific security policies are organizational policies that provide detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies. _____ ANSWER: False - Issue POINTS: 1 REFERENCES: p. 91 H1: Information Security Policy, Standards, And Practices Page 9
Name:
Class:
Date:
Module 3 Information Security Management H2: Issue-Specific Security Policy QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 27. A security policy should begin with a clear statement of purpose. _____ ANSWER: True POINTS: 1 REFERENCES: p. 94 H1: Information Security Policy, Standards, And Practices H2: Issue-Specific Security Policy QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 28. A(n) capability table specifies which subjects and objects users or groups can access. _____ ANSWER: True POINTS: 1 REFERENCES: p. 95 H1: Information Security Policy, Standards, And Practices H2: System-Specific Security Policy QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 29. To remain viable, security policies must have a responsible manager, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and revision date. _____ ANSWER: True POINTS: 1 REFERENCES: p. 103 Page 10
Name:
Class:
Date:
Module 3 Information Security Management H1: Information Security Policy, Standards, And Practices H2: Policy Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:32 PM 30. Some policies may also need a(n) sunset clause indicating their expiration date. _____ ANSWER: True POINTS: 1 REFERENCES: p. 104 H1: Information Security Policy, Standards, And Practices H2: Policy Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 31. The Computer Security Resource Center at NIST provides several useful documents free of charge in its special publications area. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Security Education, Training, And Awareness Program H2: Security Training p. 106 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively implementing security policy in the organization DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:33 PM 32. The security model is the basis for the design, selection, and implementation of all security program elements, including policy implementation and ongoing policy and program management. _____ ANSWER: False - blueprint Page 11
Name:
Class:
Date:
Module 3 Information Security Management POINTS: REFERENCES:
1 p. 107 H1: Information Security Blueprint, Models, and Frameworks QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 33. The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security management. _____ ANSWER: True POINTS: 1 REFERENCES: p. 107 H1: Information Security Blueprint, Models, and Frameworks H2: The ISO 27000 Series QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 34. NIST responded to a mandate and created a voluntary Risk Management Framework that provides an effective approach to manage cybersecurity risks. _____ ANSWER: True POINTS: 1 REFERENCES: p. 111 H1: Information Security Blueprint, Models, and Frameworks H2: NIST Security Models QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:34 PM 35. Technical controls are the tactical and technical implementations of security in the organization. _____ ANSWER: True POINTS: 1 REFERENCES: p. 114 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture Page 12
Name:
Class:
Date:
Module 3 Information Security Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 36. One of the basic tenets of security architectures is the layered implementation of security, which is called defense in redundancy. _____ ANSWER: False - depth POINTS: 1 REFERENCES: p. 115 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 37. Within security perimeters the organization can establish security redundancies, each with differing levels of security, between which traffic must be screened. _____ ANSWER: False - domains POINTS: 1 REFERENCES: p. 116 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 38. The key components of the security perimeter include firewalls, DMZs (demilitarized zones), Web servers, and IDPSs. _____ ANSWER: False - proxy POINTS: 1 REFERENCES: p. 116 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 13
Name:
Class:
Date:
Module 3 Information Security Management STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM Multiple Choice 39. Which of these is NOT a unique function of information security management? a. hardware b. planning c. policy d. programs ANSWER: a POINTS: 1 REFERENCES: H1: Introduction To The Management Of Information Security P. 82 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.1 - Describe the different management functions with respect to information security DATE CREATED: 4/21/2021 5:54 PM DATE MODIFIED: 4/27/2021 7:35 PM 40. Which of these is not one of the general categories of security policy? a. Category-specific policy (CSP) b. Enterprise information security policy (EISP) c. Issue-specific security policy (ISSP) d. Systems-specific policy (SysSP) ANSWER: a POINTS: 1 REFERENCES: p. 83 H1: Introduction To The Management Of Information Security H2: Policy QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.1 - Describe the different management functions with respect to information security DATE CREATED: 4/25/2021 1:14 PM DATE MODIFIED: 4/25/2021 1:17 PM 41. A(n) _____ plan is a plan for the organization’s intended efforts over the next several years (long-term). a. standard b. operational c. tactical d. strategic ANSWER: d POINTS: 1 REFERENCES: H1: Information Security Planning And Governance Page 14
Name:
Class:
Date:
Module 3 Information Security Management p. 84 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:36 PM 42. Which of these best defines information security governance? a. The application of the principles and practices of corporate governance to the information security function. b. The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction. c. Executive management’s responsibility to provide strategic direction, ensure the accomplishment of objectives. d. The process of defining and specifying the long-term direction (strategy) to be taken by an organization. ANSWER: a POINTS: 1 REFERENCES: p. 84 H1: Information Security Planning And Governance H2: Information Security Leadership QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 4/25/2021 1:20 PM DATE MODIFIED: 4/25/2021 1:22 PM 43. The goals of information security governance include all but which of the following? a. Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care b. Strategic alignment of information security with business strategy to support organizational objectives c. Risk management by executing appropriate measures to manage and mitigate threats to information resources d. Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved ANSWER: a POINTS: 1 REFERENCES: p. 84 H1: Information Security Planning And Governance H2: Information Security Leadership QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 9/14/2016 10:38 AM Page 15
Name:
Class:
Date:
Module 3 Information Security Management DATE MODIFIED:
9/14/2016 10:38 AM
44. The actions taken by management to specify the short-term goals and objectives of the organization are _____. a. operational planning b. tactical planning c. strategic planning d. contingency planning ANSWER: a POINTS: 1 REFERENCES: p. 87 H1: Information Security Planning And Governance H2: Planning Levels QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 4/25/2021 1:28 PM DATE MODIFIED: 4/27/2021 7:37 PM 45. The actions taken by management to specify the intermediate goals and objectives of the organization are _____. a. operational planning b. tactical planning c. strategic planning d. contingency planning ANSWER: b POINTS: 1 REFERENCES: p. 87 H1: Information Security Planning And Governance H2: Planning Levels QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 4/25/2021 1:25 PM DATE MODIFIED: 4/27/2021 7:37 PM 46. A detailed statement of what must be done to comply with management intent is known as a _____. a. guideline b. standard c. procedure d. practice ANSWER: b POINTS: 1 REFERENCES: p. 88 H1: Information Security Policy, Standards, And Practices H2: Policy as the Foundation for Planning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines Page 16
Name:
Class:
Date:
Module 3 Information Security Management DATE CREATED: DATE MODIFIED:
4/25/2021 1:34 PM 4/27/2021 7:37 PM
47. Standards may be published, scrutinized, and ratified by a group, as in formal or _____ standards. a. de formale b. de public c. de jure d. de facto ANSWER: c POINTS: 1 REFERENCES: p. 88 H1: Information Security Policy, Standards, And Practices H2: Policy as the Foundation for Planning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 48. Nonmandatory recommendations the employee may use as a reference is known as a _____. a. guideline b. standard c. procedure d. practice ANSWER: a POINTS: 1 REFERENCES: p. 88 H1: Information Security Policy, Standards, And Practices H2: Policy as the Foundation for Planning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 4/25/2021 1:32 PM DATE MODIFIED: 4/27/2021 7:37 PM 49. The _____is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts. a. SysSP b. EISP c. GSP d. ISSP ANSWER: b POINTS: 1 REFERENCES: p. 91 H1: Information Security Policy, Standards, And Practices H2: Enterprise Information Security Policy QUESTION TYPE: Multiple Choice Page 17
Name:
Class:
Date:
Module 3 Information Security Management HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 50. The EISP component of _____ provides information on the importance of information security in the organization and the legal and ethical obligation to protect critical information about customers, employees, and markets. a. Need for Information Security b. Information Security Responsibilities and Roles c. Statement of Purpose d. Information Security Elements ANSWER: a POINTS: 1 REFERENCES: p. 92 H1: Information Security Policy, Standards, And Practices H2: Enterprise Information Security Policy QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 4/25/2021 1:38 PM DATE MODIFIED: 4/25/2021 1:40 PM 51. _____often function as standards or procedures to be used when configuring or maintaining systems. a. ESSPs b. EISPs c. ISSPs d. SysSPs ANSWER: d POINTS: 1 REFERENCES: p. 95 H1: Information Security Policy, Standards, And Practices H2: System-Specific Security Policy QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 52. The SETA program is a control measure designed to reduce the instances of _____ security breaches by employees. a. intentional b. external c. accidental d. physical Page 18
Name:
Class:
Date:
Module 3 Information Security Management ANSWER: POINTS: REFERENCES:
c 1 H1: Security Education, Training, And Awareness Program p. 104 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively implementing security policy in the organization DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 53. An information security _____ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training. a. plan b. framework c. model d. policy ANSWER: b POINTS: 1 REFERENCES: p. 107 H1: Information Security Blueprint, Models, and Frameworks QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 54. The stated purpose of ISO/IEC 27002:2013 is to give guidelines for organizational information security standards and information security _____ practices. a. implementation b. certification c. management d. accreditation ANSWER: c POINTS: 1 REFERENCES: p. 107 H1: Information Security Blueprint, Models, and Frameworks H2: The ISO 27000 Series QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/14/2021 7:14 PM 55. When ISO 17799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems? Page 19
Name:
Class:
Date:
Module 3 Information Security Management a. The standard lacked the measurement precision associated with a technical standard. b. It was not as complete as other frameworks. c. The standard was hurriedly prepared, given the tremendous impact its adoption could have on industry information security controls. d. The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799. ANSWER: d POINTS: 1 REFERENCES: p. 108 H1: Information Security Blueprint, Models, and Frameworks H2: The ISO 27000 Series QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:38 PM 56. SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security _____. a. plan b. standard c. policy d. blueprint ANSWER: d POINTS: 1 REFERENCES: p. 110 H1: Information Security Blueprint, Models, and Frameworks H2: NIST Security Models QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 57. According to NIST SP 800-14's security principles, security should _____. a. support the mission of the organization b. require a comprehensive and integrated approach c. be cost-effective d. All of the above ANSWER: d POINTS: 1 REFERENCES: p. 110 H1: Information Security Blueprint, Models, and Frameworks H2: NIST Security Models QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM Page 20
Name:
Class:
Date:
Module 3 Information Security Management DATE MODIFIED:
4/17/2021 2:21 PM
58. In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to _____. a. identify and prioritize opportunities for improvement within the context of a continuous and repeatable process b. assess progress toward a recommended target state c. communicate among local, state, and national agencies about cybersecurity risk d. None of these ANSWER: a POINTS: 1 REFERENCES: p. 111 H1: Information Security Blueprint, Models, and Frameworks H2: NIST Security Models QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 59. The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the _____ side of the organization. a. technology b. Internet c. people d. operational ANSWER: c POINTS: 1 REFERENCES: p. 113 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 60. _____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. a. Managerial b. Technical c. Operational d. Informational ANSWER: a POINTS: 1 REFERENCES: p. 114 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Multiple Choice Page 21
Name:
Class:
Date:
Module 3 Information Security Management HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 61. _____ controls address personnel security, physical security, and the protection of production inputs and outputs. a. Informational b. Operational c. Technical d. Managerial ANSWER: b POINTS: 1 REFERENCES: p. 114 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 62. _____ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection. a. Networking b. Proxy c. Defense in depth d. Best-effort ANSWER: c POINTS: 1 REFERENCES: p. 115 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 63. _____ is a strategy of using multiple types of controls that prevent the failure of one system from compromising the security of information. a. Firewalling b. Hosting c. Redundancy d. Domaining ANSWER: c POINTS: 1 REFERENCES: p. 115 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Multiple Choice Page 22
Name:
Class:
Date:
Module 3 Information Security Management HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:39 PM 64. Redundancy can be implemented at a number of points throughout the security architecture, such as in _____. a. firewalls b. proxy servers c. access controls d. All of the above ANSWER: d POINTS: 1 REFERENCES: p. 115 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 65. Security _____ are the areas of trust within which users can freely communicate. a. perimeters b. domains c. rectangles d. layers ANSWER: b POINTS: 1 REFERENCES: p. 116 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM Completion 66. The _____ of an organization are the intermediate states obtained to achieve progress toward a goal or goals. ANSWER: objectives POINTS: 1 REFERENCES: p. 84 H1: Information Security Planning And Governance QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the Page 23
Name:
Class:
Date:
Module 3 Information Security Management DATE CREATED: DATE MODIFIED:
expectations of the organization’s senior management with respect to it 9/14/2016 10:38 AM 4/17/2021 2:20 PM
67. The process of _____ planning is that of defining and specifying the long-term direction to be taken by an organization. ANSWER: strategic POINTS: 1 REFERENCES: p. 84 H1: Information Security Planning And Governance QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 4/25/2021 1:44 PM DATE MODIFIED: 4/25/2021 1:45 PM 68. The process of _____ governance is the executive management team’s responsibility to provide strategic direction. ANSWER: corporate POINTS: 1 REFERENCES: p. 84 H1: Information Security Planning And Governance QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 4/25/2021 1:47 PM DATE MODIFIED: 4/25/2021 1:48 PM 69. A(n) _____ plan is used to plan for the organization’s intended efforts on a day-to-day basis for the next several months. ANSWER: operational POINTS: 1 REFERENCES: H1: Information Security Planning And Governance H2: Planning Levels p. 87 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.2 - Define information security governance and list the expectations of the organization’s senior management with respect to it DATE CREATED: 4/25/2021 1:50 PM Page 24
Name:
Class:
Date:
Module 3 Information Security Management DATE MODIFIED:
4/27/2021 7:39 PM
70. A(n) _____ directs members of an organization as to how issues should be addressed and how technologies should be used. ANSWER: policy POINTS: 1 REFERENCES: p. 88 H1: Information Security Policy, Standards, And Practices QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 71. _____-specific security policies often function as standards or procedures to be used when configuring or maintaining security technologies. ANSWER: Systems POINTS: 1 REFERENCES: p. 95 H1: Information Security Policy, Standards, And Practices H2: System-Specific Security Policy QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/27/2021 7:40 PM 72. A(n) _____ control list is a specification of authorization that govern the rights and privileges of users to a particular information asset. ANSWER: access POINTS: 1 REFERENCES: p. 95 H1: Information Security Policy, Standards, And Practices H2: System-Specific Security Policy QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, Page 25
Name:
Class:
Date:
Module 3 Information Security Management DATE CREATED: DATE MODIFIED:
procedures, and guidelines 4/25/2021 1:54 PM 4/25/2021 1:56 PM
73. _____ rules are the instructions a system administrator codes into a server, networking device, or security device to specify how it operates. ANSWER: configuration POINTS: 1 REFERENCES: H1: Information Security Policy, Standards, And Practices H2: System-Specific Security Policy p. 97 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 4/25/2021 1:58 PM DATE MODIFIED: 4/25/2021 1:59 PM 74. Policy _____ means the employee must agree to the policy which means policies must be agreed to by act or affirmation. ANSWER: compliance POINTS: 1 REFERENCES: p. 100 H1: Information Security Policy, Standards, And Practices H2: Developing and Implementing Effective Security Policy QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 4/25/2021 2:00 PM DATE MODIFIED: 4/25/2021 2:01 PM 75. It is good practice for the policy _____ to solicit input both from technically adept information security experts and from business-focused managers in each community of interest when making revisions to security policies. ANSWER: administrator POINTS: 1 REFERENCES: p. 103 H1: Information Security Policy, Standards, And Practices H2: Policy Management QUESTION TYPE: Completion HAS VARIABLES: False Page 26
Name:
Class:
Date:
Module 3 Information Security Management STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 76. Some policies may need a(n) _____ indicating their expiration date. ANSWER: sunset clause POINTS: 1 REFERENCES: p. 104 H1: Information Security Policy, Standards, And Practices H2: Policy Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 77. The security _____ is an outline or structure of the organization’s overall information security strategy that is used as a road map for planned changes to its information security environment. ANSWER: framework POINTS: 1 REFERENCES: p. 107 H1: Information Security Blueprint, Models, and Frameworks QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 78. _____ controls are information security safeguards focusing on lower-level planning that deals with the functionality of the organization’s security. These safeguards include disaster recovery and incident response planning. ANSWER: Operational POINTS: 1 REFERENCES: p. 114 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 27
Name:
Class:
Date:
Module 3 Information Security Management LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 79. Implementing multiple types of technology and thereby precluding that the failure of one system will compromise the security of information is referred to as _____. ANSWER: redundancy defense in depth POINTS: 1 REFERENCES: p. 115 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 80. _____ controls are information security safeguards that focus on the application of modern technologies, systems, and processes to protect information assets. ANSWER: Technical POINTS: 1 REFERENCES: p. 114 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 81. _____ controls are security processes that are designed by strategic planners and implemented by the security administration of the organization. ANSWER: Managerial POINTS: 1 REFERENCES: p. 114 H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM Page 28
Name:
Class:
Date:
Module 3 Information Security Management DATE MODIFIED:
4/17/2021 2:20 PM
82. A security _____ defines the boundary between the outer limit of an organization’s security and the beginning of the outside world. ANSWER: perimeter POINTS: 1 REFERENCES: H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture p. 115 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM Essay 83. What three purposes does the ISSP serve? ANSWER: The issue-specific security policy, or ISSP, 1) addresses specific areas of technology, 2) requires frequent updates, and 3) contains a statement about the organization’s position on a specific issue. POINTS: 1 REFERENCES: p. 91 H1: Information Security Policy, Standards, And Practices H2: Issue-Specific Security Policy QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 3/8/2017 6:49 PM 84. What is the purpose of security education, training, and awareness (SETA)? ANSWER: The purpose of SETA is to enhance security by: Improving awareness of the need to protect system resources Developing skills and knowledge so computer users can perform their jobs more securely Building in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems POINTS: 1 REFERENCES: H1: Security Education, Training, And Awareness Program p. 105 QUESTION TYPE: Essay HAS VARIABLES: False Page 29
Name:
Class:
Date:
Module 3 Information Security Management STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively implementing security policy in the organization DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM Subjective Short Answer 85. List and briefly describe the general categories of information security policy. ANSWER:
In InfoSec, there are three general policy categories:
• Enterprise information security policy (EISP)—Developed within the
context of the strategic IT plan, this sets the tone for the InfoSec department and the InfoSec climate across the organization. The CISO typically drafts the program policy, which is usually supported and signed by the CIO or the CEO. • Issue-specific security policies (ISSPs)—These are sets of rules that define acceptable behavior within a specific organizational resource, such as email or Internet usage. • Systems-specific policies (SysSPs)—A merger of technical and managerial intent, SysSPs include both the managerial guidance for the implementation of a technology as well as the technical specifications for its configuration. POINTS: REFERENCES:
1 H1: Information Security Policy, Standards, And Practices p. 90 H2: Policy as the Foundation for Planning QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.3 - Describe management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines DATE CREATED: 4/25/2021 2:06 PM DATE MODIFIED: 4/27/2021 7:41 PM 86. What is the purpose of the SETA program? ANSWER: The purpose of SETA is to enhance security by doing the following: • Improving awareness of the need to protect system resources • Developing skills and knowledge so computer users can perform their jobs more securely • Building in-depth knowledge as needed to design, implement, or operate security programs for organizations and systems POINTS:
1 Page 30
Name:
Class:
Date:
Module 3 Information Security Management REFERENCES:
H1: Security Education, Training, And Awareness Program p. 104 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.03.4 - List the elements in an effective security education, training, and awareness program and describe a methodology for effectively implementing security policy in the organization DATE CREATED: 4/25/2021 2:14 PM DATE MODIFIED: 4/25/2021 2:15 PM 87. Briefly describe management, operational, and technical controls, and explain when each would be applied
as part of a security framework. ANSWER:
Management controls cover security processes that are designed by strategic planners and implemented by an organization’s security administration. These designs include setting the direction and scope of the security processes and provide detailed instruction for their conduct. Operational controls deal with the functionality of security in the organization, including disaster recovery and incident response planning.
Technical controls address tactical and technical issues related to designing and implementing security in the organization, as well as issues related to examining and selecting appropriate technologies for protecting information. POINTS: 1 REFERENCES: H1: Information Security Blueprint, Models, and Frameworks H2: Design of the Security Architecture p. 114 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.03.5 - Discuss the Dental Practice Act. DATE CREATED: 4/25/2021 2:11 PM DATE MODIFIED: 4/25/2021 2:12 PM
Page 31
Name:
Class:
Date:
Module 4 Risk Management True / False 1. The upper management of an organization must structure the IT and information security functions to defend the organization’s information assets. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Introduction to Risk Management p. 122 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 9/14/2016 10:42 AM 2. According to Sun Tzu, if you know yourself and know your enemy, you have an average chance to be successful in an engagement. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 122 H1: Introduction to Risk Management H2: Sun Tzu and the Art of Risk Management QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 3/8/2017 9:17 PM 3. Knowing yourself means identifying, examining, and understanding the threats facing the organization's information assets. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 122 H1: Introduction to Risk Management H2: Sun Tzu and the Art of Risk Management QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 9/14/2016 10:42 AM Page 1
Name:
Class:
Date:
Module 4 Risk Management DATE MODIFIED:
5/17/2021 6:57 PM
4. Risk control, also known as risk treatment, is the application of controls that reduce the risks to an organization’s information assets to an acceptable level. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 123 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.2 - Explain the risk management framework and process model, including major components DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 5/17/2021 6:58 PM 5. In addition to their other responsibilities, the three communities of interest are responsible for determining which control options are cost effective for the organization. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 125 H1: The Risk Management Framework H2: The Roles of the Communities of Interest QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.2 - Explain the risk management framework and process model, including major components DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 3/8/2017 9:18 PM 6. Residual risk is the risk that organizations are willing to accept even after current current controls have been applied. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: The Risk Management Framework H2: Defining the Organization’s Risk Tolerance and Risk Appetite p. 126 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk Page 2
Name:
Class:
Date:
Module 4 Risk Management DATE CREATED: DATE MODIFIED:
9/14/2016 10:42 AM 5/17/2021 6:59 PM
7. The organization should adopt naming standards that do not convey information to potential system attackers. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Identification p. 132 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 5/17/2021 6:59 PM 8. Identifying human resources, documentation, and data information assets of an organization is easier than identifying hardware and software assets. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 133 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 5/17/2021 7:00 PM 9. A data classification scheme is a formal access control methodology used to assign a level of availability to an information asset and thus restrict when people who can access it. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 134 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented Page 3
Name:
Class:
Date:
Module 4 Risk Management DATE CREATED: DATE MODIFIED:
9/14/2016 10:42 AM 5/17/2021 7:01 PM
10. Within a data classification scheme, "comprehensive" means that an information asset should fit in only one category. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 135 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 3/8/2017 9:19 PM 11. A security clearance is a component of a data classification scheme that assigns a status level to systems to designate the maximum level of classified data that may be stored on them. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 135 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 3/8/2017 9:19 PM 12. When determining the relative importance of each asset, refer to the organization’s mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 135 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented Page 4
Name:
Class:
Date:
Module 4 Risk Management DATE CREATED: DATE MODIFIED:
9/14/2016 10:42 AM 9/14/2016 10:42 AM
13. When it is necessary to calculate, estimate, or derive values for information assets, you might give consideration to the value incurred from the cost of protecting the information. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis p. 162 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 9/14/2016 10:42 AM 14. The value of information to the organization's competition should influence the asset's valuation. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 162 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 9/14/2016 10:42 AM 15. You cannot use qualitative measures to rank information asset values. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 139 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:42 AM Page 5
Name:
Class:
Date:
Module 4 Risk Management DATE MODIFIED:
9/14/2016 10:42 AM
16. The threats-vulnerabilities-assets (TVA) worksheet is a document that shows a comparative ranking of prioritized assets against prioritized threats, with an indication of any vulnerabilities in the asset/threat pairings. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 141 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 9/14/2016 10:42 AM 17. Risk mitigation is the risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards, but it is not the preferred approach to controlling risk. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Risk Treatment/Risk Response p. 152 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.6 - Describe various options for a risk treatment strategy DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 5/17/2021 7:02 PM 18. If the acceptance risk treatment strategy is used to handle every vulnerability in the organization, its managers may be unable to conduct proactive security activities and may portray an apathetic approach to security in general. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Risk Treatment/Risk Response H2: Risk Acceptance p. 154 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.6 - Describe various options for a risk treatment strategy DATE CREATED: 9/14/2016 10:42 AM Page 6
Name:
Class:
Date:
Module 4 Risk Management DATE MODIFIED:
5/17/2021 7:03 PM
19. To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 157 H1: Managing Risk QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 3/8/2017 9:21 PM 20. In a cost-benefit analysis, a single loss expectancy (SLE) is the calculated value associated with the most likely loss from an attack; the SLE is the product of the asset’s value and the annualized loss expectancy. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 163 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 3/8/2017 9:22 PM 21. Some information security experts argue that it is virtually impossible to determine the true value of information and information-bearing assets. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 161 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:42 AM Page 7
Name:
Class:
Date:
Module 4 Risk Management DATE MODIFIED:
9/14/2016 10:42 AM
22. Cost-benefit analyses (CBAs) cannot be calculated after controls have been functioning for a time, as observation over time prevents precision in evaluating the benefits of the safeguard and determining whether it is functioning as intended. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 163 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:42 AM DATE MODIFIED: 3/8/2017 9:22 PM Modified True / False 23. When an organization depends on IT-based systems to remain viable, InfoSec and the discipline of asset management must become an integral part of the economic basis for making business decisions. _____ ANSWER: False - risk POINTS: 1 REFERENCES: H2: Sun Tzu and the Art of Risk Management H1: Introduction to Risk Management p. 122 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 5/5/2021 6:07 PM DATE MODIFIED: 5/5/2021 6:08 PM 24. Establishing a competitive business model, method, or technique enables an organization to provide a product or service that is superior and creates a(n) competitive advantage. _____ ANSWER: True POINTS: 1 REFERENCES: p. 122 H1: Introduction to Risk Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM Page 8
Name:
Class:
Date:
Module 4 Risk Management 25. "Know the enemy" means identifying, examining, and understanding the competition facing the organization. _____ ANSWER: False - threats False - threat POINTS: 1 REFERENCES: H1: Introduction to Risk Management H2: Sun Tzu and the Art of Risk Management p. 123 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 5/5/2021 6:10 PM DATE MODIFIED: 5/17/2021 7:06 PM 26. The identification, analysis, and evaluation of risk as initial parts of risk management is called risk assessment. _____ ANSWER: True POINTS: 1 REFERENCES: H1: The Risk Management Framework p. 123 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 5/5/2021 6:13 PM DATE MODIFIED: 5/5/2021 6:14 PM 27. The RM policy is a strategic document that formalizes much of the intent of the Infosec group. _____ ANSWER: False - governance POINTS: 1 REFERENCES: H1: The Risk Management Framework p. 125 H2: The RM Policy QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 5/5/2021 6:17 PM DATE MODIFIED: 5/17/2021 7:08 PM 28. Risk acceptance defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. _____ ANSWER: False - appetite Page 9
Name:
Class:
Date:
Module 4 Risk Management POINTS: REFERENCES:
1 H1: The Risk Management Framework H2: Defining the Organization’s Risk Tolerance and Risk Appetite p. 126 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 29. Pervasive risk is the amount of risk that remains to an information asset even after the organization has applied its desired level of controls. _____ ANSWER: False - Residual POINTS: 1 REFERENCES: p. 126 H1: The Risk Management Framework H2: Defining the Organization’s Risk Tolerance and Risk Appetite QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 30. Risk perception is the assessment of the amount of risk an organization is willing to accept for a particular information asset, typically part of the risk appetite. _____ ANSWER: False - tolerance POINTS: 1 REFERENCES: H1: The Risk Management Framework H2: Defining the Organization’s Risk Tolerance and Risk Appetite p. 127 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 5/5/2021 6:21 PM DATE MODIFIED: 5/5/2021 6:22 PM 31. Risk analysis is the enumeration and documentation of risks to an organization's information assets. _____ ANSWER: False - identification POINTS: 1 Page 10
Name:
Class:
Date:
Module 4 Risk Management REFERENCES:
p. 129 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:09 PM 32. Within data classification schemes, it is important that all categories used be unique and mutually exclusive. _____ ANSWER: False - comprehensive POINTS: 1 REFERENCES: p. 135 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:10 PM 33. One way to determine which information assets are valuable is by evaluating which information asset(s) would expose the company to liability or embarrassment if revealed. _____ ANSWER: True POINTS: 1 REFERENCES: p. 135 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:11 PM 34. Each of the threats faced by an organization must be evaluated, including determining the threat's potential to endanger the organization, which is known as a threat prioritization. _____ ANSWER: False - assessment POINTS: 1 REFERENCES: p. 136 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Modified True / False Page 11
Name:
Class:
Date:
Module 4 Risk Management HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 35. Risk mitigation is the process of assigning a risk rating or score to each information asset. _____ ANSWER: False - assessment POINTS: 1 REFERENCES: p. 136 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 36. Likelihood is the probability that a specific vulnerability within an organization will be the target of an attack. _____ ANSWER: True POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Analysis p. 144 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.5 - List the functions and structure of the endocrine system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 37. The mitigation risk treatment strategy applies controls and safeguards that eliminate or reduce the remaining uncontrolled risk. _____ ANSWER: True POINTS: 1 REFERENCES: p. 152 H1: Risk Treatment/Risk Response QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.6 - Describe various options for a risk treatment strategy DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:12 PM Page 12
Name:
Class:
Date:
Module 4 Risk Management 38. The computed value of the ALE compares the costs and benefits of a particular control alternative to determine whether the control is worth its cost. _____ ANSWER: False - cost-benefit analysis (CBA) False - cost-benefit analysis False - CBA POINTS: 1 REFERENCES: p. 159 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 39. Cost mitigation is the process of preventing the financial impact of an incident by implementing a control. _____ ANSWER: False - avoidance POINTS: 1 REFERENCES: p. 160 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 40. Exposure factor is the expected percentage of loss that would occur from a particular attack. _____ ANSWER: True POINTS: 1 REFERENCES: p. 163 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM Multiple Choice Page 13
Name:
Class:
Date:
Module 4 Risk Management 41. The concept of competitive _____ refers to falling behind the competition. a. disadvantage b. drawback c. failure d. shortcoming ANSWER: a POINTS: 1 REFERENCES: p. 123 H1: Introduction To Risk Management QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:17 PM 42. Risk _____ is the application of security mechanisms to reduce the risks to an organization’s data and information systems. a. avoidance b. treatment c. identification d. assessment ANSWER: b POINTS: 1 REFERENCES: p. 123 H1: The Risk Management Framework QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.2 - Explain the risk management framework and process model, including major components DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:16 PM 43. Risk _____ is the identification, analysis, and evaluation of risk as initial parts of risk management. a. management b. assessment c. identification d. control ANSWER: b POINTS: 1 REFERENCES: p. 123 H1: The Risk Management Framework QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.2 - Explain the risk management framework and process model, including major components DATE CREATED: 5/5/2021 6:26 PM DATE MODIFIED: 5/5/2021 6:27 PM 44. The risk management (RM) _____ is the overall structure of the strategic planning and design for the entirety of the organization’s RM efforts. Page 14
Name:
Class:
Date:
Module 4 Risk Management a. assessment c. acceptance ANSWER: POINTS: REFERENCES:
b. framework d. treatment b 1 H1: The Risk Management Framework p. 123 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 5/5/2021 6:30 PM DATE MODIFIED: 5/5/2021 6:32 PM 45. Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. a. benefit b. appetite c. acceptance d. residual ANSWER: b POINTS: 1 REFERENCES: p. 126 H1: The Risk Management Framework H2: Defining the Organization’s Risk Tolerance and Risk Appetite QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:17 PM 46. Risk _____ is the assessment of the amount of risk an organization is willing to accept for a particular information asset, typically synthesized into the organization’s overall risk appetite. a. benefit b. baseline c. tolerance d. residual ANSWER: c POINTS: 1 REFERENCES: p. 126 H1: The Risk Management Framework H2: Defining the Organization’s Risk Tolerance and Risk Appetite QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 5/5/2021 6:35 PM DATE MODIFIED: 5/5/2021 6:37 PM Page 15
Name:
Class:
Date:
Module 4 Risk Management 47. The first phase of the risk management process is _____. a. risk identification b. forming the risk management planning team c. risk control d. risk evaluation ANSWER: a POINTS: 1 REFERENCES: p. 129 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:21 PM 48. Understanding the _____ context means understanding the impact of elements such as the business environment, the legal/regulatory/compliance environment, as well as the threat environment. a. external b. design c. internal d. risk evaluation ANSWER: a POINTS: 1 REFERENCES: H1: The Risk Management Process H2: RM Process Preparation—Establishing the Context p. 129 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/5/2021 6:39 PM DATE MODIFIED: 5/5/2021 6:45 PM 49. Understanding the _____ context means understanding elements that could impact or influence the RM process such as the organization’s governance structure (or lack thereof), the organization’s internal stakeholders, as well as the organization’s culture. a. external b. design c. internal d. risk evaluation ANSWER: c POINTS: 1 REFERENCES: H1: The Risk Management Process H2: RM Process Preparation—Establishing the Context p. 129 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/5/2021 6:42 PM DATE MODIFIED: 5/5/2021 6:44 PM Page 16
Name:
Class:
Date:
Module 4 Risk Management 50. Which of the following is NOT one of the categories recommended for categorizing information assets? a. Firmware b. Procedures c. People d. Hardware ANSWER: a POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Identification p. 131 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/5/2021 6:49 PM DATE MODIFIED: 5/17/2021 7:21 PM 51. _____ addresses are sometimes called electronic serial numbers or hardware addresses. a. HTTP b. IP c. DHCP d. MAC ANSWER: d POINTS: 1 REFERENCES: p. 132 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:17 PM 52. A(n) _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. a. IP b. FCO c. CTO d. HTTP ANSWER: b POINTS: 1 REFERENCES: p. 133 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:17 PM 53. A(n) _____ scheme is a formal access control methodology used to assign a level of confidentiality to an information Page 17
Name:
Class:
Date:
Module 4 Risk Management asset and thus restrict the number of people who can access it. a. security clearance b. data recovery c. risk management d. data classification ANSWER: d POINTS: 1 REFERENCES: p. 134 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/5/2021 6:53 PM 54. As each information asset is identified, categorized, and classified, a(n) _____ value must be assigned to it. a. secondary b. significant c. positional d. relative ANSWER: d POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Identification p. 135 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/5/2021 6:54 PM DATE MODIFIED: 5/5/2021 6:56 PM 55. A threat _____ is an evaluation of the threats to information assets, including a determination of their likelihood of occurrence and potential impact of an attack. a. review b. search c. investigation d. assessment ANSWER: d POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Identification p. 136 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/5/2021 6:57 PM DATE MODIFIED: 5/17/2021 7:22 PM 56. In a _____, assets or threats can be prioritized by identifying criteria with differing levels of importance, assigning a Page 18
Name:
Class:
Date:
Module 4 Risk Management score for each of the criteria, and then summing and ranking those scores. a. threat assessment b. risk management program c. weighted table analysis d. data classification scheme ANSWER: c POINTS: 1 REFERENCES: p. 139 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:23 PM 57. Flaws or weaknesses in an information asset, security procedure, design, or control that can be exploited accidentally or on purpose to breach security are known as _____. a. threats b. exploits c. vulnerabilities d. events ANSWER: c POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Identification p. 140 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/5/2021 7:02 PM DATE MODIFIED: 5/5/2021 7:04 PM 58. In the TVA worksheet, assets are placed into a matrix with threats and then the exposure of the assets to specific threats is explored by documenting _____. a. variables b. verifications c. vulnerabilities d. value ANSWER: c POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Identification p. 141 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/5/2021 7:09 PM DATE MODIFIED: 5/17/2021 7:23 PM Page 19
Name:
Class:
Date:
Module 4 Risk Management 59. Risk _____ is a determination of the extent to which an organization’s information assets are exposed to risk. a. interpretation b. analysis c. exploration d. declaration ANSWER: b POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Analysis p. 142 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.5 - List the functions and structure of the endocrine system. DATE CREATED: 5/5/2021 7:13 PM DATE MODIFIED: 5/5/2021 7:15 PM 60. The probability that a specific vulnerability within an organization will be attacked by a threat is known as _____ a. determinism b. likelihood c. externality d. potential ANSWER: b POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Analysis p. 144 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.5 - List the functions and structure of the endocrine system. DATE CREATED: 5/5/2021 7:16 PM DATE MODIFIED: 5/5/2021 7:18 PM 61. _____ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty. a. Loss magnitude b. Risk c. Loss frequency d. Loss ANSWER: b POINTS: 1 REFERENCES: p. 147 H1: The Risk Management Process H2: Risk Assessment: Risk Analysis QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.5 - List the functions and structure of the endocrine system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:17 PM 62. The _____ risk treatment strategy attempts to eliminate or reduce any remaining uncontrolled risk through the Page 20
Name:
Class:
Date:
Module 4 Risk Management application of additional controls and safeguards. a. termination b. mitigation c. transference d. acceptance ANSWER: b POINTS: 1 REFERENCES: p. 152 H1: Risk Treatment/Risk Response H2: Risk Mitigation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.6 - Describe various options for a risk treatment strategy DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:24 PM 63. The _____ risk treatment strategy attempts to shift risk to other assets, other processes, or other organizations. a. transference b. defense c. acceptance d. mitigation ANSWER: a POINTS: 1 REFERENCES: p. 153 H1: Risk Treatment/Risk Response H2: Risk Transference QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.6 - Describe various options for a risk treatment strategy DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:26 PM 64. The _____ risk treatment strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. a. defense b. transference c. mitigation d. acceptance ANSWER: d POINTS: 1 REFERENCES: p. 154 H1: Risk Treatment/Risk Response H2: Risk Acceptance QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.04.6 - Describe various options for a risk treatment strategy DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:27 PM 65. The formal decision-making process used when considering the economic feasibility of implementing information Page 21
Name:
Class:
Date:
Module 4 Risk Management security controls and safeguards is called a(n) _____. a. ARO b. CBA c. ALE d. SLE ANSWER: b POINTS: 1 REFERENCES: p. 160 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 66. _____ is simply how often you expect a specific type of attack to occur. a. ARO b. CBA c. ALE d. SLE ANSWER: a POINTS: 1 REFERENCES: p. 163 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM Completion 67. _____ is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. ANSWER: Risk management POINTS: 1 REFERENCES: p. 122 H1: Introduction To Risk Management H2: Sun Tzu and the Art of Risk Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 68. _____ include information and the systems that use, store, and transmit information. Page 22
Name:
Class:
Date:
Module 4 Risk Management ANSWER: POINTS: REFERENCES:
Information assets 1 p. 122 H1: Introduction To Risk Management H2: Sun Tzu and the Art of Risk Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 69. _____ involves four major undertakings: risk identification, risk analysis, risk evaluation, and risk treatment/control. ANSWER: Risk management POINTS: 1 REFERENCES: p. 123 H1: The Risk Management Framework QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.2 - Explain the risk management framework and process model, including major components DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:29 PM 70. You can determine the relative risk for each of the organization's information assets using a process called risk _____, which combines risk identification, risk analysis and risk evaluation. ANSWER: assessment POINTS: 1 REFERENCES: p. 123 H1: The Risk Management Framework QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.2 - Explain the risk management framework and process model, including major components DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/17/2021 7:30 PM 71. Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoff s between perfect security and unlimited accessibility. ANSWER: appetite POINTS: 1 REFERENCES: H1: The Risk Management Framework Page 23
Name:
Class:
Date:
Module 4 Risk Management p. 126 H2: Defining the Organization’s Risk Tolerance and Risk Appetite QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 5/7/2021 3:40 PM DATE MODIFIED: 5/7/2021 3:42 PM 72. Risk _____ is the assessment of the amount of risk an organization is willing to accept for a particular information asset, typically synthesized into the organization’s overall risk appetite. ANSWER: tolerance POINTS: 1 REFERENCES: H1: The Risk Management Framework p. 126 H2: Defining the Organization’s Risk Tolerance and Risk Appetite QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.3 - Define risk appetite and explain how it relates to residual risk DATE CREATED: 5/7/2021 3:43 PM DATE MODIFIED: 5/7/2021 3:44 PM 73. When deciding which information assets to track, consider the following asset attributes: people, _____, data, software, and hardware. ANSWER: procedures POINTS: 1 REFERENCES: p. 130 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 74. A data _____ scheme is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it. ANSWER: classification POINTS: 1 REFERENCES: H1: The Risk Management Process Page 24
Name:
Class:
Date:
Module 4 Risk Management H2: Risk Assessment: Risk Identification p. 134 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/7/2021 3:46 PM DATE MODIFIED: 5/17/2021 7:32 PM 75. A threat _____ is an evaluation of the threats to information assets, including a determination of their likelihood of occurrence and potential impact of an attack. ANSWER: assessment POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Identification p. 136 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/7/2021 3:48 PM DATE MODIFIED: 5/7/2021 3:49 PM 76. Once the inventory and value assessment are complete, you can prioritize each asset using a straightforward process known as _____ analysis. ANSWER: weighted factor weighted table POINTS: 1 REFERENCES: p. 139 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 77. After identifying and performing the preliminary classification of an organization’s information assets, the analysis phase moves on to an examination of the _____ facing the organization. ANSWER: threats POINTS: 1 REFERENCES: p. 140 H1: The Risk Management Process H2: Risk Assessment: Risk Identification Page 25
Name:
Class:
Date:
Module 4 Risk Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 78. Flaws or weaknesses in an information asset, security procedure, design, or control that can be exploited accidentally or on purpose to breach security are known as _____. ANSWER: vulnerabilities POINTS: 1 REFERENCES: p. 140 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/7/2021 3:49 PM DATE MODIFIED: 5/7/2021 3:50 PM 79. Risk _____ is a determination of the extent to which an organization’s information assets are exposed to risk. ANSWER: analysis POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Analysis p. 142 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.5 - List the functions and structure of the endocrine system. DATE CREATED: 5/7/2021 4:02 PM DATE MODIFIED: 5/7/2021 4:03 PM 80. _____ is the probability that a specific vulnerability within an organization's assets will be successfully attacked. ANSWER: Likelihood POINTS: 1 REFERENCES: H1: The Risk Management Process H2: Risk Assessment: Risk Analysis p. 144 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.5 - List the functions and structure of the endocrine system. Page 26
Name:
Class:
Date:
Module 4 Risk Management DATE CREATED: DATE MODIFIED:
9/14/2016 10:43 AM 4/28/2021 7:16 PM
81. The _____ treatment strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. ANSWER: mitigation POINTS: 1 REFERENCES: p. 152 H1: Risk Treatment/Risk Response H2: Risk Mitigation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.5 - List the functions and structure of the endocrine system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/3/2021 8:30 PM 82. Cost _____ is the process of preventing the financial impact of an incident by implementing a control. ANSWER: avoidance POINTS: 1 REFERENCES: p. 160 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 83. _____ is the process of assigning financial value or worth to each information asset. ANSWER: Asset valuation Information asset valuation POINTS: 1 REFERENCES: p. 161 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM 84. A single loss _____ is the calculation of the value associated with the most likely loss from an attack. Page 27
Name:
Class:
Date:
Module 4 Risk Management ANSWER: POINTS: REFERENCES:
expectancy 1 p. 163 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 4/28/2021 7:16 PM Subjective Short Answer 85. According to Sun Tzu, what two things must be achieved to secure information assets successfully? ANSWER:
To reduce risk in an organization, the organization must know itself (including its assets and processes used to protect them) and know its enemy (the nature of the threats it faces). POINTS: 1 REFERENCES: p. 122 H1: Introduction to Risk Management H2: Sun Tzu and the Art of Risk Management QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.1 - Define risk management and describe its importance DATE CREATED: 5/7/2021 4:06 PM DATE MODIFIED: 5/7/2021 4:06 PM 86. Describe the TVA worksheet. What is it used for? ANSWER:
The TVA worksheet combines a prioritized list of assets and their vulnerabilities and a list that prioritizes threats facing the organization. The resulting grid provides a convenient method of examining the “exposure” of assets, allowing a simple vulnerability assessment.
POINTS: REFERENCES:
1 p. 141 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 5/7/2021 4:07 PM DATE MODIFIED: 5/7/2021 4:07 PM Page 28
Name:
Class:
Date:
Module 4 Risk Management 87. Describe residual risk. ANSWER:
Residual risk is the “leftover” risk that is not completely removed, shifted, or included in planning; it is the risk that remains after current controls are implemented.
POINTS: REFERENCES:
1 p. 157 H1: Managing Risk QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 5/7/2021 4:08 PM DATE MODIFIED: 5/7/2021 4:08 PM 88. What is the difference between intrinsic value and acquired value? ANSWER:
Intrinsic value is the essential worth of the asset under consideration; acquired value is the value beyond intrinsic value that some information assets acquire over time. POINTS: 1 REFERENCES: p. 161 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 5/7/2021 4:08 PM DATE MODIFIED: 5/7/2021 4:09 PM 89. Why do some argue that it is virtually impossible to accurately determine the true value of information and information-bearing assets? ANSWER:
POINTS: REFERENCES:
Some costs are easily determined but other costs are almost impossible to determine, such as the dollar value of the loss in market share if information on a firm’s new product offerings is released prematurely and the company loses its competitive edge. A further complication is that over time, some information assets acquire value that is beyond their essential or intrinsic value. This higher acquired value is the more appropriate value in most cases. 1 p. 161 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis Page 29
Name:
Class:
Date:
Module 4 Risk Management QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 5/17/2021 7:33 PM DATE MODIFIED: 5/17/2021 7:37 PM Essay 90. One of the first components of risk identification is identification, inventory, and categorization of assets, including all elements, or attributes, of an organization’s information system. List and describe these asset attributes. ANSWER: People comprise employees and nonemployees. Procedures fall into two categories: IT and business standard procedures, and IT and business-sensitive procedures. Data components account for the management of information in all its states: transmission, processing, and storage. Software components are assigned to one of three categories: applications, operating systems, or security components. Hardware is assigned to one of two categories: the usual systems devices and their peripherals, and the devices that are part of information security control systems. Hardware components are separated into two categories: devices and peripherals, and networks. POINTS: 1 REFERENCES: p. 130 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 3/8/2017 9:43 PM 91. When valuing information assets, what criteria could be considered in establishing or determining the value of the assets? ANSWER: Which information asset is most critical to the organization’s success? Which information asset generates the most revenue? Which of these assets plays the biggest role in generating revenue or delivering services? Which information asset would be the most expensive to replace? Which information asset would be the most expensive to protect? Which information asset would most expose the company to liability or embarrassment if revealed? POINTS:
1 Page 30
Name:
Class:
Date:
Module 4 Risk Management REFERENCES:
p. 135 H1: The Risk Management Process H2: Risk Assessment: Risk Identification QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.04.4 - Describe how risk is identified and documented DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 9/14/2016 10:43 AM 92. What is a cost-benefit analysis (CBA) and how can it be calculated? ANSWER: In its simplest definition, CBA (or economic feasibility) determines whether a particular control is worth its cost. CBAs may be calculated before a control or safeguard is implemented to determine if the control is worth implementing. While many techniques exist, the CBA is most easily calculated using the ALE from earlier assessments before implementation of the proposed control, which is known as ALE(prior). Subtract the revised ALE, which is estimated based on the control being in place; this revised value is known as ALE(post). Complete the calculation by subtracting the annualized cost of a safeguard (ACS). CBA = ALE(prior) - ALE(post) - ACS where the annualized loss expectancy equals the single loss expectancy multiplied by the annualized rate of occurrence. ALE = SLE x ARO and the single loss expectancy equals the exposure factor multiplied by the asset value, SLE = EF x AV. POINTS: REFERENCES:
1 p. 160 H1: Managing Risk H2: Feasibility and Cost-Benefit Analysis QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.04.7 - List the functions and structure of the circulatory system. DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 3/8/2017 9:45 PM
Page 31
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning True / False 1. The business impact analysis is a preparatory activity common to both CP and risk management. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 177 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 4:56 PM DATE MODIFIED: 6/14/2021 5:28 PM 2. An external event is an event with negative consequences that could threaten the organization’s information assets or operations; also referred to as an incident candidate. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 177 H1: Fundamentals Of Contingency Planning QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:03 PM DATE MODIFIED: 5/19/2021 5:05 PM 3. The continuity planning management team (CPMT) is the group of senior managers and project members organized to conduct and lead all contingency planning efforts. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 177 H1: Fundamentals Of Contingency Planning QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:06 PM Page 1
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE MODIFIED:
5/19/2021 5:08 PM
4. The disaster recovery planning team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization’s preparation, response, and recovery from disasters. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 179 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:09 PM DATE MODIFIED: 5/19/2021 5:10 PM 5. A business influence analysis (BIA) is an investigation and assessment of adverse events that can affect the organization. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 180 H2: Business Impact Analysis QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:20 PM DATE MODIFIED: 5/19/2021 5:21 PM 6. A business process is a task performed by an organization or one of its units in support of the organization’s overall mission and operations. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 181 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, Page 2
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE CREATED: DATE MODIFIED:
disaster recovery, and business continuity 5/19/2021 5:22 PM 5/19/2021 5:23 PM
7. A business process is a task performed by an organization or one of its units in support of the organization’s overall mission and operations. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 181 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:24 PM DATE MODIFIED: 5/19/2021 5:24 PM 8. A recovery time objective (RTO) is the total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 182 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:30 PM DATE MODIFIED: 6/3/2021 3:34 PM 9. The work recovery time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 183 Page 3
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:33 PM DATE MODIFIED: 5/19/2021 5:34 PM 10. The total time needed to place the business function back in service must be longer than the maximum tolerable downtime. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 184 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:36 PM DATE MODIFIED: 5/19/2021 5:37 PM 11. Prior to the development of each of the types of contingency planning documents, the CP team should work to develop the policy environment. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Contingency Planning Policies p. 185 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 5:40 PM DATE MODIFIED: 5/19/2021 5:43 PM 12. The computer security incident response team is composed solely of technical IT professionals who are prepared to detect, react to, and recover from an incident. a. True b. False ANSWER: False POINTS: 1 Page 4
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning REFERENCES:
H1: Incident Response p. 186 H2: Getting Started QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:11 PM DATE MODIFIED: 6/3/2021 3:34 PM 13. An incident is an adverse event that could result in a loss of information assets and threatens the viability of the entire organization. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 186 H1: Incident Response QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:07 PM DATE MODIFIED: 5/19/2021 6:08 PM 14. Incident response is an organization’s set of planning and preparation efforts for detecting, reacting to, and recovering from an incident. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 186 H1: Incident Response QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:10 PM DATE MODIFIED: 5/19/2021 6:11 PM 15. Procedures are planned for each identified incident scenario with incident handling procedures established for before and during the incident. a. True b. False ANSWER: False Page 5
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning POINTS: REFERENCES:
1 H1: Incident Response H2: Incident Response Planning p. 188 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:21 PM DATE MODIFIED: 5/19/2021 6:24 PM 16. Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 189 H1: Incident Response H2: Incident Response Planning QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 3/8/2017 6:30 PM 17. Incident classification is the process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Incident Response H2: Detecting Incidents p. 191 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:26 PM DATE MODIFIED: 6/3/2021 3:35 PM 18. Use of dormant accounts is a probable indicator of an actual incident. a. True b. False Page 6
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning ANSWER: POINTS: REFERENCES:
False 1 H1: Incident Response H2: Detecting Incidents p. 191 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:30 PM DATE MODIFIED: 5/19/2021 6:32 PM 19. Changes to systems logs are a possible indicator of an actual incident. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Incident Response H2: Detecting Incidents p. 191 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:32 PM DATE MODIFIED: 5/19/2021 6:35 PM 20. Reported attacks are a probable indicator of an actual incident. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Incident Response H2: Detecting Incidents p. 192 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:35 PM DATE MODIFIED: 6/3/2021 3:35 PM 21. Two ways to activate an alert roster are simultaneously and in parallel. a. True Page 7
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning b. False ANSWER: POINTS: REFERENCES:
False 1 H1: Incident Response H2: Reacting to Incidents p. 193 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:38 PM DATE MODIFIED: 6/3/2021 3:36 PM 22. An alert message is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Incident Response H2: Reacting to Incidents p. 194 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:41 PM DATE MODIFIED: 6/3/2021 3:37 PM 23. Incident damage assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Incident Response H2: Recovering from Incidents p. 195 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:45 PM DATE MODIFIED: 5/19/2021 6:46 PM Page 8
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning 24. An after-action review is an opportunity for everyone who was involved in planning for an incident or disaster to sit down and discuss what will happen when the plan is implemented. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Incident Response H2: Recovering from Incidents p. 196 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:48 PM DATE MODIFIED: 6/3/2021 3:40 PM 25. The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: the two approaches are protect and forget, and apprehend and prosecute. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Incident Response H2: Recovering from Incidents p. 199 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 6:50 PM DATE MODIFIED: 6/3/2021 3:40 PM 26. Forensics can provide a determination of the source or origin of an event, problem, or issue like an incident. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Digital Forensics p. 200 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/19/2021 6:53 PM Page 9
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE MODIFIED:
6/3/2021 3:41 PM
27. An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 200 H1: Digital Forensics QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 28. Evidentiary material is any information that could potentially support an organization’s legal or policy-based case against a suspect. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 200 H1: Digital Forensics QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/19/2021 6:55 PM DATE MODIFIED: 5/19/2021 6:55 PM 29. Root cause analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 200 H1: Digital Forensics QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations Page 10
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE CREATED: DATE MODIFIED:
5/19/2021 6:56 PM 6/3/2021 3:41 PM
30. An affidavit is permission to search for evidentiary material at a specified location or to seize items to return to an investigator’s lab for examination. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Digital Forensics p. 201 H2: Affidavits and Search Warrants QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/19/2021 6:57 PM DATE MODIFIED: 6/3/2021 3:42 PM 31. An affidavit is a sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Digital Forensics p. 201 H2: Affidavits and Search Warrants QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/19/2021 7:00 PM DATE MODIFIED: 6/3/2021 3:42 PM 32. The chain of evidence is the detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Digital Forensics H2: Digital Forensics Methodology p. 204 QUESTION TYPE: True / False Page 11
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/19/2021 7:02 PM DATE MODIFIED: 5/19/2021 7:03 PM 33. A disaster recovery plan shows the organization’s intended efforts to establish operations at an alternate site in the aftermath of a disaster. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Disaster Recovery p. 206 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 6/3/2021 3:43 PM 34. Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Disaster Recovery p. 209 H2: Disaster Classification QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:05 PM DATE MODIFIED: 5/19/2021 7:07 PM 35. A rapid-onset disaster is one that gradually degrades the capacity of an organization to withstand their effects. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Disaster Recovery p. 209 H2: Disaster Classification Page 12
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:08 PM DATE MODIFIED: 6/3/2021 3:44 PM 36. A cold site provides many of the same services and options of a hot site, but at a lower cost. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 214 H1: Business Continuity H2: Continuity Strategies QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 37. Using a service bureau is a BC strategy in which an organization contracts with a service agency to provide a facility for a fee. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 214 H1: Business Continuity H2: Continuity Strategies QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:09 PM DATE MODIFIED: 5/19/2021 7:10 PM 38. Crisis response is an organization’s set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster. a. True b. False ANSWER: False POINTS: 1 Page 13
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning REFERENCES:
H1: Crisis Management p. 217 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.4 - Define the components of crisis management DATE CREATED: 6/3/2021 5:25 PM DATE MODIFIED: 6/3/2021 5:28 PM Modified True / False 39. The business impact analysis is a preparatory activity common to both CP and risk management, ANSWER: True POINTS: 1 REFERENCES: p. 177 H1: Fundamentals Of Contingency Planning QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:42 PM DATE MODIFIED: 5/19/2021 7:43 PM 40. A(n) alarming event is an event with negative consequences that could threaten the organization’s information assets or operations._____ ANSWER: False - adverse POINTS: 1 REFERENCES: p. 177 H1: Fundamentals Of Contingency Planning QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/19/2021 7:47 PM 41. The disaster recovery preparation team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization’s preparation, response, and recovery from disasters. _____ ANSWER: False - planning POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 179 QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 14
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:48 PM DATE MODIFIED: 6/3/2021 3:45 PM 42. A business policy is a task performed by an organization or one of its units in support of the organization’s overall mission and operations. _____ ANSWER: False - process POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 181 H2: Business Impact Analysis QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:51 PM DATE MODIFIED: 5/19/2021 7:53 PM 43. The work response time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. _____ ANSWER: False - recovery POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 181 H2: Business Impact Analysis QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:55 PM DATE MODIFIED: 5/19/2021 7:56 PM 44. A(n) disaster is any adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. _____ ANSWER: False - incident POINTS: 1 REFERENCES: p. 186 H1: Incident Response H2: Getting Started QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 15
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/19/2021 7:46 PM 45. A(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. _____ ANSWER: False - business continuity (BC) False - business continuity False - BC POINTS: 1 REFERENCES: p. 212 H1: Business Continuity QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/19/2021 7:46 PM 46. The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. _____ ANSWER: True POINTS: 1 REFERENCES: p. 182 H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/19/2021 7:46 PM 47. Prior to the development of each of the types of contingency planning documents, the CP team should work to develop the policy environment. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Contingency Planning Policies p. 185 QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 16
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:57 PM DATE MODIFIED: 6/3/2021 3:46 PM 48. The process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. _____ ANSWER: True POINTS: 1 REFERENCES: p. 191 H1: Incident Response H2: Detecting Incidents QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/19/2021 7:46 PM 49. Reported attacks are a definite indicator of an actual incident. _____ ANSWER: False - probable POINTS: 1 REFERENCES: H1: Incident Response H2: Detecting Incidents p. 192 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 8:00 PM DATE MODIFIED: 5/19/2021 8:01 PM 50. A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. _____ ANSWER: False - hierarchical POINTS: 1 REFERENCES: p. 193 H1: Incident Response H2: Reacting To Incidents QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 17
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/19/2021 7:46 PM 51. Incident detail assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets. _____ ANSWER: False - damage POINTS: 1 REFERENCES: H1: Incident Response H2: Recovering from Incidents p. 195 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 8:02 PM DATE MODIFIED: 5/19/2021 8:04 PM 52. The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: protect and forget or apprehend and prosecute _____ ANSWER: True POINTS: 1 REFERENCES: p. 199 H1: Incident Response H2: Recovering from Incidents QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 6/3/2021 3:49 PM 53. A service bureau is an agency that provides a service for a fee. _____ ANSWER: True POINTS: 1 REFERENCES: p. 214 H1: Business Continuity H2: Continuity Strategies QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, Page 18
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE CREATED: DATE MODIFIED:
disaster recovery, and business continuity 9/14/2016 10:38 AM 5/19/2021 7:46 PM
54. A(n) disaster recovery plan includes the steps necessary to ensure the continuation of the organization when a disaster’s scope or scale exceeds the ability of the organization to restore operations, usually through relocation of critical business functions to an alternate location. _____ ANSWER: False - business continuity (BC) False - business continuity False - BC POINTS: 1 REFERENCES: p. 212 H1: Business Continuity QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/19/2021 7:46 PM 55. An after-action re-assessment is an opportunity for everyone who was involved in an incident or disaster to sit down and discuss what happened. _____ ANSWER: False - review POINTS: 1 REFERENCES: H1: Incident Response H2: Recovering from Incidents p. 196 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 8:05 PM DATE MODIFIED: 5/19/2021 8:07 PM 56. A planning check is a testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster. _____ ANSWER: False - desk POINTS: 1 REFERENCES: p. 217 H1: Crisis Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 19
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning LEARNING OBJECTIVES: POIS.WHMA.22.05.4 - Define the components of crisis management DATE CREATED: 6/3/2021 5:30 PM DATE MODIFIED: 6/3/2021 5:31 PM Multiple Choice 57. Which type of organizations should prepare for the unexpected? a. Organizations of every size and purpose should also prepare for the unexpected. b. Large organizations which have many assets at risk. c. Small organizations that can easily recover. d. Only those without good insurance. ANSWER: a POINTS: 1 REFERENCES: H1: Introduction To Incident Response And Contingency Planning p. 176 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.1 - Discuss the need for contingency planning DATE CREATED: 5/20/2021 10:44 AM DATE MODIFIED: 6/3/2021 3:50 PM 58. Ideally, the _____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components a. chief information officer (CIO) b. chief executive officer (CEO) c. chief financial officer (CFO) d. senior auditor ANSWER: a POINTS: 1 REFERENCES: p. 177 H1: Fundamentals Of Contingency Planning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/20/2021 10:41 AM DATE MODIFIED: 5/20/2021 10:43 AM 59. The CPMT should include a _____ who is a high-level manager to support, promote, and endorse the findings of the project and could be the COO or (ideally) the CEO/president. a. champion b. executive-in-charge c. project manager d. project instigator ANSWER: a POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 178 Page 20
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/20/2021 10:48 AM DATE MODIFIED: 5/20/2021 10:51 AM 60. Which if these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams? a. To spread the work out among b. So individuals don't find themselves with different responsibilities in more people. different locations at the same time. c. To allow people to specialize d. To avoid cross-division rivalries. in one area. ANSWER: b POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning p. 179 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/20/2021 10:53 AM DATE MODIFIED: 6/3/2021 3:50 PM 61. The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? a. Determine mission/business processes and recovery b. Identify recovery priorities for system criticality resources c. Identify resource requirements d. All of these are BIA stages ANSWER: d POINTS: 1 REFERENCES: p. 181 H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/20/2021 10:38 AM 62. A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____. a. controls have been bypassed b. controls have proven ineffective c. controls have failed d. All of the above ANSWER: d Page 21
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning POINTS: REFERENCES:
1 p. 181 H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 63. The point in time before a disruption or system outage to which business process data can be recovered after an outage is ____. a. recovery time objective (RTO) b. recovery point objective (RPO) c. work recovery time (WRT) d. maximum tolerable downtime (MTD) ANSWER: b POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 182 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/20/2021 5:56 PM DATE MODIFIED: 5/20/2021 5:57 PM 64. The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources is ____. a. recovery time objective (RTO) b. recovery point objective (RPO) c. work recovery time (WRT) d. maximum tolerable downtime (MTD) ANSWER: a POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 182 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity Page 22
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE CREATED: DATE MODIFIED:
5/20/2021 5:58 PM 5/20/2021 5:59 PM
65. The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption is _____. a. recovery time objective (RTO) b. recovery point objective (RPO) c. work recovery time (WRT) d. maximum tolerable downtime (MTD) ANSWER: d POINTS: 1 REFERENCES: H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis p. 183 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/20/2021 5:53 PM DATE MODIFIED: 5/20/2021 5:57 PM 66. The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____. a. off-site storage b. remote journaling c. electronic vaulting d. database shadowing ANSWER: c POINTS: 1 REFERENCES: p. 189 H1: Incident Response H2: Incident Response Planning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 67. Most common data backup schemes involve ______. a. RAID b. disk-to-disk-to-cloud c. neither a nor b d. both a and/or b ANSWER: d POINTS: 1 REFERENCES: H1: Incident Response Page 23
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning H2: Incident Response Policy p. 189 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/3/2020 6:52 PM DATE MODIFIED: 6/15/2021 8:28 PM 68. The transfer of transaction data in real time to an off-site facility is called ____. a. off-site storage b. remote journaling c. electronic vaulting d. database shadowing ANSWER: b POINTS: 1 REFERENCES: p. 189 H1: Incident Response H2: Incident Response Planning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 1/2/2017 2:36 PM DATE MODIFIED: 3/8/2017 6:39 PM 69. The storage of duplicate online transaction data, along with the duplication of the databases, at a remote site on a redundant server is called _____. a. application recovery b. electronic vaulting c. remote journaling d. database shadowing ANSWER: d POINTS: 1 REFERENCES: H1: Incident Response H2: Incident Response Planning p. 189 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/3/2020 7:13 PM DATE MODIFIED: 5/20/2021 10:25 AM 70. An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor with a ____ backup strategy. a. disk-to-disk-to-tape b. differential c. RAID d. disk-to-disk-to-cloud ANSWER: d Page 24
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning POINTS: REFERENCES:
1 H1: Incident Response H2: Incident Response Planning p. 189 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 4/16/2020 9:59 AM DATE MODIFIED: 5/20/2021 10:26 AM 71. ____ uses a number of hard drives to store information across multiple drive units. a. Legacy backup b. RAID c. Continuous database protection d. Virtualization ANSWER: b POINTS: 1 REFERENCES: H1: Incident Response H2: Incident Response Planning p. 189 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 4/16/2020 9:59 AM DATE MODIFIED: 5/20/2021 10:26 AM 72. The most common schedule for tape-based backup is a _____ backup, either incremental or differential, with a weekly off-site full backup. a. daily on-site b. hourly off-site c. 12-hour on-site d. daily off-site ANSWER: a POINTS: 1 REFERENCES: H1: Incident Response H2: Incident Response Planning p. 190 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/3/2020 7:04 PM DATE MODIFIED: 5/20/2021 10:22 AM 73. A(n) _____ is a document containing contact information for the people to be notified in the event of an incident. a. emergency notification system b. alert roster c. phone list d. call registry Page 25
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning ANSWER: POINTS: REFERENCES:
b 1 p. 193 H1: Incident Response H2: Reacting To Incidents QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 6/3/2021 3:54 PM 74. _____ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident. a. Damage assessment b. Containment development c. Incident response d. Disaster assessment ANSWER: a POINTS: 1 REFERENCES: p. 195 H1: Incident Response H2: Recovering from Incidents QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:21 PM 75. Data backup should be based on a(n) ____ policy that specifies how long log data should be maintained. a. replication b. business resumption c. incident response d. retention ANSWER: d POINTS: 1 REFERENCES: H1: Incident Response H2: Recovering from Incidents p. 197 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 4/16/2020 9:59 AM DATE MODIFIED: 5/20/2021 10:23 AM 76. A crime involving digital media, computer technology, or related components may best be called an act of _____. a. computer theft Page 26
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning b. digital abuse c. computer trespass d. digital malfeasance ANSWER: POINTS: REFERENCES:
d 1 p. 200 H1: Digital Forensics QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/20/2021 6:05 PM DATE MODIFIED: 6/14/2021 5:28 PM 77. The sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place is called a(n) _____. a. writ of habeus corpus b. search warrant c. sworn warrant d. affidavit ANSWER: d POINTS: 1 REFERENCES: H1: Digital Forensics p. 201 H2: Affidavits and Search Warrants QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/20/2021 6:08 PM DATE MODIFIED: 5/20/2021 6:09 PM 78. Digital forensics involves the _____, identification, extraction, documentation, and interpretation of digital media. a. investigation b. determination c. confiscation d. preservation ANSWER: d POINTS: 1 REFERENCES: p. 200 H1: Digital Forensics QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics Page 27
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE CREATED: DATE MODIFIED:
investigations 5/20/2021 6:03 PM 6/3/2021 3:56 PM
79. The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____. a. chain of evidence b. search warrant c. audit trail d. evidence affidavit ANSWER: a POINTS: 1 REFERENCES: H1: Digital Forensics H2: Digital Forensics Methodology p. 204 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/20/2021 6:11 PM DATE MODIFIED: 5/20/2021 6:12 PM 80. The process of examining an adverse event or incident and determining whether it constitutes an actual disaster is known as _____. a. disaster indication b. incident review c. disaster classification d. event escalation ANSWER: c POINTS: 1 REFERENCES: p. 209 H1: Disaster Recovery H2: Disaster Classification QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/20/2021 6:13 PM DATE MODIFIED: 5/20/2021 6:15 PM 81. A ____ site provides only rudimentary services and facilities. a. commercial b. warm c. hot d. cold ANSWER: d Page 28
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning POINTS: REFERENCES:
1 p. 214 H1: Business Continuity H2: Continuity Strategies QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 9/14/2016 10:38 AM 82. A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice. a. mobile site b. cold site c. service bureau d. hot site ANSWER: d POINTS: 1 REFERENCES: 214 H1: Digital Forensics H2: Continuity Strategies QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 4/16/2020 9:59 AM DATE MODIFIED: 1/6/2021 3:00 PM 83. A potential disadvantage of a timeshare site-resumption strategy is: a. more than one organization might need the facility
b. more expensive than other options d. all of the above
c. requires additional investment in time and technology to get up to speed in the event of a disaster ANSWER: a POINTS: 1 REFERENCES: H1: Business Continuity H2: Continuity Strategies p. 214 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 4/16/2020 9:59 AM DATE MODIFIED: 6/3/2021 3:58 PM
Page 29
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning 84. A ____ is an agency that provides physical facilities in the event of a disaster for a fee. a. time-share b. service bureau c. cold site d. mobile site ANSWER: b POINTS: 1 REFERENCES: H1: Business Continuity H2: Continuity Strategies p. 214 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 4/16/2020 9:59 AM DATE MODIFIED: 5/20/2021 10:33 AM 85. A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor. a. memorandum of understanding b. mutual agreement c. service agreement d. time-share agreement ANSWER: c POINTS: 1 REFERENCES: H1: Business Continuity H2: Continuity Strategies p. 215 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 4/16/2020 9:59 AM DATE MODIFIED: 5/20/2021 10:35 AM 86. Each of the following is a role for the crisis management response team EXCEPT: a. Informing local emergency services to respond to the crisis b. Keeping the public informed about the event c. Communicating with major customers and other stakeholders d. Supporting personnel and their loved ones during the crisis ANSWER: a POINTS: 1 REFERENCES: p. 217 H1: Crisis Management QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.05.4 - Define the components of crisis management DATE CREATED: 6/3/2021 5:32 PM Page 30
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE MODIFIED:
6/3/2021 5:35 PM
Completion 87. The business _____ analysis is a preparatory activity common to both CP and risk management, ANSWER: impact POINTS: 1 REFERENCES: p. 177 H1: Fundamentals Of Contingency Planning QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/25/2021 8:09 PM DATE MODIFIED: 5/25/2021 8:10 PM 88. A business _____ is a task performed by an organization or one of its units in support of the organization’s overall mission and operations. ANSWER: process POINTS: 1 REFERENCES: p. 181 H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/25/2021 8:11 PM DATE MODIFIED: 5/25/2021 8:12 PM 89. The _____ recovery time is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. ANSWER: work POINTS: 1 REFERENCES: p. 183 H1: Fundamentals Of Contingency Planning H2: Business Impact Analysis QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/25/2021 8:13 PM Page 31
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE MODIFIED:
6/3/2021 3:59 PM
90. Prior to the development of each of the types of contingency planning documents, the CP team should work to develop the corresponding _____ environment. ANSWER: policy POINTS: 1 REFERENCES: p. 185 H1: Fundamentals Of Contingency Planning H2: Contingency Planning Policies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/25/2021 8:15 PM DATE MODIFIED: 5/25/2021 8:16 PM 91. A(n) _____ is an adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. ANSWER: incident POINTS: 1 REFERENCES: p. 186 H1: Incident Response QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 92. Incident _____ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets. ANSWER: response POINTS: 1 REFERENCES: p. 186 H1: Incident Response QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM Page 32
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning 93. The transfer of live transactions in real time to an off-site facility is called _____. ANSWER: remote journaling POINTS: 1 REFERENCES: p. 189 H1: Incident Response H2: Incident Response Planning QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 94. Incident _____ is the process of examining a potential incident, or incident candidate, and determining whether the candidate constitutes an actual incident. ANSWER: classification POINTS: 1 REFERENCES: p. 191 H1: Incident Response H2: Detecting Incidents QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 95. As they are a definite indicator of an incident, many organizations have policies that prohibit the installation of _____ tools without the written permission of the CISO. ANSWER: hacker hacking POINTS: 1 REFERENCES: p. 192 H1: Incident Response H2: Detecting Incidents QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 6/3/2021 4:00 PM Page 33
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning 96. A(n) _____ is a scripted description of an incident—usually just enough information so that each individual knows what portion of the IRP to implement, and not enough to slow down the notification process. ANSWER: alert message POINTS: 1 REFERENCES: p. 194 H1: Incident Response H2: Reacting to Incidents QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 97. Incident _____ assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets. ANSWER: damage POINTS: 1 REFERENCES: p. 195 H1: Incident Response H2: Recovering from Incidents QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/25/2021 8:18 PM DATE MODIFIED: 5/25/2021 8:18 PM 98. A(n) _____ is a detailed examination of the events that occurred during an incident or disaster, from first detection to final recovery. ANSWER: AAR after-action review AAR (after-action review) after-action review (AAR) POINTS: 1 REFERENCES: p. 196 H1: Incident Response H2: Recovering from Incidents QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity Page 34
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE CREATED: DATE MODIFIED:
9/14/2016 10:38 AM 6/3/2021 4:01 PM
99. Digital _____ is the process of collecting, analyzing, and preserving computer-related evidence. ANSWER: forensics POINTS: 1 REFERENCES: p. 200 H1: Digital Forensics QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 5/19/2021 4:43 PM 100. Of the three types of mitigation plans, the _____ plan is the most strategic and long-term, as it focuses on the steps to ensure the continuation of the organization. ANSWER: BC Business Continuity BC (business continuity) business continuity (BC) POINTS: 1 REFERENCES: p. 212 H1: Business Continuity QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 5/19/2021 7:47 PM 101. A(n) _____ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. ANSWER: business continuity business continuity (BC) BC POINTS: 1 REFERENCES: p. 212 H1: Business Continuity QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity Page 35
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning DATE CREATED: DATE MODIFIED:
9/14/2016 10:38 AM 4/17/2021 2:20 PM
102. A(n) _____ site is a fully configured computer facility with all services, communications links, and physical plant operations provided, including heating and air conditioning. ANSWER: hot POINTS: 1 REFERENCES: p. 214 H1: Business Continuity H2: Continuity Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 103. A(n) _____ is a contract between two or more organizations that specifies how each will assist the other in the event of a disaster. ANSWER: mutual agreement POINTS: 1 REFERENCES: p. 214 H1: Business Continuity H2: Continuity Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM 104. _____ management is an organization’s set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster. ANSWER: Crisis POINTS: 1 REFERENCES: H1: Crisis Management p. 217 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.4 - Define the components of crisis management DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 4/17/2021 2:20 PM Page 36
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning 105. _____ material is any information that could potentially support an organization’s legal or policy-based case against a suspect. ANSWER: Evidentiary POINTS: 1 REFERENCES: p. 200 H1: Digital Forensics QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/25/2021 8:20 PM DATE MODIFIED: 5/25/2021 8:21 PM 106. Disaster _____ is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. ANSWER: classification POINTS: 1 REFERENCES: H1: Disaster Recovery H2: Disaster Classification p. 209 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/25/2021 8:22 PM DATE MODIFIED: 5/25/2021 8:22 PM 107. The CMPT should include individuals from all functional areas of the organization in order to _____ communications and cooperation. ANSWER: facilitate POINTS: 1 REFERENCES: p. 217 H1: Crisis Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.4 - Define the components of crisis management DATE CREATED: 6/3/2021 5:36 PM DATE MODIFIED: 6/3/2021 5:37 PM Essay Page 37
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning 108. Compare electronic vaulting and remote journaling. ANSWER: The transfer of large batches of data to an off-site facility is called electronic vaulting. The transfer of live transactions to an off-site facility is called remote journaling. It differs from electronic vaulting in that 1) only transactions are transferred, not archived data, and 2) the transfer is in real time. Electronic vaulting is much like a traditional backup, with a dump of data to the off-site storage, but remote journaling involves activities on a systems level, much like server fault tolerance, with the data written to two locations simultaneously. POINTS: 1 REFERENCES: p. 189 H1: Incident Response H2: Incident Response Planning QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 9/14/2016 10:38 AM DATE MODIFIED: 3/8/2017 6:46 PM 109. Summarize the strategies that can be chosen by an organization when planning for business continuity. ANSWER: The determining factor when selecting a strategy is usually cost. In general, organizations have three exclusive options: hot sites, warm sites, and cold sites. Options are also available for three shared functions: time-shares, service bureaus, and mutual agreements. POINTS: REFERENCES:
1 p. 214 H1: Business Continuity H2: Continuity Strategies QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 1/2/2017 3:33 PM DATE MODIFIED: 1/2/2017 3:35 PM Subjective Short Answer 110. Which two communities of interest are usually associated with contingency planning? Which community must give authority to ensure broad support for the plans? ANSWER:
POINTS:
Most often, the information technology and information security communities are involved in contingency planning. The general business community must give authority to ensure broad support for the plans. 1 Page 38
Name:
Class:
Date:
Module 5 Incident Response and Contingency Planning REFERENCES:
p. 176 H1: Introduction To Incident Response And Contingency Planning QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.1 - Discuss the need for contingency planning DATE CREATED: 5/19/2021 7:13 PM DATE MODIFIED: 5/19/2021 7:15 PM 111. List and describe the criteria used to determine whether an actual incident is occurring. ANSWER: An actual incident is occurring if information assets are the targets of attack, if there is a good chance that the attack will succeed, and if the attack threatens the confidentiality, integrity, or availability of information resources. POINTS: 1 REFERENCES: p. 191 H1: Incident Response H2: Detecting Incidents QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.2 - Describe the major components of incident response, disaster recovery, and business continuity DATE CREATED: 5/19/2021 7:17 PM DATE MODIFIED: 5/19/2021 7:18 PM 112. When is digital forensics used in a business setting? ANSWER: Digital forensics is used in a business setting to investigate policy or legal violations by an employee, contractor, or outsider, and to investigate attacks on a physical asset or information asset. POINTS: 1 REFERENCES: p. 200 H1: Digital Forensics QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.05.3 - Identify the processes used in digital forensics investigations DATE CREATED: 5/19/2021 7:22 PM DATE MODIFIED: 5/19/2021 7:22 PM
Page 39
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security True / False 1. The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction To Law And Ethics In Information Security p. 224 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 2. A key difference between a policy and a law is that ignorance of a law is an acceptable defense. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction To Law And Ethics In Information Security H2: Policy Versus Law p. 225 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 5:41 PM 3. For policy to become enforceable, it only needs to be distributed, read, understood, and agreed to. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction To Law And Ethics In Information Security H2: Policy Versus Law p. 225 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:46 PM 4. Due care and due diligence require that an organization make a valid effort to protect others and continually maintain Page 1
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security this level of effort, ensuring these actions are effective. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Introduction To Law And Ethics In Information Security H2: Organizational Liability and the Need for Counsel p. 225 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 5. Criminal laws address activities and conduct harmful to society and are categorized as public law. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Introduction To Law And Ethics In Information Security H2: Types of Law p. 226 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 5:42 PM 6. The Computer Security Act of 1987, the cornerstone of many computer-related federal laws and enforcement effort, was originally written as an extension and clarification of the Comprehensive Crime Control Act of 1984. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Relevant U.S. Laws H2: General Computer Crime Laws p. 226 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 5:43 PM Page 2
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security 7. In the context of information security, confidentiality is the right of individuals or groups to protect themselves and their information from unauthorized access. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Relevant U.S. Laws H2: Privacy p. 227 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:47 PM 8. The FTC recommends that people place an initial fraud alert (among other things) when they suspect they are victims of identity theft. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 236 H1: Relevant U.S. Laws H2: Identity Theft QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 12/28/2016 3:05 PM DATE MODIFIED: 12/28/2016 3:06 PM 9. The Council of Europe Convention on Cybercrime has not been well received by advocates of intellectual property rights because it de-emphasizes prosecution for copyright infringement. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: International Laws And Legal Bodies H2: Council of Europe Convention on Cybercrime p. 241 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.3 - Identify major national and international laws that affect the practice of information Identify special security controls and privacy considerations Page 3
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security DATE CREATED: DATE MODIFIED:
for personnel management security 9/14/2016 10:35 AM 5/10/2021 7:39 PM
10. The United States has implemented a version of the DMCA law called the Database Right, in order to comply with Directive 95/46/EC. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 242 H1: International Laws And Legal Bodies H2: Digital Millennium Copyright Act QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.3 - Identify major national and international laws that affect the practice of information Identify special security controls and privacy considerations for personnel management security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 11. Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality’s ethical behavior violates the ethics of another national group. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 243 H1: Ethics And Information Security H2: Ethical Differences Across Cultures QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 12. Cultural differences can make it difficult to determine what is ethical and not ethical between cultures, except when it comes to the use of computers, where ethics are considered universal. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 243 H1: Ethics And Information Security H2: Ethical Differences Across Cultures Page 4
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:50 PM 13. Unethical and illegal behavior is generally caused by ignorance (of policy and/or the law), by accident, and by inadequate protection mechanisms. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 246 H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 14. Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 246 H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 15. Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior Page 5
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security p. 247 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:50 PM 16. Employees are not deterred by the potential loss of certification or professional accreditation resulting from a breach of a code of conduct, because this loss has no effect on employees' marketability and earning power. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 247 H1: Codes Of Ethics Of Professional Organizations QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:51 PM 17. The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, those resources. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Key U.S. Federal Agencies p. 249 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:51 PM 18. The Department of Homeland Security works with academic campuses nationally, focusing on resilience, recruitment, internationalization, growing academic maturity, and academic research. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 249 H1: Key U.S. Federal Agencies Page 6
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security H2: Department of Homeland Security QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:51 PM 19. The Secret Service is charged with safeguarding the nation’s financial infrastructure and payments systems to preserve the integrity of the economy. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 252 H1: Key U.S. Federal Agencies H2: U.S. Secret Service QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 20. Since it was established in January 2001, every FBI field office has started an InfraGard program to collaborate with public and private organizations and the academic community. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Key U.S. Federal Agencies H2: Federal Bureau of Investigation (FBI) p. 255 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:52 PM 21. The NSA is responsible for signal intelligence, information assurance products and services, and enabling computer network operations to gain a decision advantage for the United States and its allies. a. True b. False ANSWER: True Page 7
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security POINTS: REFERENCES:
1 p. 255 H1: Key U.S. Federal Agencies H2: National Security Agency (NSA) QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:06 PM Modified True / False 22. Ethics are the moral attitudes or customs of a particular group. _____ ANSWER: False - Cultural mores False - Mores POINTS: 1 REFERENCES: p. 224 H1: Introduction To Law And Ethics In Information Security QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:07 PM 23. Civil law addresses activities and conduct harmful to society and is actively enforced by the state. _____ ANSWER: False - Criminal POINTS: 1 REFERENCES: H1: Introduction To Law And Ethics In Information Security H2: Types of Law p. 226 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 24. Privacy is the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality._____ ANSWER: True POINTS: 1 REFERENCES: p. 227 H1: Relevant U.S. Laws Page 8
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security H2: Privacy QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 25. Information denigration refers to pieces of nonprivate data that, when combined, may create information that violates privacy. _____ ANSWER: False - aggregation POINTS: 1 REFERENCES: p. 228 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 5/25/2021 8:33 PM DATE MODIFIED: 5/25/2021 8:35 PM 26. The Economic Espionage Act of 1996 protects American ingenuity, intellectual property, and competitive advantage. _____ ANSWER: True POINTS: 1 REFERENCES: p. 236 H1: Relevant U.S. Laws H2: Export and Espionage Laws QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 27. Intellectual privacy is recognized as a protected asset in the United States. _____ ANSWER: False - property POINTS: 1 REFERENCES: p. 237 H1: Relevant U.S. Laws H2: U.S. Copyright Law Page 9
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 28. The Graham-Leach-Bliley Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. _____ ANSWER: False - Sarbanes-Oxley False - Public Company Accounting Reform and Investor Protection False - SOX POINTS: 1 REFERENCES: p. 237 H1: Relevant U.S. Laws H2: Financial Reporting QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:07 PM 29. The Digital Millennium Copyright Act is the American law created in response to Directive 95/46/EC, adopted in 1995 by the European Union. _____ ANSWER: True POINTS: 1 REFERENCES: p. 241 H1: International Laws And Legal Bodies H2: Digital Millennium Copyright Act QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.3 - Identify major national and international laws that affect the practice of information Identify special security controls and privacy considerations for personnel management security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 30. In a study on software license infringement, licenses from the United States were significantly more permissive than those from the Netherlands and other countries. _____ ANSWER: False - less POINTS: 1 Page 10
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security REFERENCES:
p. 244 H1: Ethics And Information Security H2: Ethical Differences Across Cultures QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 31. Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior p. 247 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 32. The code of ethics put forth by (ISC)2 focuses on four mandatory canons: “Protect society, the commonwealth, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession.” _____ ANSWER: True POINTS: 1 REFERENCES: p. 248 H1: Codes Of Ethics Of Professional Organizations H2: Major IT and InfoSec Professional Organizations QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:08 PM 33. The Department of Homeland Security was created in 2003 by the 9/11 Memorial Act of 2002. _____ ANSWER: False - Homeland Security POINTS: 1 REFERENCES: p. 249 H1: Key U.S. Federal Agencies H2: Department of Homeland Security Page 11
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 34. The U.S. Secret Service is currently within the Department of the Treasury. _____ ANSWER: False - Homeland Security POINTS: 1 REFERENCES: p. 252 H1: Key U.S. Federal Agencies H2: U.S. Secret Service QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 35. The communications networks of the United States carry(ies) more funds than all of the armored cars in the world combined. _____ ANSWER: True POINTS: 1 REFERENCES: p. 252 H1: Key U.S. Federal Agencies H2: U.S. Secret Service QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 36. The Federal Bureau of Investigation’s National InfraGard Program serves its members in four basic ways: Maintains an intrusion alert network using encrypted e-mail; maintains a secure Web site for communication about suspicious activity or intrusions; sponsors local chapter activities; and operates a help desk for questions. _____ ANSWER: True POINTS: 1 REFERENCES: p. 255 H1: Key U.S. Federal Agencies H2: Federal Bureau of Investigation (FBI) Page 12
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.5 - Explain the roles of some U.S. law enforcement agencies with an interest in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:50 PM 37. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), also known as the Kennedy– Kassebaum Act, protects the confidentiality and security of healthcare data. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Relevant U.S. Laws H2: Privacy p. 229 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 5/25/2021 8:37 PM DATE MODIFIED: 6/21/2021 6:09 PM Multiple Choice 38. _____ law comprises a wide variety of laws pertaining to relationships among individuals and organizations. a. Criminal b. Civil c. Statutory d. Constitutional ANSWER: b POINTS: 1 REFERENCES: p. 226 H1: Introduction To Law And Ethics In Information Security H2: Types of Law QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:10 PM 39. _____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. a. Public b. Private c. Civil d. Criminal ANSWER: a Page 13
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security POINTS: REFERENCES:
1 p. 226 H1: Introduction To Law And Ethics In Information Security H2: Types of Law QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 40. The Computer _____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. a. Violence b. Fraud c. Theft d. Usage ANSWER: b POINTS: 1 REFERENCES: p. 226 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 41. According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except _____. a. for purposes of commercial advantage b. for private financial gain c. to harass d. in furtherance of a criminal act ANSWER: c POINTS: 1 REFERENCES: p. 226 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 42. The _____ defines stiffer penalties for prosecution of terrorism-related activities. Page 14
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security a. USA PATRIOT Act b. Sarbanes-Oxley Act c. Gramm-Leach-Bliley Act d. Economic Espionage Act ANSWER: a POINTS: 1 REFERENCES: p. 226 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:11 PM 43. The National Information Infrastructure Protection Act of 1996 modified which act? a. USA PATRIOT Act b. USA PATRIOT Improvement and Reauthorization Act c. Computer Security Act d. Computer Fraud and Abuse Act ANSWER: d POINTS: 1 REFERENCES: p. 226 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:57 PM 44. Which of the following acts defines and formalizes laws to counter threats from computer-related acts and offenses? a. Electronic Communications Privacy Act of 1986 b. Freedom of Information Act (FOIA) of 1966 c. Computer Fraud and Abuse Act of 1986 d. All of the other answers are correct ANSWER: c POINTS: 1 REFERENCES: p. 226 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional Page 15
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security DATE CREATED: DATE MODIFIED:
organizations of importance to information security 9/14/2016 10:35 AM 6/21/2021 6:17 PM
45. In 2002, Congress passed the Federal Information Security Management Act (FISMA), which mandates that all federal agencies _____. a. provide security awareness training b. periodic assessment of risk c. develop policies and procedures based on risk assessments d. all of the other answers are correct ANSWER: d POINTS: 1 REFERENCES: p. 227 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 12/28/2016 2:59 PM DATE MODIFIED: 6/21/2021 6:14 PM 46. What is the subject of the Computer Security Act of 1987? a. Federal agency information security b. Telecommunications common carriers c. Cryptography software vendors d. All of the other answers are correct ANSWER: a POINTS: 1 REFERENCES: p. 227 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:15 PM 47. The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any _____ purposes. a. troubleshooting b. billing c. customer service d. marketing ANSWER: d Page 16
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security POINTS: REFERENCES:
1 p. 228 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 48. The Health Insurance Portability and Accountability Act of 1996, also known as the _____ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange. a. Gramm-Leach-Bliley b. Kennedy-Kessebaum c. Privacy d. HITECH ANSWER: b POINTS: 1 REFERENCES: p. 229 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 49. Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? a. Electronic Communications Privacy Act b. Financial Services Modernization Act c. Sarbanes-Oxley Act d. Economic Espionage Act ANSWER: a POINTS: 1 REFERENCES: p. 229 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:58 PM Page 17
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security 50. Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? a. Financial Services Modernization Act b. Communications Act c. Computer Security Act d. Health Insurance Portability and Accountability Act ANSWER: a POINTS: 1 REFERENCES: p. 230 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 51. Information about a person’s history, background, and attributes that can be used to commit identity theft is known as _____ information. a. virtually interpreted b. privately held c. personally identifiable d. identity defined ANSWER: c POINTS: 1 REFERENCES: H1: Relevant U.S. Laws H2: Identity Theft p. 234 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 5/25/2021 8:41 PM DATE MODIFIED: 5/25/2021 8:43 PM 52. The unauthorized taking of person information with the intent of committing fraud and abuse of a person’s financial and personal reputation, purchasing goods and services without authorization, and generally impersonating the victim for illegal or unethical purposes.is known as _____. a. non-criminal fraud b. ransoming c. identity theft d. identity extortion ANSWER: c Page 18
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security POINTS: REFERENCES:
1 H1: Relevant U.S. Laws H2: Identity Theft p. 234 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 5/25/2021 8:45 PM DATE MODIFIED: 5/25/2021 8:47 PM 53. The _____ attempts to prevent trade secrets from being illegally shared. a. Electronic Communications Privacy Act b. Sarbanes-Oxley Act c. Financial Services Modernization Act d. Economic Espionage Act ANSWER: d POINTS: 1 REFERENCES: p. 236 H1: Relevant U.S. Laws H2: Export and Espionage Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 54. The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. a. Prepper Act b. Economic Espionage Act c. USA PATRIOT Act d. Security and Freedom through Encryption Act ANSWER: d POINTS: 1 REFERENCES: p. 236 H1: Relevant U.S. Laws H2: Export and Espionage Laws QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM Page 19
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security 55. _____ use allows copyrighted materials to be used to support news reporting, teaching, scholarship, and similar activities, if the use is for educational or library purposes, is not for profit, and is not excessive. a. Justified b. Fair c. Personal d. Limited ANSWER: b POINTS: 1 REFERENCES: H1: Relevant U.S. Laws H2: U.S. Copyright Law p. 237 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 5/25/2021 8:49 PM DATE MODIFIED: 6/21/2021 6:18 PM 56. What is the subject of the Sarbanes-Oxley Act? a. Banking b. Financial reporting c. Privacy d. Trade secrets ANSWER: b POINTS: 1 REFERENCES: p. 237 H1: Relevant U.S. Laws H2: Financial Reporting QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 5:59 PM 57. Payment Card Industry _____ Standards are designed to enhance the security of customers’ payment card account data. a. Data Safety b. Data Security c. Data Practices d. Account Security ANSWER: b POINTS: 1 REFERENCES: H1: Relevant U.S. Laws H2: Payment Card Industry Data Security Standards (PCI DSS) p. 238 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional Page 20
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security DATE CREATED: DATE MODIFIED:
organizations of importance to information security 5/25/2021 8:52 PM 6/21/2021 6:18 PM
58. In 2001, the Council of Europe drafted the European Council Cybercrime Convention, which empowers an international task force to oversee a range of security functions associated with _____ activities. a. online terrorist b. electronic commerce c. cyberactivist d. Internet ANSWER: d POINTS: 1 REFERENCES: p. 240 H1: International Laws And Legal Bodies H2: Council of Europe Convention on Cybercrime QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.3 - Identify major national and international laws that affect the practice of information Identify special security controls and privacy considerations for personnel management security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:19 PM 59. The Digital _____ Copyright Act is the American contribution to an international effort by the World Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement. a. Management b. Master c. Information d. Millennium ANSWER: d POINTS: 1 REFERENCES: H1: International Laws And Legal Bodies H2: Digital Millennium Copyright Act p. 241 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.3 - Identify major national and international laws that affect the practice of information Identify special security controls and privacy considerations for personnel management security DATE CREATED: 5/25/2021 8:57 PM DATE MODIFIED: 5/25/2021 8:58 PM 60. In the 1999 study of computer use-ethics, which of the following countries reported the least tolerant attitudes toward misuse of organizational computing resources? a. Australia b. United States c. Singapore d. Sweden ANSWER: c POINTS: 1 REFERENCES: p. 244 Page 21
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security H1: Ethics And Information Security H2: Ethical Differences Across Cultures QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:20 PM 61. Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage _____. a. with intent b. by accident and/or through unintentional negligence c. with malice d. none of the other answers are correct ANSWER: b POINTS: 1 REFERENCES: p. 246 H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:21 PM 62. There are three general causes of unethical and illegal behavior: _____, Accident, and Intent. a. Curiosity b. Ignorance c. Revenge d. None of the other answers are correct ANSWER: b POINTS: 1 REFERENCES: p. 246 H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 5/25/2021 9:00 PM DATE MODIFIED: 6/21/2021 6:22 PM 63. Criminal or unethical _____ goes to the state of mind of the individual performing the act. a. ignorance b. intent c. accident d. all of the other answers are correct ANSWER: b POINTS: 1 Page 22
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security REFERENCES:
p. 246 H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:23 PM 64. Laws, policies, and their associated penalties only provide deterrence if which of the following conditions is present? a. Fear of penalty b. Probability of being caught c. Probability of penalty being administered d. All of the other answers are correct ANSWER: d POINTS: 1 REFERENCES: p. 247 H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:24 PM 65. _____ is a professional association that focuses on auditing, control, and security. The membership comprises both technical and managerial professionals. a. ISACA b. Information Systems Security Association (ISSA) c. EC-Council d. SANS ANSWER: a POINTS: 1 REFERENCES: p. 249 H1: Codes Of Ethics Of Professional Organizations H2: Major IT and InfoSec Professional Organizations QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 5/25/2021 9:06 PM DATE MODIFIED: 5/25/2021 9:09 PM 66. The _____ is a respected professional society that was established in 1947. Today it is “the world’s largest educational and scientific computing society. a. Association for Computing Machinery b. Information Systems Security Association (ISSA) Page 23
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security c. International Information Systems Security Certification d. EC-Council Consortium, Inc. ANSWER: a POINTS: 1 REFERENCES: H1: Codes Of Ethics Of Professional Organizations H2: Major IT and InfoSec Professional Organizations p. 248 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 5/25/2021 9:03 PM DATE MODIFIED: 5/25/2021 9:04 PM Completion 67. _____ are rules that mandate or prohibit certain behavior and are enforced by the government. ANSWER: Laws POINTS: 1 REFERENCES: p. 224 H1: Introduction To Law And Ethics In Information Security QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 68. _____ are the fixed moral attitudes or customs of a particular group. ANSWER: Cultural mores Mores POINTS: 1 REFERENCES: H1: Introduction To Law And Ethics In Information Security p. 224 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:25 PM 69. _____ is the legal obligation of an entity that extends beyond criminal or contract law. ANSWER: Liability POINTS: 1 REFERENCES: p. 224 Page 24
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security H1: Introduction To Law And Ethics In Information Security H2: Organizational Liability and the Need for Counsel QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 70. “Long arm _____” refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems whenever it can establish jurisdiction. ANSWER: jurisdiction POINTS: 1 REFERENCES: p. 225 H1: Introduction To Law And Ethics In Information Security H2: Organizational Liability and the Need for Counsel QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 71. Managerial statements that dictate certain behavior within an organization are known as _____. ANSWER: policies POINTS: 1 REFERENCES: p. 225 H1: Introduction To Law And Ethics In Information Security H2: Policy Versus Law QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:26 PM 72. Family law, commercial law, and labor law are all encompassed by _____ law. ANSWER: private POINTS: 1 REFERENCES: p. 226 H1: Introduction To Law And Ethics In Information Security H2: Types of Law Page 25
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 73. The _____ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities. ANSWER: U.S.A. PATRIOT USA PATRIOT POINTS: 1 REFERENCES: p. 226 H1: Relevant U.S. Laws H2: General Computer Crime Laws QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 74. _____ information is a form of collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group. ANSWER: Aggregate POINTS: 1 REFERENCES: p. 228 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:25 PM 75. The _____ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications. ANSWER: Electronic Communications Privacy POINTS: 1 REFERENCES: H1: Relevant U.S. Laws H2: Privacy Page 26
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security p. 229 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 76. The _____ Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies. ANSWER: Financial Services Modernization Gramm-Leach-Bliley GLB POINTS: 1 REFERENCES: p. 230 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 77. _____ theft is the unauthorized taking of personal information with the intent of committing fraud or another illegal or unethical purpose. ANSWER: Identity ID POINTS: 1 REFERENCES: p. 234 H1: Relevant U.S. Laws H2: Identity Theft QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 12/28/2016 3:03 PM DATE MODIFIED: 6/21/2021 6:27 PM 78. The _____ Act of 1996 attempts to prevent trade secrets from being illegally shared. ANSWER: Economic Espionage POINTS: 1 Page 27
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security REFERENCES:
p. 236 H1: Relevant U.S. Laws H2: Export and Espionage Laws QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 79. The _____ Act seeks to improve the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies. ANSWER: Sarbanes-Oxley Sarbanes Oxley Corporate and Auditing Accountability and Responsibility SOX POINTS: 1 REFERENCES: p. 237 H1: Relevant U.S. Laws H2: Financial Reporting QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:28 PM 80. The _____ of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security. ANSWER: Freedom of Information Act FOIA POINTS: 1 REFERENCES: p. 238 H1: Relevant U.S. Laws H2: Freedom of Information Act of 1966 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:28 PM 81. The _____ Card Industry Data Security Standards are designed to enhance the security of customers’ account data. Page 28
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security ANSWER: POINTS: REFERENCES:
Payment 1 p. 238 H1: Relevant U.S. Laws H2: Payment Card Industry Data Security Standards (PCI DSS) QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 12/28/2016 3:08 PM DATE MODIFIED: 6/21/2021 6:29 PM 82. The _____ is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures. ANSWER: Digital Millennium Copyright Act (DMCA) Digital Millennium Copyright Act DMCA POINTS: 1 REFERENCES: p. 241 H1: International Laws And Legal Bodies H2: Digital Millennium Copyright Act QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.3 - Identify major national and international laws that affect the practice of information Identify special security controls and privacy considerations for personnel management security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 83. Software license infringement is also often called software _____. ANSWER: piracy POINTS: 1 REFERENCES: p. 244 H1: Ethics And Information Security H2: Ethical Differences Across Cultures QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 84. According to the 1999 international study of computer-use ethics, many people from many cultural backgrounds Page 29
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security indicated that unless an organization explicitly forbids _____ use of its computing resources, such use is acceptable ANSWER: personal POINTS: 1 REFERENCES: p. 244 H1: Ethics And Information Security H2: Ethical Differences Across Cultures QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 6/21/2021 6:32 PM 85. Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is _____. ANSWER: education POINTS: 1 REFERENCES: p. 244 H1: Ethics And Information Security H2: Ethics and Education QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 86. The _____ is a respected professional society that was established in 1947 as “the world’s first educational and scientific computing society.” ANSWER: Association of Computing Machinery ACM POINTS: 1 REFERENCES: H1: Codes Of Ethics Of Professional Organizations H2: Major IT and InfoSec Professional Organizations p. 248 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 87. The _____ is a nonprofit organization that focuses on the development and implementation of information security certifications and credentials. ANSWER: International Information Systems Security Certification Consortium, Inc. (ISC)2 Page 30
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security International Information Systems Security Certification Consortium, Inc. (ISC)2 International Information Systems Security Certification Consortium, Inc. (ISC)2 (ISC)2 ISC2
POINTS: 1 REFERENCES: p. 248 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM 88. The _____ is a professional association that focuses on auditing, control, and security and whose membership comprises both technical and managerial professionals. ANSWER: Information Systems Audit and Control Association (ISACA) Information Systems Audit and Control Association ISACA POINTS: 1 REFERENCES: p. 249 H1: Codes Of Ethics Of Professional Organizations H2: Major IT and InfoSec Professional Organizations QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 5/11/2021 6:49 PM Essay 89. What are the requirements for a policy to become enforceable? ANSWER: For a policy to become enforceable, it must have: Dissemination (distribution) - The organization must be able to demonstrate that the relevant policy has been made readily available for review by the employee. Review (reading) - The organization must be able to demonstrate that it disseminated the document in an intelligible form, including versions for illiterate, non-English reading, and reading-impaired employees. Comprehension (understanding) - The organization must be able to demonstrate that the employee understood the requirements and content of the policy. Compliance (agreement) - The organization must be able to demonstrate that the employee Page 31
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security agrees to comply with the policy, through act or affirmation. Uniform enforcement - The organization must be able to demonstrate that the policy has been uniformly enforced, regardless of employee status or assignment. POINTS: 1 REFERENCES: p. 225 H1: Introduction To Law And Ethics In Information Security H2: Policy Versus Law QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 3/8/2017 6:05 PM 90. List the five fundamental principles of HIPAA. ANSWER: 1. Consumer control of medical information 2. Boundaries on the use of medical information 3. Accountability for the privacy of private information 4. Balance of public responsibility for the use of medical information for the greater good measured against impact to the individual 5. Security of health information POINTS: 1 REFERENCES: p. 229 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM 91. What are the provisions of the Digital Millennium Copyright Act (DMCA)? ANSWER: The DMCA includes the following provisions: • • •
Prohibits the circumvention of protections and countermeasures implemented by copyright owners to control access to protected content Prohibits the manufacture of devices to circumvent protections and countermeasures that control access to protected content Bans trafficking in devices manufactured to circumvent protections and countermeasures that control access to protected content Page 32
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security • •
Prohibits the altering of information attached or embedded into copyrighted material Excludes Internet service providers from certain forms of contributory copyright infringement
POINTS: REFERENCES:
1 p. 242 H1: International Laws And Legal Bodies H2: Digital Millennium Copyright Act QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.3 - Identify major national and international laws that affect the practice of information Identify special security controls and privacy considerations for personnel management security DATE CREATED: 12/28/2016 3:10 PM DATE MODIFIED: 12/28/2016 3:11 PM 92. Laws, policies, and their associated penalties only provide deterrence if three conditions are present. List and describe them. ANSWER: Fear of penalty: Potential offenders must fear the penalty. Probability of being apprehended: Potential offenders must believe there is a strong possibility of being caught. Probability of penalty being applied: Potential offenders must believe that the penalty will be administered. POINTS: 1 REFERENCES: p. 247 H1: Ethics And Information Security H2: Deterring Unethical and Illegal Behavior QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 9/14/2016 10:35 AM DATE MODIFIED: 9/14/2016 10:35 AM Subjective Short Answer 93. What is civil law, and what does it accomplish? ANSWER: Civil law represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizations and people. Civil law encompasses family law, commercial law, and labor law. POINTS: REFERENCES:
1 p. 226 Page 33
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security H1: Introduction to Law And Ethics In Information Security H2: Types of Law QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.2 - Describe the relevant laws, regulations, and professional organizations of importance to information security DATE CREATED: 5/25/2021 9:16 PM DATE MODIFIED: 5/25/2021 9:16 PM 94. If you work for a financial services organization such as a bank or credit union, which 1999 law affects your use of customer data? What other effects does it have? ANSWER: The law that affects the use of customer data by financial institutions is the Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999. Specifically, this act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information. It also requires due notice to customers so they can request that their information not be shared with third parties. In addition, the act ensures that an organization’s privacy policies are fully disclosed when a customer initiates a business relationship and then distributed at least annually for the duration of the professional association. POINTS: REFERENCES:
1 p. 230 H1: Relevant U.S. Laws H2: Privacy QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.4 - Discuss the role of privacy as it applies to law and ethics in information security DATE CREATED: 5/25/2021 9:19 PM DATE MODIFIED: 5/25/2021 9:19 PM 95. What is the difference between law and ethics? ANSWER: Laws are rules that mandate or prohibit certain behavior in society; they are drawn from ethics, which define socially acceptable behavior. The key difference between laws and ethics is that laws carry the sanctions of a governing authority and ethics do not. Ethics are based on cultural mores: the fixed moral attitudes or customs of a particular group. POINTS: REFERENCES: QUESTION TYPE: HAS VARIABLES:
1 p. 242 H1: Ethics and Information Security Subjective Short Answer False Page 34
Name:
Class:
Date:
Module 6 Legal, Ethical, and Professional Issues in Information Security STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.06.1 - Explain the differences between laws and ethics DATE CREATED: 5/25/2021 9:13 PM DATE MODIFIED: 5/25/2021 9:13 PM
Page 35
Name:
Class:
Date:
Module 7 Security and Personnel True / False 1. The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Introduction To Security And Personnel p. 262 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 3/10/2017 9:58 AM 2. The information security function cannot be placed within physical security, as a peer of physical security or protective services. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Positioning The Security Function p. 263 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.1 - Describe where and how the information security function should be positioned within organizations DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:12 AM 3. In many organizations, information security teams lack established roles and responsibilities. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 266 H1: Staffing The Information Security Function H2: Qualifications and Requirements QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM Page 1
Name:
Class:
Date:
Module 7 Security and Personnel DATE MODIFIED:
3/10/2017 9:59 AM
4. In many cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 266 H1: Staffing The Information Security Function H2: Qualifications and Requirements QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:12 AM 5. The use of standardized job descriptions can increase the degree of professionalism in the information security field. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 267 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:23 AM 6. "Builders" in the field of information security provide day-to-day systems monitoring and are used to support an organization’s goals and objectives. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 268 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the Page 2
Name:
Class:
Date:
Module 7 Security and Personnel DATE CREATED: DATE MODIFIED:
information security function 9/14/2016 10:49 AM 6/23/2021 11:24 AM
7. The security manager position is much more general than that of the CISO. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Staffing The Information Security Function H2: Information Security Positions p. 271 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 3/10/2017 9:59 AM 8. Security administrators provide day-to-day systems monitoring to support an organization’s goals and objectives. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Staffing The Information Security Function H2: Information Security Positions p. 268 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:24 AM 9. The position of security analyst can be an entry-level position. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 272 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: True / False HAS VARIABLES: False Page 3
Name:
Class:
Date:
Module 7 Security and Personnel LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:24 AM 10. Existing information security-related certifications are typically well understood by those responsible for hiring in organizations. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 273 H1: Credentials For Information Security Professionals QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 3/10/2017 9:59 AM 11. The (ISC)2 CISSP concentrations are available for currently certified CISSP professionals to demonstrate knowledge that is part of the CISSP common body of knowledge. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 273 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:27 AM 12. The (ISC)2 CISSP-ISSEP concentrationfocuses on the knowledge area including systems lifecycle management, threat intelligence and incident managements. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications p. 274 Page 4
Name:
Class:
Date:
Module 7 Security and Personnel QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:28 AM 13. The SSCP examination is much more rigorous than the CISSP examination. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 274 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 3/10/2017 9:59 AM 14. CompTIA offers a vendor-specific certification program called the Security+ certification. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 280 H1: Credentials For Information Security Professionals H2: CompTIA Certifications QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 9/14/2016 10:49 AM 15. The advice "Know more than you say, and be more skillful than you let on" for information security professionals indicates that an information security professional should avoid speaking to users in technical jargon. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 283 Page 5
Name:
Class:
Date:
Module 7 Security and Personnel H1: Credentials For Information Security Professionals H2: Advice for Information Security Professionals QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:29 AM 16. The process of integrating information security perspectives into the hiring process includes with reviewing and updating all job descriptions. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Employment Policies And Practices H2: Job Descriptions p. 284 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:29 AM 17. A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 284 H1: Employment Policies And Practices H2: Background Check QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/15/2021 5:41 PM 18. An organization should integrate security awareness education into a new hire’s ongoing job orientation and make it a part of every employee’s on-the-job security training. a. True b. False Page 6
Name:
Class:
Date:
Module 7 Security and Personnel ANSWER: POINTS: REFERENCES:
True 1 p. 285 H1: Employment Policies And Practices H2: On-the-Job Security Training QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 3/10/2017 10:01 AM 19. To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Employment Policies And Practices H2: Security Considerations for Temporary Employees, Consultants, and Other Workers p. 290 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 9/14/2016 10:49 AM 20. Organizations are not required by law to protect employee information that is sensitive or personal. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Personnel Control Strategies H2: Privacy and the Security of Personnel Data p. 289 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 9/14/2016 10:49 AM Modified True / False Page 7
Name:
Class:
Date:
Module 7 Security and Personnel 21. The general management community of interest must plan for the proper staffing of the information security function. _____ ANSWER: False - information security POINTS: 1 REFERENCES: p. 262 H1: Introduction To Security And Personnel QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 5/26/2021 10:42 AM 22. Upper management should learn more about the budgetary needs of the information security function and the positions within it. _____ ANSWER: True POINTS: 1 REFERENCES: p. 266 H1: Staffing The Information Security Function H2: Qualifications and Requirements QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:54 AM 23. Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _____ ANSWER: False - IT POINTS: 1 REFERENCES: p. 267 H1: Staffing The Information Security Function H2: Entry into the Information Security Profession QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 5/26/2021 10:42 AM Page 8
Name:
Class:
Date:
Module 7 Security and Personnel 24. "Administrators" provide the policies, guidelines, and standards in the Schwartz classification. _____ ANSWER: False - Definers POINTS: 1 REFERENCES: p. 268 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:55 AM 25. Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _____ ANSWER: True POINTS: 1 REFERENCES: p. 271 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 5/26/2021 10:42 AM 26. The most common credential for a CISO-level position is the Security+ certification. _____ ANSWER: False - CISM False - Certified Information Security Manager POINTS: 1 REFERENCES: H1: Staffing The Information Security Function H2: Staffing The Information Security Function p. 268 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/15/2021 5:44 PM 27. ISSEP stands for Information Systems Security Experienced Professional. _____ ANSWER: False - Engineering Page 9
Name:
Class:
Date:
Module 7 Security and Personnel POINTS: REFERENCES:
1 p. 274 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 5/26/2021 10:42 AM 28. ISSAP stands for Information Systems Security Architecture Professional. _____ ANSWER: True POINTS: 1 REFERENCES: p. 274 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 5/26/2021 10:42 AM 29. ISSMP stands for Information Systems Security Monitoring Professional. _____ ANSWER: False - Management POINTS: 1 REFERENCES: p. 274 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 5/26/2021 10:42 AM 30. The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _____ ANSWER: False - CISM POINTS: 1 REFERENCES: p. 276 Page 10
Name:
Class:
Date:
Module 7 Security and Personnel H1: Credentials For Information Security Professionals H2: ISACA Certifications QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 5/26/2021 10:42 AM 31. ISACA promotes the CISA certification as being appropriate for accounting, networking, and security professionals. _____ ANSWER: False - auditing POINTS: 1 REFERENCES: p. 276 H1: Credentials For Information Security Professionals H2: ISACA Certifications QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/23/2021 11:56 AM 32. GIAC stands for Global Information Architecture Certification. _____ ANSWER: False - Assurance POINTS: 1 REFERENCES: p. 277 H1: Credentials For Information Security Professionals H2: SANS Certifications QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 33. Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting. _____ ANSWER: False - Hostile POINTS: 1 REFERENCES: p. 286 H1: Employment Policies And Practices Page 11
Name:
Class:
Date:
Module 7 Security and Personnel H2: Termination QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 34. Mandatory training provides the organization with the ability to audit the work of an individual. _____ ANSWER: False - vacation POINTS: 1 REFERENCES: p. 288 H1: Personnel Control Strategies QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 11:57 AM 35. In many organizations, information security teams lack established _____ and responsibilities. _____ ANSWER: False - roles POINTS: 1 REFERENCES: p. 266 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 5/26/2021 2:30 PM DATE MODIFIED: 5/26/2021 2:31 PM 36. Security administrators are accountable to provide day-to-day systems monitoring to support an organization’s goals and objectives. ANSWER: True POINTS: 1 REFERENCES: H1: Staffing The Information Security Function H2: Information Security Positions p. 268 QUESTION TYPE: Modified True / False Page 12
Name:
Class:
Date:
Module 7 Security and Personnel HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 5/26/2021 2:34 PM DATE MODIFIED: 5/26/2021 2:34 PM Multiple Choice 37. To assess the effect that changes will have on the organization’s personnel management practices, the organization should conduct a behavioral feasibility study before the program is _____. a. considered b. planned c. budgeted d. implemented ANSWER: d POINTS: 1 REFERENCES: p. 262 H1: Introduction To Security And Personnel QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 5/26/2021 2:37 PM DATE MODIFIED: 6/23/2021 11:57 AM 38. The model commonly used by large organizations places the information security department within the _____ department. a. management b. information technology c. physical security d. production ANSWER: b POINTS: 1 REFERENCES: p. 263 H1: Positioning The Security Function QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 11:58 AM 39. The latest forecasts for information security-related positions expect _____ openings than in many previous years.. a. the same number of b. more c. many fewer d. fewer ANSWER: b POINTS: 1 Page 13
Name:
Class:
Date:
Module 7 Security and Personnel REFERENCES:
H1: Staffing The Information Security Function p. 264 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 5/26/2021 2:42 PM DATE MODIFIED: 6/23/2021 11:59 AM 40. Many who move to business-oriented information security were formerly_____ who were often involved in national security or cybersecurity. a. marketing managers b. military personnel c. business analysts d. lawyers ANSWER: b POINTS: 1 REFERENCES: p. 267 H1: Staffing The Information Security Function H2: Entry into the Information Security Profession QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:00 PM 41. The information security function can be placed within the _____. a. insurance and risk management function b. administrative services function c. legal department d. All of the other answers are correct ANSWER: d POINTS: 1 REFERENCES: p. 263 H1: Positioning The Security Function QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:01 PM 42. In most cases, organizations look for a technically qualified information security _____ who has a solid understanding of how an organization operates. a. generalist b. specialist Page 14
Name:
Class:
Date:
Module 7 Security and Personnel c. internist ANSWER: POINTS: REFERENCES:
d. expert
a 1 p. 266 H1: Staffing The Information Security Function H2: Qualifications and Requirements QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 5/26/2021 2:45 PM DATE MODIFIED: 5/26/2021 2:46 PM 43. Many who enter the field of information security are technical professionals such as _____ who find themselves working on information security applications and processes more often than traditional IT assignments. a. networking experts or systems administrators b. database administrators c. programmers d. All of the other answers are correct ANSWER: d POINTS: 1 REFERENCES: p. 267 H1: Staffing The Information Security Function H2: Entry into the Information Security Profession QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:02 PM 44. Which of the following is not one of the categories of positions defined by Schwartz? a. Definer b. User c. Builder d. Administrator ANSWER: b POINTS: 1 REFERENCES: p. 267 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:02 PM 45. _____ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security Page 15
Name:
Class:
Date:
Module 7 Security and Personnel software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization’s security technology is properly implemented. a. CSOs b. CISOs c. Security managers d. Security analysts ANSWER: d POINTS: 1 REFERENCES: p. 267 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:03 PM 46. According to Schwartz, "_____" are the real techies who create and install security solutions. a. Builders b. Administrators c. Engineers d. Definers ANSWER: a POINTS: 1 REFERENCES: p. 268 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:03 PM 47. The _____ is the title most commonly associated with the top information security officer in the organization. a. CISO b. CFO c. CTO d. CEO ANSWER: a POINTS: 1 REFERENCES: p. 268 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM Page 16
Name:
Class:
Date:
Module 7 Security and Personnel DATE MODIFIED:
6/23/2021 12:26 PM
48. In some organizations, the CISO’s position may be combined with physical security responsibilities or may even report to a security manager who is responsible for both logical (information) security and physical security and such a position is generally referred to as a _____. a. CSO b. CPSO c. CTO d. CNSO ANSWER: a POINTS: 1 REFERENCES: H1: Staffing The Information Security Function H2: Information Security Positions p. 270 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 5/26/2021 2:50 PM DATE MODIFIED: 5/26/2021 2:51 PM 49. Security managers accomplish _____ identified by the CISO and resolve issues identified by technicians a. strategies b. tactics c. objectives d. tasks ANSWER: c POINTS: 1 REFERENCES: H1: Staffing The Information Security Function H2: Information Security Positions p. 271 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 5/26/2021 2:55 PM DATE MODIFIED: 5/26/2021 2:58 PM 50. The breadth and depth covered in each of the domains makes the _____ one of the most difficult-to-attain certifications on the market. a. Security+ b. CISA c. CISSP d. ISEP ANSWER: c POINTS: 1 REFERENCES: p. 273 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Multiple Choice HAS VARIABLES: False Page 17
Name:
Class:
Date:
Module 7 Security and Personnel LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:27 PM 51. The (ISC)2 _____ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's common body of knowledge. a. CISA b. C|CISO c. CISM d. CISSP ANSWER: d POINTS: 1 REFERENCES: p. 273 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:29 PM 52. The ISSEP concentration allows CISSP certificate holders to demonstrate expert knowledge of all of the following except _____. a. systems security engineering b. technical management c. international laws d. certification and accreditation/risk management framework ANSWER: c POINTS: 1 REFERENCES: p. 274 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:30 PM 53. The ISSMP concentration examination is designed to provide CISSPs with a mechanism to demonstrate competence in _____. a. enterprise security management practices b. security management practices c. business continuity planning and disaster recovery planning d. All of these answers are correct ANSWER: d POINTS: 1 REFERENCES: p. 274 H1: Credentials For Information Security Professionals Page 18
Name:
Class:
Date:
Module 7 Security and Personnel H2: (ISC)-2 Certifications QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:31 PM 54. Like the CISSP, the SSCP certification is more applicable to the security_____ than to the security _____. a. technician, manager b. manager, engineer c. manager, technician d. technician, executive ANSWER: c POINTS: 1 REFERENCES: p. 274 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 55. The CISA credential is promoted by ISACA as the certification that is appropriate for all but which type of professionals? a. accounting b. security c. networking d. auditing ANSWER: a POINTS: 1 REFERENCES: p. 276 H1: Credentials For Information Security Professionals H2: ISACA Certifications QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:31 PM 56. The former System Administration, Networking, and Security Organization is now better known as _____. a. SANO b. SAN c. SANS d. SANSO ANSWER: c POINTS: 1 Page 19
Name:
Class:
Date:
Module 7 Security and Personnel REFERENCES:
p. 277 H1: Credentials For Information Security Professionals H2: SANS Certifications QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 57. The Cybersecurity Analyst+ certification from _____ is an intermediate certification with both knowledge-based and performance-based assessment. a. SANS b. ISACA c. CompTIA d. ACM ANSWER: c POINTS: 1 REFERENCES: H1: Credentials For Information Security Professionals H2: CompTIA Certifications p. 280 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 5/26/2021 3:01 PM DATE MODIFIED: 5/26/2021 3:03 PM 58. Many organizations use a(n) _____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee’s tenure in the organization. a. hostile b. departure c. exit d. termination ANSWER: c POINTS: 1 REFERENCES: p. 286 H1: Employment Policies And Practices H2: Termination QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 59. _____ are hired by the organization to serve in a temporary position or to supplement the existing workforce. a. Temporary employees b. Consultants c. Contractors d. Self-employees Page 20
Name:
Class:
Date:
Module 7 Security and Personnel ANSWER: POINTS: REFERENCES:
a 1 p. 289 H1: Personnel Control Strategies H2: Security Considerations for Temporary Employees, Consultants, and Other Workers QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 60. _____ is a cornerstone in the protection of information assets and in the prevention of financial loss. a. Fire suppression b. Business separation c. Separation of duties d. Collusion ANSWER: c POINTS: 1 REFERENCES: p. 287 H1: Personnel Control Strategies QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 61. _____ is the requirement that every employee be able to perform the work of another employee. a. Two-man control b. Collusion c. Duty exchange d. Task rotation ANSWER: d POINTS: 1 REFERENCES: p. 288 H1: Personnel Control Strategies QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM Completion 62. To assess the effect that changes will have on the organization’s personnel management practices, the organization should conduct a _____feasibility study before the program is implemented. Page 21
Name:
Class:
Date:
Module 7 Security and Personnel ANSWER: POINTS: REFERENCES:
behavioral 1 p. 262 H1: Introduction To Security And Personnel QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:32 PM 63. It is important to gather employee _____ early about the information security program and respond to it quickly. ANSWER: feedback POINTS: 1 REFERENCES: p. 262 H1: Introduction To Security And Personnel QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 64. Because the goals and objectives of _____ and CISOs tend to contradict each other, InformationWeek recommends: “The people who do and the people who watch shouldn't report to a common manager.” ANSWER: POINTS: REFERENCES:
CIOs 1 p. 263 H2: Information Security Positions QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:33 PM 65. The _____ acts as the spokesperson for the information security team. ANSWER: CSO Chief Security Officer Chief Security Officer (CSO) Page 22
Name:
Class:
Date:
Module 7 Security and Personnel CISO Chief Information Security Officer Chief Information Security Officer (CISO) CISO or CSO CSO or CISO POINTS: 1 REFERENCES: p. 267 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:35 PM 66. Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and _____ areas. ANSWER: policy POINTS: 1 REFERENCES: p. 268 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 67. Security _____ are accountable for the day-to-day operation of the information security program. ANSWER: managers POINTS: 1 REFERENCES: p. 271 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM Page 23
Name:
Class:
Date:
Module 7 Security and Personnel 68. The CISSP certification requires both the successful completion of the examination and a(n) _____ by a qualified third party, typically another similarly certified professional, the candidate’s employer, or a licensed, certified, or commissioned professional. ANSWER: endorsement POINTS: 1 REFERENCES: p. 273 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:36 PM 69. The Associate of (ISC)2 program is geared toward those who want to take the CISSP or SSCP exam before obtaining the requisite _____ for certification. ANSWER: experience POINTS: 1 REFERENCES: p. 276 H1: Credentials For Information Security Professionals H2: (ISC)-2 Certifications QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:37 PM 70. ISACA offers the CGEIT as well as the CISA and _____ certifications. ANSWER: CISM POINTS: 1 REFERENCES: p. 276 H1: Credentials For Information Security Professionals H2: ISACA Certifications QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM Page 24
Name:
Class:
Date:
Module 7 Security and Personnel 71. SANS developed a series of technical security certifications in 1999 that are known as the Global Information _____ Certification or GIAC family of certifications. ANSWER: Assurance POINTS: 1 REFERENCES: p. 277 H1: Credentials For Information Security Professionals H2: SANS Certifications QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 72. _____ are designed to recognize experts in their respective fields. ANSWER: Certifications POINTS: 1 REFERENCES: p. 281 H1: Credentials For Information Security Professionals H2: Certification Costs QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.3 - List and describe the credentials that information security professionals can earn to gain recognition in the field DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:37 PM 73. Once a candidate has accepted a job offer, the employment _____ becomes an important security instrument. ANSWER: contract POINTS: 1 REFERENCES: p. 285 H1: Employment Policies And Practices H2: Employee Contracts QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 74. When new employees are introduced into the organization’s culture and workflow, they should receive an extensive Page 25
Name:
Class:
Date:
Module 7 Security and Personnel information security briefing as part of their employee _____. ANSWER: orientation POINTS: 1 REFERENCES: p. 285 H1: Employment Policies And Practices H2: New Hire Orientation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 75. _____ departures include resignation, retirement, promotion, or relocation. ANSWER: Friendly POINTS: 1 REFERENCES: p. 286 H1: Employment Policies And Practices H2: Termination QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:41 AM 76. Separation of _____ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information. ANSWER: duties POINTS: 1 REFERENCES: p. 287 H1: Personnel Control Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 77. Related to the concept of separation of duties is that of _____, the requirement that two individuals review and approve each other’s work before the task is categorized as finished. ANSWER: two-person control Page 26
Name:
Class:
Date:
Module 7 Security and Personnel two person control POINTS: 1 REFERENCES: p. 287 H1: Personnel Control Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 1:54 PM 78. Job _____ can greatly increase the chance that an employee’s misuse of the system or abuse of information will be detected by another employee. ANSWER: rotation POINTS: 1 REFERENCES: p. 288 H1: Personnel Control Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 79. A(n) _____ agency provides specifically qualified individuals at the paid request of another company. ANSWER: temp temporary POINTS: 1 REFERENCES: p. 289 H1: Personnel Control Strategies H2: Security Considerations for Temporary Employees, Consultants, and Other Workers QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 80. The process of ensuring that no unnecessary access to data exists and that employees are able to perform only the minimum operations necessary on a set of data is referred to as the principle of _____. ANSWER: least privilege Page 27
Name:
Class:
Date:
Module 7 Security and Personnel POINTS: REFERENCES:
1 p. 289 H1: Personnel Control Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 5/26/2021 10:42 AM 81. _____________ are contracted workers hired for a specific one-time purpose, commonly to provide expertise the organization does not have internally. ANSWER: consultants POINTS: 1 REFERENCES: p. 290 H1: Personnel Control Strategies H2: Security Considerations for Temporary Employees, Consultants, and Other Workers QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 6/23/2021 12:38 PM Essay 82. What functions does the CISO perform? ANSWER: The CISO performs the following functions: - Manages the overall information security program for the organization - Drafts or approves information security policies - Works with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans - Develops information security budgets based on available funding - Sets priorities for the purchase and implementation of information security projects and technology - Makes decisions or recommendations on the recruiting, hiring, and firing of security staff - Acts as the spokesperson for the information security team POINTS: 1 REFERENCES: p. 268 H1: Staffing The Information Security Function H2: Information Security Positions QUESTION TYPE: Essay HAS VARIABLES: False Page 28
Name:
Class:
Date:
Module 7 Security and Personnel STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.2 - Explain the issues and concerns related to staffing the information security function DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 9/14/2016 10:50 AM 83. What tasks must be performed when an employee prepares to leave an organization? ANSWER: When an employee prepares to leave an organization, the following tasks must be performed: - Access to the organization’s systems must be disabled. - Removable media must be returned. - Hard drives must be secured. - File cabinet locks must be changed. - The office door lock must be changed. - Keycard access must be revoked. - Personal effects must be removed from the organization’s premises. POINTS: 1 REFERENCES: p. 286 H1: Employment Policies And Practices H2: Termination QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 9/14/2016 10:50 AM DATE MODIFIED: 3/10/2017 10:08 AM 84. Describe the concept of separation of duties. ANSWER: Among several internal control strategies, separation of duties is a cornerstone in the protection of information assets and in the prevention of financial loss. Separation of duties is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information. The control stipulates that the completion of a significant task that involves sensitive information should require at least two people. The idea behind this separation is that if only one person has the authorization to access a particular set of information, there may be nothing the organization can do to prevent this individual from copying the information and removing it from the premises. Separation of duties is especially important, and thus commonly implemented, when the information in question is financial. POINTS: 1 REFERENCES: p. 287 H1: Personnel Control Strategies QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.07.5 - Discuss the role of the pharyngeal arches in the development of the structures of the face. Page 29
Name:
Class:
Date:
Module 7 Security and Personnel DATE CREATED: DATE MODIFIED:
9/14/2016 10:50 AM 3/10/2017 10:08 AM
Subjective Short Answer 85. Why is it important to use specific and clearly defined job descriptions for hiring information security professionals? ANSWER:
Using standard job descriptions is important because they can increase the degree of professionalism in the information security field and improve the consistency of roles and responsibilities among organizations. POINTS: 1 REFERENCES: H1: Employment Policies and Practices H2: Job Descriptions p. 267 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 5/26/2021 3:10 PM DATE MODIFIED: 5/26/2021 3:10 PM 86. Why shouldn’t an organization give a job candidate a tour of secure areas during an interview? ANSWER: Candidates who are shown around can retain enough information about operations or information security functions to represent a potential threat. POINTS: 1 REFERENCES: p. 284 H1: Employment Policies and Practices H2: Interviews QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 5/26/2021 3:15 PM DATE MODIFIED: 5/26/2021 3:16 PM 87. How do security considerations for temporary or contract employees differ from those for regular full-time employees? ANSWER: Temporary employees typically provide secretarial or administrative support and may be exposed to a wide range of information. From a security standpoint, temporary employees should have only as much information access as they need to perform their duties. Although organizations often want temporary employees to sign nondisclosure agreements and fair use policies to avoid security breaches, this procedure can create a situation that is awkward and potentially dangerous. Therefore, the temporary employee’s supervisor should restrict the information to which the temp has access and ensure adherence to good Page 30
Name:
Class:
Date:
Module 7 Security and Personnel security practices, especially clean desk policies and those for the security of classified data. Typical contract employees include groundskeepers, maintenance workers, electrical contractors, mechanical service contractors, and other service and repair workers. Although some contract employees may require access to virtually all areas of the organization to do their jobs, they seldom need access to information or information resources. Contract workers may need access to various facilities, but such access should not be allowed automatically. POINTS: 1 REFERENCES: H1: Employment Policies and Practices H2: Termination p. 285 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.07.4 - Discuss how an organization’s employment policies and practices can support the information security effort DATE CREATED: 5/26/2021 3:07 PM DATE MODIFIED: 5/26/2021 3:07 PM
Page 31
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs True / False 1. Discretionary access control is an approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction to Access Controls p. 296 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 3/8/2017 9:46 PM 2. Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 296 H1: Introduction to Access Controls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 12/2/2017 1:50 PM 3. Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 297 H1: Introduction to Access Controls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:43 AM Page 1
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs DATE MODIFIED:
9/14/2016 10:43 AM
4. Authentication is the process of validating and verifying an unauthenticated entity’s purported identity. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Introduction to Access Controls H2: Access Control Mechanisms p. 298 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.2 - Define authentication and explain the three commonly used authentication factors DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 3/8/2017 4:57 PM 5. Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 301 H2: Access Control Mechanisms H1: Introduction to Access Controls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 9/14/2016 10:43 AM 6. Firewalls fall into several major categories of processing modes: packet-filtering firewalls, application layer proxy firewalls, media access control layer firewalls, and hybrids. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Firewall Technologies p. 308 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls Page 2
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs DATE CREATED: DATE MODIFIED:
9/14/2016 10:43 AM 6/24/2021 9:31 AM
7. A firewall cannot be deployed as a separate network containing a number of supporting devices. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 308 H1: Firewall Technologies QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 9/14/2016 10:43 AM 8. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall’s database or violations of those rules. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 309 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 9/14/2016 10:43 AM 9. The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: True / False HAS VARIABLES: False Page 3
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 9/14/2016 10:43 AM 10. The application layer proxy firewall is capable of functioning both as a firewall and an application layer proxy server. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 312 H2: Firewall Processing Modes H1: Firewall Technologies QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 3/8/2017 9:47 PM 11. Using an application layer firewall means the associated Web server must be exposed to a higher level of risk by placing it in the DMZ. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 312 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 6/24/2021 9:32 AM 12. All organizations with a router at the boundary between the organization’s internal networks and the
external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets. a. True b. False ANSWER: POINTS: REFERENCES:
False 1 p. 314 Page 4
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:43 AM DATE MODIFIED: 9/14/2016 10:43 AM 13. The DMZ can be a dedicated port on the firewall device linking a single bastion host. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 316 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 14. The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure than the general-public networks but more secure than the internal network. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 317 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 9:50 PM 15. An extranet is a segment of the DMZ where no authentication and authorization controls are put into place. a. True b. False ANSWER: False Page 5
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs POINTS: REFERENCES:
1 p. 317 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 9:50 PM 16. Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of configuration rules. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 318 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 17. Syntax errors in firewall policies are usually difficult to identify. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Firewall Technologies H2: Configuring and Managing Firewalls p. 318 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 9:50 PM 18. When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. a. True b. False Page 6
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs ANSWER: POINTS: REFERENCES:
True 1 p. 318 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 19. Good firewall rules include denying all data that is not verifiably authentic. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 319 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 9:51 PM 20. Firewalls can only filter packets by port number. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 319 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 9:32 AM 21. It is important that e-mail traffic reach your e-mail server and only your e-mail server. a. True b. False ANSWER: True POINTS: 1 Page 7
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs REFERENCES:
H1: Firewall Technologies H2: Configuring and Managing Firewalls p. 321 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 22. Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 321 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 9:52 PM 23. A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to internal content from external users. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 324 H1: Firewall Technologies H2: Content Filters QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 9:34 AM 24. A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations. a. True b. False ANSWER: True Page 8
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs POINTS: REFERENCES:
1 p. 324 H1: Firewall Technologies H2: Content Filters QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 25. Internet connections via dial-up lines are regaining popularity due to recent technological developments. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Protecting Remote Connections H2: Remote Access p. 325 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 26. A RADIUS system decentralizes the responsibility for authenticating each user by validating the user's credentials on the network accessserver. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 326 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 9:34 AM 27. Even if Kerberos servers are subjected to denial-of-service attacks, a client can still request additional services. a. True b. False ANSWER: False POINTS: 1 Page 9
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs REFERENCES:
p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 28. A VPN, used properly, allows communication across the Internet as if it were a private network. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) p. 329 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 9:36 AM 29. Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) p. 329 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM Modified True / False 30. Access control is the method by which systems determine whether and how to admit a user into a trusted area of the organization, whether systems or physical locations. _____ ANSWER: True POINTS: 1 REFERENCES: p. 296 Page 10
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs H1: Introduction to Access Controls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:01 AM 31. Authentication is a mechanism whereby unverified entities who seek access to a resource provide a label by which they are known to the system. _____ ANSWER: False - Identification POINTS: 1 REFERENCES: H1: Introduction to Access Controls H2: Access Control Mechanisms p. 298 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.2 - Define authentication and explain the three commonly used authentication factors DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 32. The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Introduction to Access Controls H2: Biometrics p. 302 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.2 - Define authentication and explain the three commonly used authentication factors DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 33. One of the biggest challenges in the use of the trusted computer base (TCB) is the existence of explicit channels. _____ ANSWER: False - covert POINTS: 1 REFERENCES: p. 305 H1: Introduction to Access Controls Page 11
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs H2: Access Control Architecture Models QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 34. In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall. _____ ANSWER: True POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 35. A routing table tracks the state and context of each packet in a conversation by recording which station sent which packet and when. _____ ANSWER: False - state POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:02 AM 36. The primary disadvantage of stateful packet inspection firewalls is the additional processing required to manage and verify packets against the state table. _____ ANSWER: True POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes Page 12
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 37. The static packet filtering firewall can react to an emergent event and update or create rules to deal with that event. _____ ANSWER: False - dynamic POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 38. Port Address Translation assigns non-routing local addresses to computer systems in the local area network and uses ISP-assigned addresses on a one-to-one basis. _____ ANSWER: False - Network POINTS: 1 REFERENCES: p. 314 H1: Firewall Technologies H2: Firewall Architectures QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:03 AM 39. When a bastion host approach is used, the host contains two CPUs, forcing all traffic to go through the device. _____ ANSWER: False - NICs False - Network Interface Cards False - Network-Interface-Cards False - Network Cards False - Network Interfaces POINTS: 1 Page 13
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs REFERENCES:
p. 314 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:04 AM 40. A common DMZ arrangement is a subnet firewall that consists of two or more internal bastion hosts behind a packetfiltering router, with each host protecting the trusted network. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Firewall Technologies H2: Firewall Architectures p. 316 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 41. Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. _____ ANSWER: True POINTS: 1 REFERENCES: p. 319 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:05 AM 42. A(n) intranet is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _____ ANSWER: False - extranet POINTS: 1 REFERENCES: p. 317 Page 14
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs H1: Firewall Technologies H2: Firewall Architectures QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 43. When Web services are offered outside the firewall, SMTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. _____ ANSWER: False - HTTP False - Hypertext Transfer Protocol False - Hypertext Transfer Protocol (HTTP) POINTS: 1 REFERENCES: p. 318 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:05 AM 44. Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. _____ ANSWER: True POINTS: 1 REFERENCES: p. 319 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 45. Best practices in firewall rule set configuration state that the firewall device never allows administrative access directly from the public network. _____ ANSWER: True POINTS: 1 REFERENCES: p. 318 Page 15
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:06 AM 46. Traceroute, formally known as an ICMP Echo request, is used by internal systems administrators to ensure that clients and servers can communicate. _____ ANSWER: False - Pings False - Ping POINTS: 1 REFERENCES: p. 321 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 47. The presence of external requests for Telnet services can indicate a potential attack. _____ ANSWER: True POINTS: 1 REFERENCES: p. 321 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 48. In order to keep the Web server inside the internal network, direct all HTTP requests to the internal filtering firewall and configure the internal filtering router/firewall to allow only that device to access the internal Web server. _____ ANSWER: False - proxy server False - proxy POINTS: 1 REFERENCES: p. 322 H1: Firewall Technologies Page 16
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs H2: Configuring and Managing Firewalls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 49. A content filter, also known as a proxy server, is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations.. _____ ANSWER: False - reverse firewall POINTS: 1 REFERENCES: p. 324 H1: Firewall Technologies H2: Content Filters QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:07 AM 50. An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to locate the connection points. _____ ANSWER: True POINTS: 1 REFERENCES: p. 326 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 51. Kerberos uses asymmetric key encryption to validate an individual user to various network resources. _____ ANSWER: False - symmetric POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 17
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 52. RADIUS, as described in RFC 4120, keeps a database containing the private keys of clients and servers—in the case of a client, this key is simply the client’s encrypted password. _____ ANSWER: False - Kerberos POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:08 AM 53. Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) p. 329 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 54. A popular use for tunnel mode VPNs is the end-to-end transport of encrypted data. _____ ANSWER: False - transport POINTS: 1 REFERENCES: p. 329 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM Page 18
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs DATE MODIFIED:
6/24/2021 10:08 AM
Multiple Choice 55. _____ access control is a form of _____ access control in which users are assigned a matrix of authorizations for particular areas of access. a. task-based, discretionary b. role-based, nondiscretionary c. mandatory, discretionary d. lattice-based, nondiscretionary ANSWER: d POINTS: 1 REFERENCES: p. 296 H1: Introduction to Access Controls QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:10 AM 56. Which of the following is not a major processing mode category for firewalls? a. Packet-filtering b. Application Layer Proxy c. Media Access Control Layer d. Router Passthrough ANSWER: POINTS: REFERENCES:
d 1 p. 309 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/15/2021 5:38 PM 57. _____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. a. Packet-filtering b. Application gateway c. Circuit gateway d. MAC layer ANSWER: a POINTS: 1 REFERENCES: p. 309 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice Page 19
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 58. The restrictions most commonly implemented in packet-filtering firewalls are based on _____. a. IP source and destination address b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests d. All of these answers are correct ANSWER: d POINTS: 1 REFERENCES: p. 309 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:10 AM 59. _____ filtering requires that the firewall's filtering rules for allowing and denying packets are manually developed and installed with the firewall. a. Dynamic b. Static c. Stateful d. Stateless ANSWER: b POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:11 AM 60. A _____ filtering firewall can react to an emergent event and update or create rules to deal with the event. a. dynamic b. static c. stateful d. stateless ANSWER: a POINTS: 1 Page 20
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs REFERENCES:
p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 61. _____ inspection firewalls keep track of each network connection between internal and external systems. a. Static b. Dynamic c. Stateful d. Stateless ANSWER: c POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 62. The application layer proxy firewall is also known as a(n) _____. a. application firewall b. client firewall c. proxy firewall d. All of these are correct ANSWER: a POINTS: 1 REFERENCES: p. 312 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:12 AM 63. The proxy server is often placed in an unsecured area of the network or is placed in the _____ zone. a. fully trusted b. hot c. demilitarized d. cold ANSWER: c Page 21
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs POINTS: REFERENCES:
1 p. 312 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 64. The _____ is an intermediate area between a trusted network and an untrusted network. a. perimeter b. DMZ c. domain d. firewall ANSWER: b POINTS: 1 REFERENCES: p. 312 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 65. __________ make filtering decisions based on the specific host computer’s identity, as represented by its network interface card (NIC) address, and operate at the data link layer of the OSI model or the subnet layer of the TCP/IP model. a. Media Access Control Layer b. Circuit gateway c. Application gateway d. Packet-filtering ANSWER: a POINTS: 1 REFERENCES: p. 312 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:12 AM 66. Because the _____ host stands as a sole defender on the network perimeter, it is commonly referred to as the sacrificial host. a. trusted b. domain Page 22
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs c. DMZ d. bastion ANSWER: POINTS: REFERENCES:
d 1 p. 314 H1: Firewall Technologies H2: Firewall Architectures QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:13 AM 67. The dominant architecture used to secure network access today is the _____ firewall. a. static b. bastion c. unlimited d. screened subnet ANSWER: d POINTS: 1 REFERENCES: p. 316 H1: Firewall Technologies H2: Firewall Architectures QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 68. Configuring firewall _____ is viewed as much an art as it is a science. a. policies b. subnets c. VPNs d. protocols ANSWER: a POINTS: 1 REFERENCES: p. 318 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:15 AM 69. Telnet protocol packets usually go to TCP port _____, whereas SMTP packets go to port _____. a. 23, 52 b. 80, 52 Page 23
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs c. 80, 25 d. 23, 25 ANSWER: POINTS: REFERENCES:
d 1 p. 319 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 70. Known as the ping service, _____is a common method for hacker reconnaissance and should be turned off to prevent snooping. a. RADIUS b. ICMP c. telnet d. DNS ANSWER: b POINTS: 1 REFERENCES: p. 318 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:16 AM 71. In most common implementation models, the content filter has two components: _____. a. allow and deny b. filtering and encoding c. rating and decryption d. rating and filtering ANSWER: d POINTS: 1 REFERENCES: p. 324 H1: Firewall Technologies H2: Content Filters QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:17 AM 72. _____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection. a. RADIUS b. RADIAL Page 24
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs c. TUNMAN ANSWER: POINTS: REFERENCES:
d. IPSEC a 1 p. 326 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 73. Which of the following versions of TACACS is still in use? a. TACACS v2 b. Extended TACACS c. TACACS+ d. All of these are correct ANSWER: c POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:17 AM 74. The service within Kerberos that generates and issues session keys is known as _____. a. VPN b. KDC c. AS d. TGS ANSWER: b POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 75. Kerberos _____ provides tickets to clients who request services. a. KDS b. TGS c. AS d. VPN ANSWER: b Page 25
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs POINTS: REFERENCES:
1 p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 76. In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) _____. a. VPN b. ECMA c. ticket d. PAC ANSWER: d POINTS: 1 REFERENCES: p. 328 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 77. A(n) _____ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. a. SVPN b. VPN c. SESAME d. KERBES ANSWER: b POINTS: 1 REFERENCES: p. 329 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 78. In _____ mode, the data within an IP packet is encrypted, but the header information is not. a. tunnel b. transport c. public d. symmetric ANSWER: b Page 26
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs POINTS: REFERENCES:
1 p. 329 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:57 PM 79. The primary benefit of a VPN that uses _____ is that an intercepted packet reveals nothing about the true destination system. a. intermediate mode b. tunnel mode c. reversion mode d. transport mode ANSWER: b POINTS: 1 REFERENCES: p. 329 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM Completion 80. A(n) _____ contains a computer chip that can verify and validate several pieces of information instead of just a PIN. ANSWER: smart card POINTS: 1 REFERENCES: p. 300 H1: Introduction to Access Controls H2: Access Control Mechanisms QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 81. The _____ describes the number of legitimate users who are denied access because of a failure in the biometric device. This failure is known as a Type I error. ANSWER: false reject rate POINTS: 1 Page 27
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs REFERENCES:
p. 302 H1: Introduction to Access Controls H2: Biometrics QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.2 - Define authentication and explain the three commonly used authentication factors DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 8:15 PM 82. A(n) _____ is a combination of hardware and software that filters or prevents specific information from moving between the outside world and the inside world. ANSWER: firewall POINTS: 1 REFERENCES: p. 308 H1: Firewall Technologies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 83. A packet-_____ firewall installed on a TCP/IP-based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall. ANSWER: filtering POINTS: 1 REFERENCES: p. 309 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 84. _____ is a firewall type that keeps track of each network connection between internal and external systems using a table and that expedites the processing of those communications. ANSWER: Stateful packet inspection (SPI) Stateful packet inspection Page 28
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs SPI Stateful inspection firewall POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 85. The _____ packet-filtering firewall can react to an emergent event and update or create rules to deal with that event. ANSWER: dynamic POINTS: 1 REFERENCES: p. 311 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 86. The application firewall is also known as a(n) application layer _____ server. ANSWER: proxy POINTS: 1 REFERENCES: p. 312 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:19 AM 87. _____ firewalls combine the elements of other types of firewalls—that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways. ANSWER: Hybrid Page 29
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs POINTS: REFERENCES:
1 p. 312 H1: Firewall Technologies H2: Firewall Processing Modes QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 88. Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as a(n) _____ host. ANSWER: sacrificial POINTS: 1 REFERENCES: p. 314 H1: Firewall Technologies H2: Firewall Architectures QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:20 AM 89. The architecture of a(n) _____ firewall protects a DMZ. ANSWER: screened subnet POINTS: 1 REFERENCES: p. 316 H1: Firewall Technologies H2: Firewall Architectures QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/15/2021 5:39 PM 90. Both _____ and Next Generation Firewalls (NGFW) are hybrid firewalls categorized by their ability to perform the work of an SPI firewall, network IDPS, content filter, spam filter, and malware scanner and filter. ANSWER: UTM Unified Threat Management Page 30
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs Unified Threat Management (UTM) POINTS: 1 REFERENCES: H1: Firewall Technologies H2: Firewall Processing Modes p. 313 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:21 AM 91. At the very least, _____ access to the organization’s Domain Name System (DNS) server should be blocked to prevent illegal zone transfers and to prevent attackers from taking down the organization’s entire network. ANSWER: telnet terminal emulation terminal remote desktop POINTS: 1 REFERENCES: H1: Firewall Technologies H2: Configuring and Managing Firewalls p. 318 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:22 AM 92. A firewall device must never be accessible directly from the _____ network. ANSWER: public untrusted unprotected POINTS: 1 REFERENCES: p. 319 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:23 AM Page 31
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs 93. A(n) _____ filter is a software filter—technically not a firewall—that allows administrators to restrict access to content from within a network. ANSWER: content POINTS: 1 REFERENCES: p. 324 H1: Firewall Technologies H2: Content Filters QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 94. Content filters are often called _____ firewalls. ANSWER: reverse POINTS: 1 REFERENCES: p. 324 H1: Firewall Technologies H2: Content Filters QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 95. A(n) _____ dialer is an automatic phone-dialing program that dials every number in a configured range and checks to see if a person, answering machine, or modem picks up. ANSWER: war POINTS: 1 REFERENCES: p. 326 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 96. The Remote _____ Dial-In User Service system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server. ANSWER: Authentication POINTS: 1 Page 32
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs REFERENCES:
p. 326 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 97. The _____ Access Controller Access Control System contains a centralized database, and it validates the user’s credentials at the TACACS server. ANSWER: Terminal POINTS: 1 REFERENCES: p. 326 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 98. The _____ authentication system is named after the three-headed dog of Greek mythology that guards the gates to the underworld. ANSWER: Kerberos POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 99. In Kerberos, a(n) _____ is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services. ANSWER: ticket POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections Page 33
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs H2: Remote Access QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 100. Kerberos is based on the principle that the _____ knows the secret keys of all clients and servers on the network. ANSWER: Key Distribution Center (KDC) Key Distribution Center KDC POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 101. SESAME uses _____ key encryption to distribute secret keys. ANSWER: public POINTS: 1 REFERENCES: p. 328 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 102. A(n) _____ private network is a secure network connection between systems that uses the data communication capability of an unsecured and public network. ANSWER: virtual POINTS: 1 REFERENCES: p. 329 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Completion Page 34
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 5/27/2021 3:58 PM 103. A trusted _____ uses leased circuits from a service provider who gives contractual assurance that no one else is allowed to use these circuits and that they are properly maintained and protected. ANSWER: VPN POINTS: 1 REFERENCES: p. 329 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:24 AM 104. A _____ mode VPN establishes two perimeter servers to encrypt all traffic that will traverse an unsecured network. The entire client packet is encrypted and added as the data portion of a packet addressed from one perimeter server to another. ANSWER: tunnel POINTS: 1 REFERENCES: p. 330 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 10:25 AM Essay 105. Briefly describe the best practice rules for firewall use. ANSWER: 1. All traffic from the trusted network is allowed out. 2. The firewall device is never directly accessible from the public network for configuration or management purposes. 3. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall, but it should all be routed to a well-configured SMTP gateway to filter and route messaging traffic securely. 4. All Internet Control Message Protocol (ICMP) data should be denied. 5. Telnet (terminal emulation) access to all internal servers from the public networks Page 35
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs should be blocked. 6. When Web services are offered outside the firewall, HTTP traffic should be denied from reaching your internal networks through the use of some form of proxy access or DMZ architecture. 7. All data that is not verifiably authentic should be denied. POINTS: 1 REFERENCES: p. 318 H1: Firewall Technologies H2: Configuring and Managing Firewalls QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.4 - Explain the various approaches to firewall implementation DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 10:15 PM 106. List and describe the interacting services of the Kerberos system. ANSWER: Kerberos consists of three interacting services, all of which use a database library: 1. Authentication server (AS), which is a Kerberos server that authenticates clients and servers. 2. Key Distribution Center (KDC), which generates and issues session keys. 3. Kerberos ticket granting service (TGS), which provides tickets to clients who request services. In Kerberos a ticket is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services. The ticket consists of the client’s name and network address, a ticket validation starting and ending time, and the session key, all encrypted in the private key of the server from which the client is requesting services. POINTS: 1 REFERENCES: p. 327 H1: Protecting Remote Connections H2: Remote Access QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.5 - Locate the surfaces of each tooth. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 1/30/2017 2:50 PM 107. What must a VPN accomplish to offer a secure and reliable capability while relying on public networks? ANSWER: - Encapsulation of incoming and outgoing data, wherein the native protocol of the client is embedded within the frames of a protocol that can be routed over the public network as well as be usable by the server network environment. - Encryption of incoming and outgoing data to keep the data contents private while in transit over the public network but usable by the client and server computers and/or the local networks on both ends of the VPN connection. - Authentication of the remote computer and, perhaps, the remote user as well. Page 36
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs Authentication and the subsequent authorization of the user to perform specific actions are predicated on accurate and reliable identification of the remote system and/or user. POINTS: 1 REFERENCES: p. 329 H1: Protecting Remote Connections H2: Virtual Private Networks (VPNs) QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.08.6 - Identify line angles, point angles, and divisions into thirds. DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 10:16 PM Subjective Short Answer 108. What is the typical relationship among the untrusted network, the firewall, and the trusted network? ANSWER: The untrusted network is usually the Internet or another segment of a public access network, while the trusted network is typically a privately owned network. The firewall serves as a mechanism to filter traffic from the untrusted network into the trusted network and foster assurance that the traffic is legitimate. POINTS: 1 REFERENCES: p. 308 H1: Firewall Technologies QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.3 - Describe firewall technologies and the various categories of firewalls DATE CREATED: 5/27/2021 8:37 PM DATE MODIFIED: 5/27/2021 8:38 PM 109. What is biometric access control? What are the four truly unique human characteristics used in biometrics? ANSWER: Biometric access control is the use of physiological characteristics to provide authentication for a provided identification.
POINTS: REFERENCES:
The human characteristics usually considered truly unique for use in biometrics are: • Fingerprints • Retina of the eye (blood vessel pattern) • Iris of the eye (random pattern of features found in the iris, including freckles, pits, striations, vasculature, coronas, and crypts) • DNA 1 p. 301 H1: Introduction to Access Controls H2: Biometrics Page 37
Name:
Class:
Date:
Module 8 Security Technology: Access Controls, Firewalls, and VPNs QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.2 - Define authentication and explain the three commonly used authentication factors DATE CREATED: 5/27/2021 8:41 PM DATE MODIFIED: 5/27/2021 8:43 PM 110. What is deperimeterization? ANSWER: Deperimeterization is the recognition that there is no clear information security boundary between an organization and the outside world, meaning that the organization must be prepared to protect its information both inside and outside its digital walls. POINTS: 1 REFERENCES: p. 331 H1: Final Thoughts On Remote Access And Access Controls H2: Deperimeterization QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.08.1 - Discuss the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems DATE CREATED: 5/27/2021 8:45 PM DATE MODIFIED: 5/27/2021 8:47 PM
Page 38
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools True / False 1. Intrusion detection consists of procedures and systems that identify system intrusions and take steps to limit the intrusion and return operations to a normal state when an intrusion is detected. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction To Intrusion Detection And Prevention Systems p. 339 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:30 PM 2. An IDPS can be configured to call a phone number or perform another type of signal or message. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 339 H1: Introduction To Intrusion Detection And Prevention Systems QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:31 PM 3. A false positive is the failure of an IDPS system to react to an actual attack event. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology p. 340 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM Page 1
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE MODIFIED:
9/14/2016 10:44 AM
4. The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 5. In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers’ answers to routine DNS queries from other systems on the network. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 345 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 10:25 PM 6. NIDPSs can reliably ascertain whether an attack was successful. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 345 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of Page 2
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE CREATED: DATE MODIFIED:
intrusion detection and prevention systems 9/14/2016 10:44 AM 3/8/2017 10:25 PM
7. HIDPSs are also known as system integrity verifiers. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 8. An HIDPS can monitor system logs for predefined events. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 10:25 PM 9. An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False Page 3
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 10:26 PM 10. An HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 10:26 PM 11. The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Detection Methods p. 350 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 12. IDPS responses can be classified as active or passive. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 354 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Response Behavior QUESTION TYPE: True / False Page 4
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 13. A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 354 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Response Behavior QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 14. The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 355 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Response Behavior QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 15. In order to determine which IDPS best meets an organization’s needs to consider the system environment, security goals and objectives and the existing security policy. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 358 H1: Introduction To Intrusion Detection And Prevention Systems Page 5
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools H2: Selecting IDPS Approaches and Products QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:32 PM 16. Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction To Intrusion Detection And Prevention Systems H2: Selecting IDPS Approaches and Products p. 357 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 17. Among the considerations in evaluating an IDPS are the product's scalability, testing, support provisions, and ability to provide information on the source of attacks. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 359 H1: Introduction To Intrusion Detection And Prevention Systems H2: Selecting IDPS Approaches and Products QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:32 PM 18. Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors. a. True b. False ANSWER: True Page 6
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools POINTS: REFERENCES:
1 p. 360 H1: Introduction To Intrusion Detection And Prevention Systems H2: Strengths and Limitations of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 19. Intrusion detection and prevention systems can deal effectively with newly published attacks or variants of existing attacks. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 360 H1: Introduction To Intrusion Detection And Prevention Systems H2: Strengths and Limitations of IDPSs QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:32 PM 20. A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 362 H1: Introduction To Intrusion Detection And Prevention Systems H2: Deployment and Implementation of an IDPS QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 2/6/2017 9:26 PM 21. Security tools that provide decoy systems designed to lure potential attackers away from critical systems include honeypots, honeynets, and padded cell systems. Page 7
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools a. True b. False ANSWER: POINTS: REFERENCES:
True 1 H1: Honeypots, Honeynets, And Padded Cell Systems p. 367 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:33 PM 22. An IDS helps to secure networks by identifying where the network needs securing. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Scanning And Analysis Tools p. 370 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:36 PM 23. To assist in footprint intelligence collection, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 371 H1: Scanning And Analysis Tools QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 3/8/2017 10:28 PM 24. TCP/IP services can run only on their commonly used port number as specified in their original Internet standard. a. True Page 8
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools b. False ANSWER: POINTS: REFERENCES:
False 1 H1: Scanning And Analysis Tools H2: Port Scanners p. 372 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:37 PM 25. Administrators should encourage users to experiment with hackerware tools as they assist the organization in detecting potential vulnerabilities in the systems. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 373 H1: Scanning And Analysis Tools H2: Firewall Analysis Tools QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:38 PM 26. Once the OS is known, the vulnerabilities to which a system is susceptible can more easily be determined. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 373 H1: Scanning And Analysis Tools H2: Operating System Detection Tools QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:38 PM 27. The Metasploit Framework is a collection of exploits coupled with an interface that allows the penetration tester to Page 9
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools automate the custom exploitation of vulnerable systems. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 375 H1: Scanning And Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 9/14/2016 10:44 AM 28. A passive vulnerability scanner is one that initiates traffic on the network in order to determine security holes. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 376 H1: Scanning And Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 1/30/2017 6:33 PM 29. Passive scanners are advantageous in that they can find client-side vulnerabilities that are typically not found by active scanners. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 376 H1: Scanning And Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM Page 10
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE MODIFIED:
6/24/2021 4:40 PM
30. To use a packet sniffer legally, the administrator only needs to be on a network that the organization owns, and have authorization of the network’s owners. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 378 H1: Scanning And Analysis Tools H2: Packet Sniffer QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:40 PM Modified True / False 31. Alarm filtering and compaction is the process of grouping almost identical alarms that occur nearly at the same time into a single higher-level alarm. _____ ANSWER: False - clustering POINTS: 1 REFERENCES: p. 339 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:41 PM 32. A(n) event is an indication that a system has just been attacked or is under attack. _____ ANSWER: False - alert False - alarm POINTS: 1 REFERENCES: p. 339 vH1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 11
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/3/2021 6:44 PM 33. Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called noise. _____ ANSWER: True POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/3/2021 6:44 PM 34. Avoidance is the process by which an attacker changes the format and/or timing of activities to avoid being detected by an IDPS. _____ ANSWER: False - evasion POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:42 PM 35. The integrity value, which is based upon fuzzy logic, helps an administrator determine how likely it is that an IDPS alert or alarm indicates an actual attack in progress. _____ ANSWER: False - confidence POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 12
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/3/2021 6:44 PM 36. A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _____ ANSWER: True POINTS: 1 REFERENCES: p. 341 H1: Introduction To Intrusion Detection And Prevention Systems H2: Why Use an IDPS? QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/3/2021 6:44 PM 37. The activities that gather public information about the organization and its network activities and assets is called fingerprinting. _____ ANSWER: False - footprinting POINTS: 1 REFERENCES: p. 341 H1: Introduction To Intrusion Detection And Prevention Systems H2: Why Use an IDPS? QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/3/2021 6:44 PM 38. In the process of protocol application verification, the NIDPSs look for invalid data packets. _____ ANSWER: False - stack POINTS: 1 REFERENCES: p. 344 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of Page 13
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE CREATED: DATE MODIFIED:
intrusion detection and prevention systems 9/14/2016 10:44 AM 6/3/2021 6:44 PM
39. A HIDPS is also known as a system validity verifier. _____ ANSWER: False - integrity POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:44 AM DATE MODIFIED: 6/24/2021 4:43 PM 40. A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _____ ANSWER: False - HIDPS POINTS: 1 REFERENCES: p. 349 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 41. Preconfigured, predetermined attack patterns are called signatures. _____ ANSWER: True POINTS: 1 REFERENCES: p. 350 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Detection Methods QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM Page 14
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE MODIFIED:
6/3/2021 6:44 PM
42. A(n) log file monitor is similar to an NIDPS. _____ ANSWER: True POINTS: 1 REFERENCES: p. 351 H1: Introduction To Intrusion Detection And Prevention Systems H2: Log File Monitors QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 43. The centralized IDPS implementation approach occurs when all detection functions are managed in a central location. _____ ANSWER: False - control POINTS: 1 REFERENCES: p. 361 H1: Introduction To Intrusion Detection And Prevention Systems H2: Deployment and Implementation of an IDPS QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:45 PM 44. A(n) partially distributed IDPS control strategy combines the best of other IDPS strategies. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Introduction To Intrusion Detection And Prevention Systems H2: Deployment and Implementation of an IDPS p. 362 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 45. When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _____ ANSWER: True Page 15
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools POINTS: REFERENCES:
1 p. 367 H1: Honeypots, Honeynets, And Padded Cell Systems QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 46. A hardened honeypot is also known as a protected cell system. _____ ANSWER: False - padded POINTS: 1 REFERENCES: p. 367 H1: Honeypots, Honeynets, And Padded Cell Systems QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:46 PM 47. The disadvantages of using the honeypot or padded cell approach include the fact that the technical implications of using such devices are not well understood. _____ ANSWER: False - legal POINTS: 1 REFERENCES: p. 368 H1: Honeypots, Honeynets, And Padded Cell Systems H2: Trap-and-Trace Systems QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 48. When using trap-and-trace, the trap usually consists of a honeypot or padded cell and a(n) packet sniffer. _____ ANSWER: False - alarm False - alert POINTS: 1 REFERENCES: p. 368 H1: Honeypots, Honeynets, And Padded Cell Systems Page 16
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools H2: Trap-and-Trace Systems QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:48 PM 49. Enticement is the illegal and unethical action of luring an individual into committing a crime to get a conviction. _____ ANSWER: False - Entrapment POINTS: 1 REFERENCES: p. 368 H1: Honeypots, Honeynets, And Padded Cell Systems H2: Trap-and-Trace Systems QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:49 PM 50. Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _____ ANSWER: False - Footprinting POINTS: 1 REFERENCES: p. 370 H1: Scanning And Analysis Tools QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 51. For Linux or BSD systems, a tool called “Sam Spade” allows a remote individual to “mirror” entire Web sites. _____ ANSWER: False - wget POINTS: 1 REFERENCES: p. 371 H1: Scanning And Analysis Tools QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 17
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:49 PM 52. Port scanners are tools used both by attackers and defenders to identify (or footprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. _____ ANSWER: False - fingerprint POINTS: 1 REFERENCES: p. 372 H1: Scanning And Analysis Tools H2: Port Scanners QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:50 PM 53. A(n) port is the equivalent of a network channel or connection point in a data communications system. _____ ANSWER: True POINTS: 1 REFERENCES: p. 372 H1: Scanning And Analysis Tools H2: Port Scanners QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 54. A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. _____ ANSWER: False - passive POINTS: 1 REFERENCES: p. 376 H1: Scanning And Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 18
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 55. For 802.11 wireless networks, a wireless security toolkit should include the ability to sniff wireless traffic, and scan wireless hosts. _____ ANSWER: True POINTS: 1 REFERENCES: H1: Scanning And Analysis Tools H2: Wireless Security Tools p. 379 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:52 PM Multiple Choice 56. A(n) _____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. a. IDPS b. WiFi c. UDP d. DoS ANSWER: a POINTS: 1 REFERENCES: p. 339 H1: Introduction To Intrusion Detection And Prevention Systems QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 57. Intrusion _____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. a. prevention b. reaction c. detection d. correction ANSWER: d POINTS: 1 REFERENCES: p. 339 Page 19
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools H1: Introduction To Intrusion Detection And Prevention Systems QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 58. A(n) _____ is an event that triggers an alarm when no actual attack is in progress. a. false neutral b. false attack stimulus c. false negative d. noise ANSWER: b POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 59. _____ is the process of classifying IDPS alerts so that they can be more effectively managed. a. Alarm filtering b. Alarm clustering c. Alarm compaction d. Alarm attenuation ANSWER: a POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 60. Activities that scan networks for active systems and then identify the network services offered by the host systems are known as _____. a. port knocking b. doorknob rattling c. footprinting d. fingerprinting ANSWER: d POINTS: 1 Page 20
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools REFERENCES:
p. 341 H1: Introduction To Intrusion Detection And Prevention Systems H2: Why Use an IDPS? QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:53 PM 61. A(n) _____ IDPS is focused on protecting network information assets. a. network-based b. host-based c. application-based d. server-based ANSWER: a POINTS: 1 REFERENCES: p. 343 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 62. _____ are usually passive devices, but cannot analyze encrypted packets, making some traffic invisible to the process. a. NIDPSs b. HIDPSs c. AppIDPSs d. SIDPSs ANSWER: a POINTS: 1 REFERENCES: p. 343 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:54 PM 63. A(n) _____ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. a. NIDPS b. SPAN c. DPS d. IDSE ANSWER: b Page 21
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools POINTS: REFERENCES:
1 p. 344 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 64. To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known _____ in their knowledge base. a. vulnerabilities b. fingerprints c. signatures d. footprints ANSWER: c POINTS: 1 REFERENCES: p. 344 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 65. Most network behavior analysis system sensors can be deployed in _____ mode only, using the same connection methods as network-based IDPSs. a. passive b. active c. reactive d. dynamic ANSWER: a POINTS: 1 REFERENCES: p. 347 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 66. Network behavior analysis system _____ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit Page 22
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools incoming attacks that could overwhelm the firewall. a. inline b. offline c. passive d. bypass ANSWER: a POINTS: 1 REFERENCES: p. 347 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 67. _____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files. a. NIDPSs b. HIDPSs c. AppIDPSs d. SIDPSs ANSWER: b POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Log File Monitors QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 68. A(n) _____ reviews the log files generated by servers, network devices, and even other IDPSs looking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred. a. LFM b. stat IDPS c. AppIDPS d. HIDPS ANSWER: a POINTS: 1 REFERENCES: p. 351 H1: Introduction To Intrusion Detection And Prevention Systems H2: Log File Monitors QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM Page 23
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE MODIFIED:
6/24/2021 4:55 PM
69. Which of the following is NOT a described IDPS control strategy? a. centralized b. fully distributed c. partially distributed d. decentralized ANSWER: d POINTS: 1 REFERENCES: p. 361 H1: Introduction To Intrusion Detection And Prevention Systems H2: Deployment and Implementation of an IDPS QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 4:58 PM 70. _____ are decoy systems designed to lure potential attackers away from critical systems. a. Honeypots b. Bastion hosts c. Wasp nests d. Designated targets ANSWER: a POINTS: 1 REFERENCES: p. 367 H1: Honeypots, Honeynets, And Padded Cell Systems QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 71. _____ applications use a combination of techniques to detect an intrusion and then follow it back to its source. a. Honeynet b. Trap-and-trace c. HIDPS d. Packet sniffer ANSWER: b POINTS: 1 REFERENCES: p. 368 H1: Honeypots, Honeynets, And Padded Cell Systems H2: Trap-and-Trace Systems QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM Page 24
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE MODIFIED:
6/24/2021 4:58 PM
72. _____ is the action of luring an individual into committing a crime to get a conviction. a. Entrapment b. Enticement c. Intrusion d. Padding ANSWER: a POINTS: 1 REFERENCES: p. 369 H1: Honeypots, Honeynets, And Padded Cell Systems H2: Trap-and-Trace Systems QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 73. In TCP/IP networking, port _____ is not used. a. 0 b. 1 c. 13 d. 1023 ANSWER: a POINTS: 1 REFERENCES: p. 372 H1: Scanning and Analysis Tools H2: Port Scanners QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 74. Which of the following ports is commonly used for the HTTP protocol? a. 20 b. 25 c. 53 d. 80 ANSWER: d POINTS: 1 REFERENCES: p. 372 H1: Scanning and Analysis Tools H2: Port Scanners QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category Page 25
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE CREATED: DATE MODIFIED:
9/14/2016 10:45 AM 9/14/2016 10:45 AM
75. The ability to detect a target computer’s _____ is very valuable to an attacker. a. manufacturer b. operating system c. peripherals d. BIOS ANSWER: b POINTS: 1 REFERENCES: p. 373 H1: Scanning and Analysis Tools H2: Operating System Detection Tools QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 76. _____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. a. Buzz b. Fuzz c. Spike d. Black ANSWER: b POINTS: 1 REFERENCES: p. 374 H1: Scanning and Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 77. Some vulnerability scanners feature a class of attacks called _____, that are so dangerous they should only be used in a lab environment. a. aggressive b. divisive c. destructive d. disruptive ANSWER: c POINTS: 1 REFERENCES: p. 375 H1: Scanning and Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: Multiple Choice HAS VARIABLES: False Page 26
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:43 PM 78. A _____ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. a. passive b. aggressive c. active d. secret ANSWER: a POINTS: 1 REFERENCES: p. 376 H1: Scanning and Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 79. A(n) _____ is a software program or hardware appliance that can intercept, copy, and interpret network traffic. a. port scanner b. packet sniffer c. honeypot d. honey packet ANSWER: b POINTS: 1 REFERENCES: p. 377 H1: Scanning and Analysis Tools H2: Packet Sniffer QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:00 PM 80. To use a packet sniffer legally, the administrator must _____. a. be on a network that the organization owns b. be under direct authorization of the network’s owners c. have knowledge and consent of the content’s d. All of these are correct creators ANSWER: d POINTS: 1 REFERENCES: p. 378 H1: Scanning and Analysis Tools Page 27
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools H2: Packet Sniffer QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:01 PM Completion 81. A(n) _____ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm. ANSWER: intrusion POINTS: 1 REFERENCES: p. 338 H1: Introduction To Intrusion Detection And Prevention Systems QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 82. Alarm _____ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm. ANSWER: clustering POINTS: 1 REFERENCES: p. 339 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 83. The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called _____. ANSWER: noise POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems Page 28
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools H2: IDPS Terminology QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 84. Site _____ awareness is an IDPS’s ability to dynamically modify its configuration in response to environmental activity. ANSWER: policy POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Terminology QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:02 PM 85. IDPSs can also help administrators detect the preambles to attacks; this is known as attack _____. ANSWER: reconnaissance POINTS: 1 REFERENCES: p. 341 H1: Introduction To Intrusion Detection And Prevention Systems H2: Why Use an IDPS? QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:03 PM 86. The _____ port is also known as a switched port analysis (SPAN) port or mirror port. ANSWER: monitoring POINTS: 1 REFERENCES: p. 344 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Completion Page 29
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 87. In _____ protocol verification, the higher-order protocols are examined for unexpected packet behavior or improper use. ANSWER: application POINTS: 1 REFERENCES: p. 344 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 88. HIDPSs are also known as system _____ verifiers. ANSWER: integrity POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 89. A(n) _____-based IDPS resides on a particular computer or server and monitors activity only on that system. ANSWER: host POINTS: 1 REFERENCES: p. 348 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 30
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 90. Three methods dominate IDPS detection methods: the _____-based approach,(sometimes called knowledge-based detection or misuse detection), the statistical anomaly-based approach, and the stateful packet inspection approach. ANSWER: signature POINTS: 1 REFERENCES: p. 350 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Detection Methods QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:09 PM 91. A signature-based IDPS is sometimes called a(n) _____-based IDPS or misuse detection. ANSWER: knowledge POINTS: 1 REFERENCES: p. 350 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Detection Methods QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:09 PM 92. When the measured activity is outside the baseline parameters, it is said to exceed the _____ level. ANSWER: clipping POINTS: 1 REFERENCES: p. 350 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Detection Methods QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems Page 31
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE CREATED: DATE MODIFIED:
9/14/2016 10:45 AM 6/3/2021 6:44 PM
93. The IDPS __________ includes the management software, which collects information from the remote sensors, analyzes the systems or networks, and determines whether the current situation has deviated from the preconfigured baseline. ANSWER: console POINTS: 1 REFERENCES: p. 361 H1: Introduction To Intrusion Detection And Prevention Systems H2: Deployment and Implementation of an IDPS QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:10 PM 94. A(n) _____ system contains pseudo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks, in order to lure potential attackers away from critical systems. ANSWER: honeypot POINTS: 1 REFERENCES: p. 367 H1: Honeypots, Honeynets, And Padded Cell Systems QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:11 PM 95. When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) _____. ANSWER: honeynet POINTS: 1 REFERENCES: p. 367 H1: Honeypots, Honeynets, And Padded Cell Systems QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM Page 32
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools 96. A(n) _____ is a honeypot that has been protected so that it cannot be easily compromised. ANSWER: padded cell POINTS: 1 REFERENCES: p. 367 H1: Honeypots, Honeynets, And Padded Cell Systems QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 97. __________ are applications that record information about outbound communications and are similar to trap-and-trace systems. ANSWER: Pen registers POINTS: 1 REFERENCES: p. 369 H1: Honeypots, Honeynets, And Padded Cell Systems H2: Trap-and-Trace Systems QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:11 PM 98. _____ is the process of attracting attention to a system by placing tantalizing bits of information in key locations. ANSWER: Enticement POINTS: 1 REFERENCES: p. 369 H1: Honeypots, Honeynets, And Padded Cell Systems H2: Trap-and-Trace Systems QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.3 - Define and describe honeypots, honeynets, and padded cell systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 99. The _____ is a series of steps or processes used by an attacker, in a logical sequence, to launch an attack against a target system or network. Page 33
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools ANSWER: POINTS: REFERENCES:
attack protocol 1 p. 370 H1: Scanning and Analysis Tools QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:12 PM 100. _____ is a systematic survey of all of the target organization’s Internet addresses to identify the network services offered by the hosts in that range.. ANSWER: Fingerprinting POINTS: 1 REFERENCES: p. 371 H1: Scanning and Analysis Tools QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/24/2021 5:13 PM 101. _____ scanning will allow an Nmap user to bounce a scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan. ANSWER: Idle POINTS: 1 REFERENCES: p. 373 H1: Scanning and Analysis Tools H2: Firewall Analysis Tools QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 102. A(n) _____ vulnerability scanner is one that initiates traffic on the network in order to determine security holes. ANSWER: active POINTS: 1 Page 34
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools REFERENCES:
p. 374 H1: Scanning and Analysis Tools H2: Vulnerability Scanners QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 103. A(n) _____ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. ANSWER: passive POINTS: 1 REFERENCES: H1: Scanning and Analysis Tools H2: Vulnerability Scanners p. 376 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/6/2021 3:43 PM 104. A packet _____ is a software program or hardware appliance that can intercept, copy, and interpret network traffic. ANSWER: sniffer POINTS: 1 REFERENCES: p. 377 H1: Scanning and Analysis Tools H2: Packet Sniffers QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM 105. To secure data in transit across any network, organizations must use _____ to be assured of content privacy. ANSWER: encryption POINTS: 1 REFERENCES: p. 378 H1: Scanning and Analysis Tools Page 35
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools H2: Packet Sniffers QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/3/2021 6:44 PM Essay 106. List and describe at least four reasons to acquire and use an IDPS. ANSWER: 1. To prevent problem behaviors by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system 2. To detect attacks and other security violations that are not prevented by other security measures 3. To detect and deal with the preambles to attacks (commonly experienced as network probes and other "doorknob rattling" activities) 4. To document the existing threat to an organization 5. To act as quality control for security design and administration, especially of large and complex enterprises 6. To provide useful information about intrusions that do take place, allowing improved diagnosis, recovery, and correction of causative factors POINTS: 1 REFERENCES: p. 340 H1: Introduction To Intrusion Detection And Prevention Systems H2: Why Use an IDPS? QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 3/8/2017 10:46 PM 107. List and describe the three advantages of NIDPSs. ANSWER: 1. Good network design and placement of NIDPS devices can enable an organization to use a few devices to monitor a large network. 2. NIDPSs are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. 3. NIDPSs are not usually susceptible to direct attack and may not be detectable by attackers. POINTS: 1 REFERENCES: p. 345 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Essay Page 36
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 3/8/2017 10:46 PM 108. List and describe the four advantages of HIDPSs. ANSWER: 1. An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDS. 2. An HIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. 3. The use of switched network protocols does not affect an HIDPS. 4. An HIDPS can detect inconsistencies in how applications and systems programs were used by examining the records stored in audit logs. This can enable it to detect some types of attacks, including Trojan horse programs. POINTS: 1 REFERENCES: p. 349 H1: Introduction To Intrusion Detection And Prevention Systems H2: Types of IDPSs QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.1 - Identify and describe the categories and models of intrusion detection and prevention systems DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 3/8/2017 10:47 PM Subjective Short Answer 109. How does a signature-based IDPS differ from a behavior-based IDPS? ANSWER:
A signature-based system looks for patterns of behavior that match a library of known behaviors. A behavior-based system watches for activities that suggest an alert-level activity is occurring, based on sequences of actions or the timing between otherwise unrelated events. POINTS: 1 REFERENCES: p. 350 H1: Introduction To Intrusion Detection And Prevention Systems H2: IDPS Detection Methods QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 6/7/2021 1:54 PM Page 37
Name:
Class:
Date:
Module 9 Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools DATE MODIFIED:
6/7/2021 1:57 PM
110. What is a SIEM and what is its primary purpose? ANSWER: A security information and event management (SIEM) system is an information management system specifically tasked to collect and correlate events and other log data from a number of servers or other network devices for the purpose of interpreting, filtering, correlating, analyzing, storing, reporting, and acting on the resulting information. A SIEM system supports threat detection and informs many aspects of threat intelligence. It is also instrumental in managing aspects of compliance vulnerability management. It often plays a pivotal role in an organization’s security incident management through data collection and analysis by enabling near real-time and historical analysis of security events. It integrates data from multiple sources, including local events and contextual data sources. POINTS: 1 REFERENCES: p. 352 H2: Security Information and Event Management (SIEM) H1: Introduction To Intrusion Detection And Prevention Systems QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.2 - Describe the detection approaches employed by modern intrusion detection and prevention systems DATE CREATED: 6/7/2021 1:54 PM DATE MODIFIED: 6/7/2021 3:12 PM 111. What is network footprinting and how is it related to network fingerprinting? ANSWER:
Footprinting is organized research of the Internet addresses owned or controlled by a target organization. The attacker uses public Internet data sources to perform keyword searches that identify the network addresses of the organization. This research is augmented by browsing the organization’s Web pages. Web pages usually contain information about internal systems, the people who develop the Web pages, and other tidbits that can be used for social engineering attacks. The fingerprinting phase uses the TCP/IP address ranges that were collected during the footprinting phase to identify the network services offered by the hosts in that range.
POINTS: REFERENCES:
1 p. 371 H1: Scanning And Analysis Tools QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.09.4 - List and define the major categories of scanning and analysis tools and describe the specific tools used within each category DATE CREATED: 6/7/2021 1:54 PM DATE MODIFIED: 6/27/2021 11:52 AM Page 38
Name:
Class:
Date:
Module 10 Cryptography True / False 1. In 1953, Giovan Batista Bellaso introduced the idea of the passphrase (password) as a key for encryption. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Introduction To Cryptography H2: The History of Cryptology P. 385 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 2. In 1917, Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 385 H1: Introduction To Cryptography H2: The History of Cryptology QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 3/9/2017 11:11 PM 3. Sequence encryption is a series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts it using different keys and sends it to the next neighbor. This process continues until the message reaches the final destination. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: True / False HAS VARIABLES: False Page 1
Name:
Class:
Date:
Module 10 Cryptography LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 3/9/2017 11:12 PM 4. The permutation cipher simply rearranges the values within a block to create the ciphertext. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Encryption Methods H2: Transposition Cipher p. 390 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 5. In addition to being credited with inventing a substitution cipher, Julius Caesar was associated with an early version of the transposition cipher. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 391 H1: Encryption Methods H2: Transposition Cipher QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 6. You cannot combine the XOR operation with a block cipher operation. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 391 H1: Encryption Methods H2: Exclusive OR QUESTION TYPE: True / False HAS VARIABLES: False Page 2
Name:
Class:
Date:
Module 10 Cryptography LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 7. To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 392 H1: Encryption Methods H2: Vernam Cipher QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 8. One encryption method made popular by spy movies is the book cipher, which involves using the text in a book to encrypt and decrypt messages. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 393 H1: Encryption Methods H2: Book-Based Ciphers QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 6/27/2021 11:56 AM 9. Hashing functions require the use of keys. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: True / False HAS VARIABLES: False Page 3
Name:
Class:
Date:
Module 10 Cryptography LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 10. A cryptovariable is a value representing the application of a hash algorithm on a message. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 398 H1: Cryptographic Algorithms H2: Encryption Key Size QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 11. A brute force function is a mathematical algorithm that generates a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 3/9/2017 11:14 PM 12. Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Cryptographic Tools H2: Hybrid Cryptography Systems p. 403 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular Page 4
Name:
Class:
Date:
Module 10 Cryptography DATE CREATED: DATE MODIFIED:
cryptographic tools 9/14/2016 10:45 AM 9/14/2016 10:45 AM
13. Adopted by NIST in 1976 as a federal standard, DES uses a 64-bit block size and key. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 396 H1: Cryptographic Algorithms H2: Symmetric Encryption QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:45 AM DATE MODIFIED: 9/14/2016 10:45 AM 14. 3DES was created to offer the same strength as the DES algorithm but ran three times as fast, thus saving time. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 396 H1: Cryptographic Algorithms H2: Symmetric Encryption QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 9/14/2016 10:46 AM 15. The AES algorithm was the first public-key encryption algorithm to use a 256-bit key length. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 398 H1: Cryptographic Algorithms H2: Asymmetric Encryption QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM Page 5
Name:
Class:
Date:
Module 10 Cryptography DATE MODIFIED:
3/9/2017 11:15 PM
16. When an asymmetric cryptographic process uses the sender’s private key to encrypt a message, the sender’s public key must be used to decrypt the message. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 397 H1: Cryptographic Algorithms H2: Asymmetric Encryption QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 9/14/2016 10:46 AM 17. Asymmetric encryption systems use a single key to both encrypt and decrypt a message. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 397 H1: Cryptographic Algorithms H2: Asymmetric Encryption QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 3/9/2017 11:15 PM 18. Usually, as the length of a cryptovariable increases, the number of random guesses that have to be made in order to break the code is reduced. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 399 H1: Cryptographic Algorithms H2: Encryption Key Size QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM Page 6
Name:
Class:
Date:
Module 10 Cryptography DATE MODIFIED:
3/9/2017 11:16 PM
19. PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 401 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 3/9/2017 11:21 PM 20. The registration authority (RA) is a third party that issues, manages, authenticates, signs, and revokes users’ digital certificates. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 401 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 11:56 AM 21. Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 400 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular Page 7
Name:
Class:
Date:
Module 10 Cryptography DATE CREATED: DATE MODIFIED:
cryptographic tools 9/14/2016 10:46 AM 9/14/2016 10:46 AM
22. The most common hybrid system is based on the Diffie-Hellman key exchange, which is a method for exchanging private keys using public-key encryption. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 403 H1: Cryptographic Tools H2: Hybrid Cryptography Systems QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 3/9/2017 11:17 PM 23. Steganography is a data hiding method that involves embedding information within other files, such as digital pictures or other images. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 404 H1: Cryptographic Tools H2: Steganography QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 9/14/2016 10:46 AM 24. Standard HTTP (S-HTTP) is an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages transmitted via the Internet between a client and server using AES over HTTP. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Protocols For Secure Communications H2: Securing Internet Communication with HTTPS and SSL p. 405 Page 8
Name:
Class:
Date:
Module 10 Cryptography QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 11:57 AM 25. SSL builds on the encoding format of the digital encryption standard (DES) protocol and uses digital signatures based on public-key cryptosystems to secure e-mail. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 407 H1: Protocols For Secure Communications H2: Securing E-Mail with S/MIME, PEM, and PGP QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:03 PM 26. Bluetooth is a de facto industry standard for short-range wireless communications between devices. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 409 H1: Protocols For Secure Communications H2: Securing Wireless Networks with WPA and RSN QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 9/14/2016 10:46 AM 27. Secure Electronic Transactions was developed by MasterCard and Visa in 1997 to protect against electronic payment fraud. a. True b. False ANSWER: True POINTS: 1 Page 9
Name:
Class:
Date:
Module 10 Cryptography REFERENCES:
p. 409 H1: Protocols For Secure Communications H2: Securing Web Transactions with SET, SSL, and HTTPS QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 3/9/2017 11:26 PM 28. The encapsulating security payload protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 9/14/2016 10:46 AM 29. The HTTPS security solution provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 412 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/14/2021 7:27 PM 30. Internet Protocol Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocols. a. True Page 10
Name:
Class:
Date:
Module 10 Cryptography b. False ANSWER: POINTS: REFERENCES:
True 1 p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 3/9/2017 11:27 PM Modified True / False 31. Encryption is the process of converting the ciphertext message back into plaintext so that it can be readily understood. _____ ANSWER: False - Decryption POINTS: 1 REFERENCES: P. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 32. A(n) key is the set of steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message; it sometimes refers to the programs that enable the cryptographic processes. _____ ANSWER: False - algorithm POINTS: 1 REFERENCES: p. 385 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM Page 11
Name:
Class:
Date:
Module 10 Cryptography 33. To encipher means to decrypt, decode, or convert ciphertext into the equivalent plaintext. _____ ANSWER: False - decipher POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 34. Ciphertext or a cryptogram is an encoded message, or a message that has been successfully encrypted. _____ ANSWER: True POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 35. In a book cipher, the key consists of a list of codes representing the page number, line number, and word number of the plaintext word. _____ ANSWER: False - ciphertext False - cryptogram False - encrypted text POINTS: 1 REFERENCES: p. 393 H1: Encryption Methods H2: Book-Based Ciphers QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:04 PM 36. Hash algorithms are mathematical functions that create a message digest by converting variable-length messages into Page 12
Name:
Class:
Date:
Module 10 Cryptography a single fixed-length value. _____ ANSWER: True POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Book-Based Ciphers QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:05 PM 37. A multipart authentication code (MAC) is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. _____ ANSWER: False - message POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Book-Based Ciphers QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 38. Encryption methodologies that require the same secret key to encipher and decipher the message are using public-key encryption. _____ ANSWER: False - private POINTS: 1 REFERENCES: p. 396 H1: Cryptography Algorithms H2: Symmetric Encryption QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:06 PM 39. PKI is the a federal information processing standard that specifies a cryptographic algorithm developed to replace both DES and 3DES. _____ ANSWER: False - AES False - Advanced Encryption Standard Page 13
Name:
Class:
Date:
Module 10 Cryptography False - Advanced Encryption Standard (AES) POINTS: 1 REFERENCES: p. 396 H1: Cryptography Algorithms H2: Symmetric Encryption QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:07 PM 40. AES implements a block cipher called the Rijndael Block Cipher with a variable block length and a key length of 128, 192 or 256 bits. _____ ANSWER: True POINTS: 1 REFERENCES: p. 397 H1: Cryptography Algorithms H2: Symmetric Encryption QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:08 PM 41. Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. _____ ANSWER: False - Asymmetric POINTS: 1 REFERENCES: p. 396 H1: Cryptography Algorithms H2: Asymmetric Encryption QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 42. Within a PKI, a(n) registration authority issues, manages, authenticates, signs, and revokes users’ digital certificates, which typically contain the user name, public key, and other identifying information. _____ ANSWER: False - certificate POINTS: 1 Page 14
Name:
Class:
Date:
Module 10 Cryptography REFERENCES:
p. 401 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 43. The Digital Signature Standard established by NIST is used for electronic document authentication by federal information systems. It is based on a variant of the ElGamal algorithm. _____ ANSWER: True POINTS: 1 REFERENCES: p. 402 H1: Cryptographic Tools H2: Digital Signatures QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 44. A(n) distinguished name uniquely identifies a certificate entity to a user’s public key. _____ ANSWER: True POINTS: 1 REFERENCES: p. 403 H1: Cryptographic Tools H2: Digital Certificates QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 45. Diffie-Hellman key exchange uses asymmetric encryption to exchange session keys - limited use symmetric keys for temporary communications.. _____ ANSWER: True POINTS: 1 REFERENCES: p. 403 Page 15
Name:
Class:
Date:
Module 10 Cryptography H1: Cryptographic Tools H2: Hybrid Cryptography Systems QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:09 PM 46. The number of horizontal and vertical pixels captured and recorded is known as an image’s contrast. _____ ANSWER: False - resolution POINTS: 1 REFERENCES: p. 403 H1: Cryptographic Tools H2: Steganography QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:09 PM 47. The most popular modern version of steganography involves hiding information within files that contain digital pictures or other images. _____ ANSWER: True POINTS: 1 REFERENCES: p. 403 H1: Cryptographic Tools H2: Steganography QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 48. HTTPS is an extended version of Hypertext Transfer Protocol that provides for the encryption of protected e-mail transmitted via the Internet between a client and server. _____ ANSWER: False - Web pages POINTS: 1 REFERENCES: p. 406 H1: Protocols For Secure Communications Page 16
Name:
Class:
Date:
Module 10 Cryptography H2: Securing Internet Communication with HTTPS and SSL QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/14/2021 7:43 PM 49. Privacy Enhanced Mail was proposed by the Internet Engineering Task Force and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures. _____ ANSWER: True POINTS: 1 REFERENCES: p. 407 H1: Protocols For Secure Communications H2: Securing E-Mail with S/MIME, PEM, and PGP QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 50. Secure Multipurpose Internet Mail Extensions builds on the encoding format of the MIME protocol and uses digital signatures based on public-key cryptosystems to secure e-mail. _____ ANSWER: True POINTS: 1 REFERENCES: p. 407 H1: Protocols For Secure Communications H2: Securing E-Mail with S/MIME, PEM, and PGP QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 51. PGP is a de facto industry standard for short-range wireless communications between devices. _____ ANSWER: False - Bluetooth POINTS: 1 REFERENCES: p. 409 H1: Protocols For Secure Communications H2: Securing Wireless Networks with WPA and RSN Page 17
Name:
Class:
Date:
Module 10 Cryptography QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:10 PM 52. Internet Protocol Security is designed to protect data integrity, user confidentiality, and authenticity at the IP packet level. _____ ANSWER: True POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM 53. In transport mode IPSec the entire IP packet is encrypted and is then placed as the content portion of another IP packet. _____ ANSWER: False - tunnel POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:11 PM 54. The authentication header (AH) protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. _____ ANSWER: False - encapsulating security payload (ESP) False - encapsulating security payload False - ESP POINTS: 1 REFERENCES: p. 410 Page 18
Name:
Class:
Date:
Module 10 Cryptography H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:12 PM 55. Pretty Good Privacy (PGP) uses the freeware ZIP algorithm to compress the message after it has been digitally signed but before it is encrypted. _____ ANSWER: True POINTS: 1 REFERENCES: p. 412 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:00 PM Multiple Choice 56. _____ is the process of converting an original message into a form that is unreadable to unauthorized individuals. a. Encryption b. Decryption c. Cryptology d. Cryptography ANSWER: a POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 57. _____ is the entire range of values that can possibly be used to construct an individual key. a. Code b. Keyspace c. An algorithm d. A cryptogram Page 19
Name:
Class:
Date:
Module 10 Cryptography ANSWER: POINTS: REFERENCES:
b 1 p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 58. _____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. a. Cryptology b. Decryption c. Cryptography d. Work factor ANSWER: d POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:13 PM 59. A _____ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. a. password b. cipher c. key d. passphrase ANSWER: c POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 60. Bit stream methods commonly use algorithm functions like the _____ OR operation. Page 20
Name:
Class:
Date:
Module 10 Cryptography a. exclusive c. extensive ANSWER: POINTS: REFERENCES:
b. extreme d. enhanced a 1 p. 386 H1: Encryption Methods QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:15 PM 61. More advanced substitution ciphers use two or more alphabets, and are referred to as _____ substitutions. a. pollysyllabic b. monoalphabetic c. polyalphabetic d. polynomic ANSWER: c POINTS: 1 REFERENCES: p. 387 H1: Encryption Methods H2: Substitution Cipher QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:15 PM 62. _____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. a. Hash b. MAC c. Key d. Encryption ANSWER: a POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:16 PM 63. A _____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. a. signature b. MAC Page 21
Name:
Class:
Date:
Module 10 Cryptography c. fingerprint ANSWER: POINTS: REFERENCES:
d. digest
b 1 p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 64. SHA-1 produces a(n) _____-bit message digest, which can then be used as an input to a digital signature algorithm. a. 48 b. 56 c. 160 d. 256 ANSWER: c POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:02 PM 65. Using a database of precomputed hashes from sequentially calculated passwords called a(n) _____, an attacker can simply look up a hashed password and read out the text version. a. hash matrix b. smurf list c. rainbow table d. hashapedia ANSWER: c POINTS: 1 REFERENCES: p. 395 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:17 PM 66. A method of encryption that requires the same secret key to encipher and decipher the message is known as _____ encryption. a. asymmetric b. symmetric Page 22
Name:
Class:
Date:
Module 10 Cryptography c. public ANSWER: POINTS: REFERENCES:
d. hash
b 1 p. 396 H1: Cryptographic Algorithms H2: Symmetric Encryption QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:18 PM 67. _____ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure. a. DES b. 2DES c. AES d. 3DES ANSWER: c POINTS: 1 REFERENCES: p. 397 H1: Cryptographic Algorithms H2: Symmetric Encryption QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 68. DES uses a(n) _____-bit block size. a. 32 b. 64 c. 128 d. 256 ANSWER: b POINTS: 1 REFERENCES: p. 396 H1: Cryptographic Algorithms H2: Symmetric Encryption QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:02 PM 69. The _____ algorithm, developed in 1977, was the first public-key encryption algorithm published for commercial use. a. DES b. RSA c. MAC d. AES Page 23
Name:
Class:
Date:
Module 10 Cryptography ANSWER: POINTS: REFERENCES:
b 1 p. 398 H1: Cryptographic Algorithms H2: Asymmetric Encryption QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 70. _____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. a. MAC b. PKI c. DES d. AES ANSWER: b POINTS: 1 REFERENCES: p. 400 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 71. In PKI, the CA periodically distributes a(n) _____ to all users that identifies all revoked certificates. a. CRL b. RA c. MAC d. RDL ANSWER: a POINTS: 1 REFERENCES: p. 401 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 72. _____ are encrypted message components that can be mathematically proven to be authentic. a. Digital signatures b. MACs Page 24
Name:
Class:
Date:
Module 10 Cryptography c. Message certificates ANSWER: POINTS: REFERENCES:
d. Message digests a 1 p. 402 H1: Cryptographic Tools H2: Digital Signatures QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 73. Digital signatures should be created using processes and products that are based on the _____. a. DSS b. NIST c. SSL d. HTTPS ANSWER: a POINTS: 1 REFERENCES: p. 402 H1: Cryptographic Tools H2: Digital Signatures QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 74. An X.509 v3 certificate binds a _____, which uniquely identifies a certificate entity, to a user’s public key. a. message digest b. fingerprint c. distinguished name d. digital signature ANSWER: c POINTS: 1 REFERENCES: p. 403 H1: Cryptographic Tools H2: Digital Certificates QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:02 PM 75. The _____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. Page 25
Name:
Class:
Date:
Module 10 Cryptography a. Standard HTTP c. HTTPS ANSWER: POINTS: REFERENCES:
b. SFTP d. SSL Record Protocol d 1 p. 406 H1: Protocols For Secure Communications H2: Securing Internet Communication with HTTPS and SSL QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/14/2021 8:04 PM 76. At the World Championships in Athletics in Helsinki in August 2005, a virus called Cabir infected dozens of _____, the first time this occurred in a public setting. a. iPad tablets b. Bluetooth mobile phones c. WiFi routers d. hearing aids ANSWER: b POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing Wireless Networks with WPA and RSN QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:18 PM 77. _____ is an open-source protocol framework that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet. a. PEM b. SSH-2 c. IPSec d. SET ANSWER: c POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM Page 26
Name:
Class:
Date:
Module 10 Cryptography DATE MODIFIED:
6/27/2021 12:19 PM
78. The _____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication. a. ESP b. AH c. HA d. SEP ANSWER: b POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 79. _____ was developed by Phil Zimmermann and uses the IDEA cipher for message encoding. a. PEM b. PGP c. S/MIME d. SSL ANSWER: b POINTS: 1 REFERENCES: p. 407 H1: Protocols For Secure Communications H2: Securing E-Mail with S/MIME, PEM, and PGP QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 80. _____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. a. PGP b. DES c. AH d. ESP ANSWER: a POINTS: 1 REFERENCES: p. 412 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure Page 27
Name:
Class:
Date:
Module 10 Cryptography DATE CREATED: DATE MODIFIED:
communications 9/14/2016 10:46 AM 6/6/2021 4:01 PM
Completion 81. The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is called _____. ANSWER: cryptanalysis POINTS: 1 REFERENCES: H1: Introduction To Cryptography p. 384 QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 2/1/2017 6:50 PM DATE MODIFIED: 6/6/2021 4:02 PM 82. The science of encryption is known as _____. ANSWER: cryptology POINTS: 1 REFERENCES: p. 384 H1: Introduction To Cryptography QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 83. _____ is the process of making and using codes to secure the transmission of information. ANSWER: Cryptography POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM Page 28
Name:
Class:
Date:
Module 10 Cryptography DATE MODIFIED:
6/6/2021 4:01 PM
84. A(n) _____ or cryptosystem is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption. ANSWER: cipher POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 85. To _____ means to encrypt, encode, or convert plaintext into the equivalent ciphertext. ANSWER: encipher POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 86. The process of hiding messages within the digital encoding of a picture or graphic is called _____. ANSWER: steganography POINTS: 1 REFERENCES: p. 386 H1: Introduction To Cryptography H2: Key Cryptology Terms QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM Page 29
Name:
Class:
Date:
Module 10 Cryptography 87. In a(n) _____ cipher, you replace one value with another. ANSWER: substitution POINTS: 1 REFERENCES: p. 387 H1: Encryption Methods H2: Substitution Cipher QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:20 PM 88. A(n) _____ substitution uses one alphabet. ANSWER: monoalphabetic POINTS: 1 REFERENCES: p. 387 H1: Encryption Methods H2: Substitution Cipher QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 89. The _____ cipher simply rearranges the values within a block to create the ciphertext. ANSWER: transposition permutation POINTS: 1 REFERENCES: p. 390 H1: Encryption Methods H2: Transposition Cipher QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 90. The _____ operation is a function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0. ANSWER: exclusive OR XOR exclusive OR (XOR) Page 30
Name:
Class:
Date:
Module 10 Cryptography POINTS: REFERENCES:
1 p. 391 H1: Encryption Methods H2: Exclusive OR QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:21 PM 91. Also known as the one-time pad, the _____ cipher, which was developed at AT&T, uses a set of characters only one time for each encryption process. ANSWER: Vernam POINTS: 1 REFERENCES: p. 392 H1: Encryption Methods H2: Vernam Cipher QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 92. A message _____ is a fingerprint of the author’s message that is compared with the recipient’s locally calculated hash of the same message. ANSWER: digest POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 93. Hashing functions do not require the use of keys, but it is possible to attach a message _____ code to allow only specified recipients to access the message digest. ANSWER: authentication POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods Page 31
Name:
Class:
Date:
Module 10 Cryptography H2: Hash Functions QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:22 PM 94. The Secure _____ Standard issued by the National Institute of Standards and Technology specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file. ANSWER: Hash POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 95. One of the most widely known cryptographic algorithms is the _____, which was developed by IBM and is based on the company’s Lucifer algorithm. ANSWER: DES Data Encryption Standard POINTS: 1 REFERENCES: p. 396 H1: Cryptographic Algorithms H2: Symmetric Encryption QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 96. The successor to 3DES is the _____ Encryption Standard. ANSWER: Advanced POINTS: 1 REFERENCES: p. 397 H1: Cryptographic Algorithms H2: Symmetric Encryption QUESTION TYPE: Completion Page 32
Name:
Class:
Date:
Module 10 Cryptography HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 97. The more common name for asymmetric encryption is _____-key encryption. ANSWER: public POINTS: 1 REFERENCES: p. 397 H1: Cryptographic Algorithms H2: Asymmetric Encryption QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 98. A mathematical _____ is a secret mechanism that enables you to easily accomplish the reverse function in a one-way function. ANSWER: trapdoor POINTS: 1 REFERENCES: p. 398 H1: Cryptographic Algorithms H2: Asymmetric Encryption QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 99. In the context of a PKI, a(n) _____ authority operates under the trusted collaboration of the certificate authority and can be delegated day-to-day certification functions, such as verifying registration information about new registrants, generating end-user keys, revoking certificates, and validating that users possess a valid certificate. ANSWER: registration POINTS: 1 REFERENCES: p. 401 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 33
Name:
Class:
Date:
Module 10 Cryptography LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 100. Digital _____ are public-key container files that allow computer programs to validate the key and identify to whom it belongs. ANSWER: certificates POINTS: 1 REFERENCES: p. 400 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 101. Digital _____ are encrypted messages that can be mathematically proven to be authentic. ANSWER: signatures POINTS: 1 REFERENCES: p. 402 H1: Cryptographic Tools H1: Cryptographic Tools QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 102. A digital _____ is an electronic document or container file that contains a key value and identifying information about the entity that controls the key. ANSWER: certificate POINTS: 1 REFERENCES: p. 402 H1: Cryptographic Tools H2: Digital Certificates QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular Page 34
Name:
Class:
Date:
Module 10 Cryptography DATE CREATED: DATE MODIFIED:
cryptographic tools 9/14/2016 10:46 AM 6/6/2021 4:01 PM
103. Netscape developed the _____ Layer protocol to use public-key encryption to secure a channel over the Internet, thus enabling secure communications. ANSWER: Secure Socket Secure Sockets POINTS: 1 REFERENCES: p. 405 H1: Protocols For Secure Communications H2: Securing Internet Communication with HTTPS and SSL QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 104. In IPSec _____ mode, only the IP data is encrypted, not the IP headers. ANSWER: transport POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/6/2021 4:01 PM 105. The encapsulating security _____ protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification. ANSWER: payload POINTS: 1 REFERENCES: p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure Page 35
Name:
Class:
Date:
Module 10 Cryptography DATE CREATED: DATE MODIFIED:
communications 9/14/2016 10:46 AM 6/6/2021 4:01 PM
106. Originally released as freeware, _____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms as an open-source de facto standard for encryption and authentication of e-mail and file storage. ANSWER: Pretty Good Privacy PGP Pretty Good Privacy (PGP) POINTS: 1 REFERENCES: p. 412 H1: Protocols For Secure Communications H1: Protocols For Secure Communications QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 6/27/2021 12:23 PM Essay 107. Describe how hash functions work and what they are used for. ANSWER: Hash functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. While they do not create ciphertext, hash functions confirm message identity and integrity, both of which are critical functions in e-commerce. Hashing functions do not require the use of keys, but it is possible to attach a message authentication code (MAC)—a key-dependent, one-way hash function—that allows only specific recipients (symmetric key holders) to access the message digest. POINTS: 1 REFERENCES: p. 394 H1: Encryption Methods H2: Hash Functions QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 3/9/2017 11:41 PM 108. Describe symmetric and asymmetric encryption. ANSWER: Symmetric Encryption. Encryption methodologies that require the same secret key to encipher and decipher the message use what is called private-key encryption or symmetric Page 36
Name:
Class:
Date:
Module 10 Cryptography encryption. Symmetric encryption methods use mathematical operations that can be programmed into extremely fast computing algorithms so that the encryption and decryption processes are executed quickly, even by small computers. The primary challenge of symmetric key encryption is getting the key to the receiver, a process that must be conducted out of band (meaning through a channel or band other than the one carrying the ciphertext) to avoid interception. Asymmetric Encryption. Another category of encryption techniques is asymmetric encryption. While symmetric encryption systems use a single key both to encrypt and decrypt a message, asymmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. Asymmetric encryption can be used to provide elegant solutions to problems of secrecy and verification. This technique has its highest value when one key is used as a private key, which means that it is kept secret (much like the key of symmetric encryption), known only to the owner of the key pair, and the other key serves as a public key, which means that it is stored in a public location where anyone can use it. POINTS: 1 REFERENCES: p. 397 H1: Cryptographic Algorithms H2: Asymmetric Encryption QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.2 - Explain the basic principles of cryptography DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 3/9/2017 11:42 PM 109. Describe digital certificates. ANSWER: Digital certificates are public-key container files that allow computer programs to validate the key and identify to whom it belongs. The certificate is often issued and certified by a third party, usually a certificate authority. A digital signature attached to the certificate’s container file certifies the file’s origin and integrity. A certificate authority (CA) issues, manages, authenticates, signs, and revokes users’ digital certificates, which typically contain the user name, public key, and other identifying information. POINTS: 1 REFERENCES: p. 402 H1: Cryptographic Tools H2: Digital Certificates QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 9/14/2016 10:46 AM DATE MODIFIED: 9/14/2016 10:46 AM Subjective Short Answer Page 37
Name:
Class:
Date:
Module 10 Cryptography 110. What are cryptography and cryptanalysis? ANSWER:
The science of encryption, known as cryptology, encompasses cryptography, and cryptanalysis. Cryptography is the process of making and using codes to secure information. Cryptanalysis is the process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.
POINTS: REFERENCES:
1 p. 384 H1: Introduction To Cryptography QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.1 - Chronicle the most significant events and discoveries in the history of cryptology DATE CREATED: 6/15/2021 5:16 PM DATE MODIFIED: 6/27/2021 12:23 PM 111. What are the components and benefits of PKI? ANSWER:
Public key infrastructure (PKI) systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs). Digital certificates allow the PKI components and their users to validate keys and identify key owners. Certificate authorities In PKI, are third parties that manages users’ digital certificates. PKI allows the implementation of several key characteristics of information security, including authentication, integrity, privacy, authorization, and nonrepudiation.
POINTS: REFERENCES:
1 p. 400 H1: Cryptographic Tools H2: Public Key Infrastructure (PKI) QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.3 - Describe the operating principles of the most popular cryptographic tools DATE CREATED: 6/15/2021 5:18 PM DATE MODIFIED: 6/27/2021 12:25 PM 112. What is IPSec and what are its two operating modes? ANSWER: IP Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocol standards. Page 38
Name:
Class:
Date:
Module 10 Cryptography It is used to secure communications across IP-based networks such as LANs, WANs, and the Internet. IPSec operates in two modes: transport and tunnel. In transport mode, only the IP data is encrypted, not the IP headers. This allows intermediate nodes to read the source and destination addresses. In tunnel mode, the entire IP packet is encrypted and then placed into the content portion of another IP packet. This requires other systems at the beginning and end of the tunnel to act as proxies to send and receive the encrypted packets. These systems then transmit the decrypted packets to their true destinations. POINTS: REFERENCES:
1 p. 410 H1: Protocols For Secure Communications H2: Securing TCP/IP with IPSec and PGP QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.10.4 - List and explain the major protocols used for secure communications DATE CREATED: 6/15/2021 5:19 PM DATE MODIFIED: 6/27/2021 12:26 PM
Page 39
Name:
Class:
Date:
Module 11 Implementing Information Security True / False 1. The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC). a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: The Systems Development Life Cycle H2: Traditional Development Methods p. 421 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 9/14/2016 10:29 AM 2. The investigation phase of the SDLC involves specification of the objectives, constraints, and scope of the project. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 420 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 6/27/2021 5:54 PM 3. The physical design is the blueprint for the desired solution. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 420 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM Page 1
Name:
Class:
Date:
Module 11 Implementing Information Security DATE MODIFIED:
9/14/2016 10:29 AM
4. In the physical design phase, specific technologies are selected. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 420 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 12/4/2016 2:19 PM 5. The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 419 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 12/4/2016 2:23 PM 6. The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Information Security Project Management H2: Developing the Project Plan p. 429 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the Page 2
Name:
Class:
Date:
Module 11 Implementing Information Security DATE CREATED: DATE MODIFIED:
success of an information security project 9/14/2016 10:48 AM 9/14/2016 10:48 AM
7. In general, the design phase is accomplished by changing the configuration and operation of the organization’s information systems to make them more secure. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 428 H1: Information Security Project Management QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 8. Planning for the implementation phase of a security project requires the creation of a detailed project plan. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 429 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 9. Each organization has to determine its own project management methodology for IT and information security projects. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Information Security Project Management p. 429 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the Page 3
Name:
Class:
Date:
Module 11 Implementing Information Security DATE CREATED: DATE MODIFIED:
success of an information security project 9/14/2016 10:48 AM 9/14/2016 10:48 AM
10. The first step in the work breakdown structure (WBS) is to break down the project plan into its action steps. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Information Security Project Management H2: Developing the Project Plan p. 429 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:21 PM 11. The work breakdown structure (WBS) can only be prepared with a complex, specialized desktop PC application. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 429 H1: Information Security Project Management H2: Developing the Project Plan LO: 11.2 H2: Developing the Project Plan QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 3/10/2017 8:20 AM 12. Planners need to estimate the effort required to complete each task, subtask, or action step in the project plan. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 431 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: True / False Page 4
Name:
Class:
Date:
Module 11 Implementing Information Security HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 3/10/2017 8:20 AM 13. To justify the amount budgeted for a security project, it may be useful for the organization to adopt the budgets of larger, more successful organizations. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Information Security Project Management H2: Project Planning Considerations p. 433 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:22 PM 14. The budgets of public organizations are usually the product of legislation or public meetings. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 15. The need for qualified, trained, and available personnel constrains the project plan. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Information Security Project Management H2: Project Planning Considerations p. 433 Page 5
Name:
Class:
Date:
Module 11 Implementing Information Security QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 16. The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 434 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 17. All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Information Security Project Management H2: The Need for Project Management p. 434 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 18. When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change. a. True b. False ANSWER: True POINTS: 1 Page 6
Name:
Class:
Date:
Module 11 Implementing Information Security REFERENCES:
H1: Information Security Project Management H2: The Need for Project Management p. 435 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 19. The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system’s bugs are worked out. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Technical Aspects Of Implementation H2: Conversion Strategies p. 437 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 20. The networks layer of the bull’s eye is the outermost ring of the bull’s eye. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 3/10/2017 8:21 AM 21. The bull’s-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan. a. True b. False Page 7
Name:
Class:
Date:
Module 11 Implementing Information Security ANSWER: POINTS: REFERENCES:
True 1 p. 439 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 3/10/2017 8:21 AM 22. As dictated by the bull’s-eye model, until sound and usable IT and information security policies are developed, communicated, and enforced, no additional resources should be spent on other controls. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:23 PM 23. Every organization needs to develop an information security department or program of its own. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 439 H1: Technical Aspects Of Implementation H2: To Outsource or Not QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 24. "Unfreezing" in the Lewin change model involves thawing hard-and-fast habits and established procedures. a. True Page 8
Name:
Class:
Date:
Module 11 Implementing Information Security b. False ANSWER: POINTS: REFERENCES:
True 1 H1: Nontechnical Aspects Of Implementation H2: The Culture of Change Management p. 442 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.11.6 - Compare and contrast among the types of gloves used in dentistry. DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 3/10/2017 8:22 AM 25. Weak management support, with overly delegated responsibility and no champion, sentences a project to almostcertain failure. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 443 H1: Nontechnical Aspects Of Implementation H2: Considerations for Organizational Change QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.11.6 - Compare and contrast among the types of gloves used in dentistry. DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM Modified True / False 26. The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system. _____ ANSWER: False - Systems POINTS: 1 REFERENCES: p. 419 H1: The Systems Development Life Cycle QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 6/6/2021 4:07 PM Page 9
Name:
Class:
Date:
Module 11 Implementing Information Security 27. The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project. _____ ANSWER: False - Investigation POINTS: 1 REFERENCES: p. 420 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 6/6/2021 4:07 PM 28. SecOps focuses on integrating the need for the development team to provide iterative and rapid improvements to system functionality and the need for the operations team to improve security and minimize the disruption from software release cycles. _____ ANSWER: False - DevOps POINTS: 1 REFERENCES: p. 419 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:29 AM DATE MODIFIED: 6/27/2021 6:23 PM 29. Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal. _____ ANSWER: False - Project POINTS: 1 REFERENCES: p. 428 H1: Information Security Project Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:07 PM Page 10
Name:
Class:
Date:
Module 11 Implementing Information Security 30. Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _____ ANSWER: False - project plan POINTS: 1 REFERENCES: p. 431 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:07 PM 31. In project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as milestones. _____ ANSWER: False - predecessors POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:24 PM 32. A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _____ ANSWER: True POINTS: 1 REFERENCES: p. 429 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:07 PM Page 11
Name:
Class:
Date:
Module 11 Implementing Information Security 33. In the early stages of planning, the project planner should attempt to specify completion dates only for major action steps within the project. _____ ANSWER: False - milestones POINTS: 1 REFERENCES: p. 431 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:24 PM 34. The RFP determines the impact that a specific technology or approach can have on the organization’s information assets and what it may cost. _____ ANSWER: False - cost-benefit analysis False - CBA False - cost-benefit analysis (CBA) False - cost benefit analysis False - cost benefit analysis (CBA) False - (CBA) cost-benefit analysis False - (CBA) cost benefit analysis POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:07 PM 35. The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _____ ANSWER: True POINTS: 1 REFERENCES: p. 434 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 12
Name:
Class:
Date:
Module 11 Implementing Information Security LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:25 PM 36. Most information security projects require a trained project developer - CISO or a skilled IT manager who is trained in project management techniques. _____ ANSWER: False - manager POINTS: 1 REFERENCES: p. 434 H1: Information Security Project Management H2: The Need for Project Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:26 PM 37. Once a project is underway, it is managed using a process known as gap analysis, which ensures that progress is measured periodically. _____ ANSWER: True POINTS: 1 REFERENCES: p. 435 H1: Information Security Project Management H2: The Need for Project Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:07 PM 38. Corrective action decisions are usually expressed in terms of trade-offs. _____ ANSWER: True POINTS: 1 REFERENCES: p. 435 H1: Information Security Project Management H2: The Need for Project Management QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for Page 13
Name:
Class:
Date:
Module 11 Implementing Information Security DATE CREATED: DATE MODIFIED:
complex projects 9/14/2016 10:48 AM 6/6/2021 4:07 PM
39. A direct changeover is also known as going “fast turnkey.” _____ ANSWER: False - cold turkey POINTS: 1 REFERENCES: H1: Technical Aspects Of Implementation H2: Conversion Strategies p. 437 QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:07 PM 40. The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system’s bugs are worked out. _____ ANSWER: True POINTS: 1 REFERENCES: p. 437 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:27 PM 41. The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system dramatically interfering with the performance of the organization as a whole. _____ ANSWER: False - pilot implementation POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan Page 14
Name:
Class:
Date:
Module 11 Implementing Information Security DATE CREATED: DATE MODIFIED:
9/14/2016 10:48 AM 6/6/2021 4:07 PM
42. A proven method for prioritizing a program of complex change is the bull’s-eye method. _____ ANSWER: True POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:07 PM 43. An ideal organization fosters resilience to change, meaning the the organization understands that change is a necessary part of the culture and that embracing change is more productive than fighting it.. _____ ANSWER: True POINTS: 1 REFERENCES: p. 443 H1: Nontechnical Aspects Of Implementation H2: Considerations for Organizational Change QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.11.6 - Compare and contrast among the types of gloves used in dentistry. DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:27 PM Multiple Choice 44. A methodology and formal development strategy for the design and implementation of an information system is referred to as a _____. a. systems design b. development life project c. systems development life cycle d. systems schema ANSWER: c POINTS: 1 REFERENCES: p. 418 H1: Introduction To Information Security Implementation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint Page 15
Name:
Class:
Date:
Module 11 Implementing Information Security DATE CREATED: DATE MODIFIED:
becomes a project plan 9/14/2016 10:30 AM 6/6/2021 4:06 PM
45. An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as _____. a. SecSDLC b. DevOps c. JAD/RAD d. SecOps ANSWER: b POINTS: 1 REFERENCES: p. 419 H1: Introduction To Information Security Implementation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/27/2021 6:28 PM 46. A type of SDLC in which each phase has results that flow into the next phase is called the _____ model. a. agile b. SA&D c. waterfall d. Method 7 ANSWER: c POINTS: 1 REFERENCES: p. 419 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/27/2021 6:28 PM 47. During the _____ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases. a. investigation b. implementation c. analysis d. physical design ANSWER: d POINTS: 1 REFERENCES: p. 420 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Multiple Choice Page 16
Name:
Class:
Date:
Module 11 Implementing Information Security HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/6/2021 4:06 PM 48. Which of the following phases is often considered the longest and most expensive phase of the systems development life cycle? a. investigation b. logical design c. implementation d. maintenance and change ANSWER: d POINTS: 1 REFERENCES: p. 421 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 9/14/2016 10:30 AM 49. Organizations are moving toward more _____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product. a. security b. reliability c. accessibility d. availability ANSWER: a POINTS: 1 REFERENCES: p. 428 H1: The Systems Development Life Cycle H2: The NIST Approach to Securing the SDLC QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/6/2021 4:06 PM 50. The _____ design phase of an SDLC methodology is implementation independent, meaning that it contains no reference to specific technologies, vendors, or products. a. conceptual b. logical c. integral d. physical ANSWER: b POINTS: 1 REFERENCES: p. 420 Page 17
Name:
Class:
Date:
Module 11 Implementing Information Security H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/6/2021 4:06 PM 51. Effective planning for information security involves: a. collecting information about an organization's objectives. b. collecting information about an organization's information security environment. c. collecting information about an organization's technical architecture. d. All of these answers are correct ANSWER: d POINTS: 1 REFERENCES: p. 428 H1: Information Security Project Management QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:29 PM 52. Tasks or action steps that come after the task at hand are called _____. a. predecessors b. successors c. derivatives d. parents ANSWER: b POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:29 PM 53. A(n) _____ is a simple project management planning tool used to break the project plan into smaller and smaller steps. a. RFP b. WBS c. ISO 17799 d. SDLC ANSWER: b Page 18
Name:
Class:
Date:
Module 11 Implementing Information Security POINTS: REFERENCES:
1 p. 429 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:35 PM 54. If the task is to write firewall specifications for the preparation of a(n) _____, the planner would note that the deliverable is a specification document suitable for distribution to vendors. a. WBS b. CBA c. SDLC d. RFP ANSWER: d POINTS: 1 REFERENCES: p. 430 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 55. The date for sending the final RFP to vendors is considered a milestone because it signals that __________. a. the budget is approved b. all approvals have been obtained c. all RFP preparation work is complete d. the bid by date has passed ANSWER: c POINTS: 1 REFERENCES: p. 431 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:38 PM 56. A(n) _____ determines the impact that a specific technology or approach can have on the organization’s information assets and what it may cost. a. RFP b. WBS Page 19
Name:
Class:
Date:
Module 11 Implementing Information Security c. SDLC d. CBA ANSWER: POINTS: REFERENCES:
d 1 p. 432 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:40 PM 57. Many public organizations must spend all budgeted funds within the fiscal year—otherwise, the subsequent year’s budget is _____. a. increased by the unspent amount b. not affected unless the deficit is repeated c. automatically audited for questionable expenditures d. reduced by the unspent amount ANSWER: d POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 58. In a _____ when significant deviation occurs, corrective action is taken to bring the deviating task back into compliance with the project plan; otherwise, the project is revised in light of the new information. a. gap analysis b. wrap-up c. direct changeover d. turnover ANSWER: a POINTS: 1 REFERENCES: H1: Information Security Project Management H2: The Need for Project Management p. 435 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 6:54 PM Page 20
Name:
Class:
Date:
Module 11 Implementing Information Security 59. The goal of the _____ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. a. direct changeover b. project wrap-up c. phased implementation d. pilot implementation ANSWER: b POINTS: 1 REFERENCES: p. 436 H1: Information Security Project Management H2: The Need for Project Management QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:04 PM 60. Some cases of _____ are simple, such as requiring employees to begin using a new password on an announced date. a. phased implementation b. direct changeover c. pilot implementation d. wrap-up ANSWER: b POINTS: 1 REFERENCES: p. 437 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 61. A _____ is usually the best approach to security project implementation. a. direct changeover b. phased implementation c. pilot implementation d. parallel operation ANSWER: b POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM Page 21
Name:
Class:
Date:
Module 11 Implementing Information Security DATE MODIFIED:
6/6/2021 4:06 PM
62. In a _____ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. a. loop b. direct c. parallel d. pilot ANSWER: d POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 63. The _____ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. a. parallel b. direct changeover c. bull’s-eye d. wrap-up ANSWER: c POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/16/2021 2:06 PM 64. The _____ level of the bull’s-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly. a. Policies b. Networks c. Systems d. Applications ANSWER: a POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: Multiple Choice HAS VARIABLES: False Page 22
Name:
Class:
Date:
Module 11 Implementing Information Security LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 65. The _____ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing. a. Policies b. Networks c. Systems d. Applications ANSWER: c POINTS: 1 REFERENCES: p. 439 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 66. The _____ layer of the bull's-eye model receives attention last. a. Policies b. Networks c. Systems d. Applications ANSWER: d POINTS: 1 REFERENCES: p. 439 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 67. Technology _____ guides how frequently technical systems are updated, and how technical updates are approved and funded, and also facilitates communication about technical advances and issues across the organization.. a. wrap-up b. governance c. turnover d. changeover ANSWER: b POINTS: 1 REFERENCES: p. 440 H1: Technical Aspects Of Implementation H2: Technology Governance and Change Control Page 23
Name:
Class:
Date:
Module 11 Implementing Information Security QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:05 PM 68. By managing the _____, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce. a. conversion process b. wrap-up c. process of change d. governance ANSWER: c POINTS: 1 REFERENCES: p. 440 H1: Technical Aspects Of Implementation H2: Technology Governance and Change Control QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM 69. The Lewin change model includes _____. a. unfreezing b. moving c. refreezing d. All of these are correct ANSWER: d POINTS: 1 REFERENCES: p. 442 H1: Nontechnical Aspects Of Implementation H2: The Culture of Change Management QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.11.6 - Compare and contrast among the types of gloves used in dentistry. DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:06 PM 70. Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as _____. a. DMZ b. SDLC c. WBS d. JAD ANSWER: d POINTS: 1 Page 24
Name:
Class:
Date:
Module 11 Implementing Information Security REFERENCES:
p. 442 H1: Nontechnical Aspects Of Implementation H2: Considerations for Organizational Change QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: DENT.SING.22.11.6 - Compare and contrast among the types of gloves used in dentistry. DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:06 PM Completion 71. A(n) _____ is a formal approach to solving a problem by means of a structured sequence of procedures. ANSWER: methodology POINTS: 1 REFERENCES: p. 419 H1: The Systems Development Life Cycle QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/6/2021 4:05 PM 72. The _____ phase of the SDLC consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems. ANSWER: analysis POINTS: 1 REFERENCES: p. 420 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/27/2021 7:06 PM 73. During the _____ phase of the SDLC, the process begins by examining the event or plan that initiated the process. During this phase, the objectives, constraints, and scope of the project are specified. ANSWER: investigation POINTS: 1 REFERENCES: p. 420 Page 25
Name:
Class:
Date:
Module 11 Implementing Information Security H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/27/2021 7:07 PM 74. During the implementation phase of the SDLC, the organization translates its blueprint for information security into a project _____. ANSWER: plan POINTS: 1 REFERENCES: p. 429 H1: Information Security Project Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:07 PM 75. The _____ of any given project plan should be carefully reviewed and kept as small as possible, given the project’s objectives. ANSWER: scope POINTS: 1 REFERENCES: p. 434 H1: Information Security Project Management H2: The Need for Project Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:09 PM 76. A(n) _____ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project. ANSWER: deliverable POINTS: 1 REFERENCES: p. 429 H1: Information Security Project Management Page 26
Name:
Class:
Date:
Module 11 Implementing Information Security H2: Developing the Project Plan QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 77. _____ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work. ANSWER: Projectitis POINTS: 1 REFERENCES: p. 430 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 78. A(n) _____ is a specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete. ANSWER: milestone POINTS: 1 REFERENCES: p. 431 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 79. The tasks or action steps that come before the specific task at hand are called _____. ANSWER: predecessors POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management Page 27
Name:
Class:
Date:
Module 11 Implementing Information Security H2: Developing the Project Plan QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 80. Tasks or action steps that come after the task at hand are called _____. ANSWER: successors POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 81. In the early stages of planning, the project planner should attempt to specify completion dates only for major project _____. ANSWER: milestones POINTS: 1 REFERENCES: p. 431 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:10 PM 82. Regardless of an organization’s information security needs, the amount of effort that can be expended depends on the available funds; therefore, a _____ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan. ANSWER: CBA cost-benefit analysis cost benefit analysis cost-benefit analysis (CBA) Page 28
Name:
Class:
Date:
Module 11 Implementing Information Security cost benefit analysis (CBA) CBA (cost-benefit analysis) CBA (cost benefit analysis) POINTS: 1 REFERENCES: p. 432 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 83. Project _____ is a description of a project’s features, capabilities, functions, and quality level, and is used as the basis of a project plan. ANSWER: scope POINTS: 1 REFERENCES: p. 434 H1: Information Security Project Management H2: Project Planning Considerations QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 84. Once a project is underway, it is managed to completion using a process known as _____ analysis. ANSWER: gap POINTS: 1 REFERENCES: p. 435 H1: Information Security Project Management H2: The Need for Project Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:11 PM 85. A direct _____ involves stopping the old system and starting the new one without any overlap. Page 29
Name:
Class:
Date:
Module 11 Implementing Information Security ANSWER: POINTS: REFERENCES:
changeover 1 p. 437 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 86. A(n) _____ implementation is the most common conversion strategy and involves a measured rollout of the planned system with a part of the system being brought out and disseminated across an organization before the next piece is implemented. ANSWER: phased POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 87. The _____ operations strategy involves running the new system concurrently with the old system. ANSWER: parallel POINTS: 1 REFERENCES: p. 438 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 88. At the center of the bull's-eye model are the _____ used by the organization to accomplish its work. ANSWER: applications Page 30
Name:
Class:
Date:
Module 11 Implementing Information Security POINTS: REFERENCES:
1 p. 439 H1: Technical Aspects Of Implementation H2: The Bull’s-Eye Model QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 89. Technology _____ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence. ANSWER: governance POINTS: 1 REFERENCES: p. 440 H1: Technical Aspects Of Implementation H2: Technology Governance and Change Control QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 90. Medium- and large-sized organizations deal with the impact of technical change on the organization's operation through a(n) _____ control process. ANSWER: change POINTS: 1 REFERENCES: p. 440 H1: Technical Aspects Of Implementation H2: Technology Governance and Change Control QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 91. One of the oldest models of change is the Lewin change model, which consists of three stages: unfreezing, _____, and refreezing. ANSWER: moving Page 31
Name:
Class:
Date:
Module 11 Implementing Information Security POINTS: REFERENCES:
1 p. 442 H1: Nontechnical Aspects Of Implementation H2: The Culture of Change Management QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.11.6 - Compare and contrast among the types of gloves used in dentistry. DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/6/2021 4:05 PM 92. The level of _____ to change impacts the ease with which an organization is able to implement procedural and managerial changes. ANSWER: resistance POINTS: 1 REFERENCES: p. 442 H1: Nontechnical Aspects Of Implementation H2: Considerations for Organizational Change QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: DENT.SING.22.11.6 - Compare and contrast among the types of gloves used in dentistry. DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:12 PM 93. In systems development _____ means getting key representatives of user groups to serve as members of the development process. ANSWER: joint application development JAD joint application development (JAD) POINTS: 1 REFERENCES: p. 419 H1: Introduction To Information Security Implementation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 6/27/2021 7:14 PM Essay Page 32
Name:
Class:
Date:
Module 11 Implementing Information Security 94. List and describe the phases of the traditional systems development life cycle. ANSWER: Investigation The first phase, investigation, is the most important. What problem is the system being developed to solve? The investigation phase begins by examining the event or plan that initiates the process. During this phase, the objectives, constraints, and scope of the project are specified. A preliminary cost-benefit analysis evaluates the perceived benefits and their appropriate levels of cost. At the conclusion of this phase and at every phase afterward, a process will be undertaken to assess economic, technical, and behavioral feasibilities and ensure that implementation is worth the organization’s time and effort. Analysis The analysis phase begins with the information gained during the investigation phase. This phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems. Analysts begin by determining what the new system is expected to do and how it will interact with existing systems. This phase ends with documentation of the findings and an update of the feasibility analysis. Logical Design In the logical design phase, the information gained from the analysis phase is used to begin creating a systems solution for a business problem. In any systems solution, the first and driving factor must be the business need. Based on the business need, applications are selected to provide needed services, and then the team chooses data support and structures capable of providing the needed inputs. Finally, based on all of this, specific technologies are delineated to implement the physical solution. The logical design, therefore, is the blueprint for the desired solution. The logical design is implementation-independent, meaning that it contains no reference to specific technologies, vendors, or products. Instead, it addresses how the proposed system will solve the problem at hand. In this stage, analysts generate estimates of costs and benefits to allow for a general comparison of available options. At the end of this phase, another feasibility analysis is performed. Physical Design During the physical design phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design. The selected components are evaluated based on a make-or-buy decision—the option to develop components in-house or purchase them from a vendor. Final designs integrate various components and technologies. After yet another feasibility analysis, the entire solution is presented to the organization’s management for approval. Implementation In the implementation phase, any needed software is created. Components are ordered, received, and tested. Afterward, users are trained and supporting documentation created. Once all components are tested individually, they are installed and tested as a system. A feasibility analysis is again prepared, and the sponsors are then presented with the system for a performance review and acceptance test. Maintenance and Change The maintenance and change phase is the longest and most expensive of the process. This phase consists of the tasks necessary to support and modify the system for the remainder of its useful life cycle. Even though formal development may conclude during this phase, the life cycle of the project continues until the team determines that the process should begin again from the investigation phase. At periodic points, the system is tested for compliance, and the feasibility of continuance versus discontinuance is evaluated. Upgrades, updates, and patches are managed. As the needs of the organization change, the systems that support the organization must also change. When a current system can no longer support Page 33
Name:
Class:
Date:
Module 11 Implementing Information Security the evolving mission of the organization, the system is retired from use and ongoing maintenance stops. If the services provided by the retired system are still needed, a new project is planned and implemented. POINTS: 1 REFERENCES: p. 419 H1: The Systems Development Life Cycle H2: Traditional Development Methods QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.1 - Explain how an organization’s information security blueprint becomes a project plan DATE CREATED: 9/14/2016 10:30 AM DATE MODIFIED: 6/27/2021 7:14 PM 95. What are the major steps in executing the project plan? ANSWER: The major steps in executing the project plan are: Planning the project Supervising tasks and action steps Wrapping up POINTS: 1 REFERENCES: p. 429 H1: Information Security Project Management QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:48 AM DATE MODIFIED: 9/14/2016 10:48 AM 96. What minimum attributes for project tasks does the WBS document? ANSWER: Work to be accomplished (activities and deliverables) Individuals (or skill set) assigned to perform the task Start and end dates for the task (when known) Amount of effort required for completion in hours or work days Estimated capital expenses for the task Estimated noncapital expenses for the task Identification of dependencies between and among tasks POINTS: 1 REFERENCES: p. 429 H1: Information Security Project Management H2: Developing the Project Plan QUESTION TYPE: Essay HAS VARIABLES: False Page 34
Name:
Class:
Date:
Module 11 Implementing Information Security STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.2 - Explain the significance of the project manager’s role in the success of an information security project DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 9/14/2016 10:49 AM 97. What can the organization do by managing the process of change through a change control process? ANSWER: By managing the process of change, the organization can do the following: - Improve communication about change across the organization - Enhance coordination between groups within the organization as change is scheduled and completed - Reduce unintended consequences by having a process to resolve the conflict and disruption that change can introduce - Improve quality of service as potential failures are eliminated and groups work together - Assure management that all groups are complying with the organization’s policies regarding technology governance, procurement, accounting, and information security POINTS: 1 REFERENCES: p. 440 H1: Technical Aspects Of Implementation H2: Technology Governance and Change Control QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 9/14/2016 10:49 AM DATE MODIFIED: 6/27/2021 7:16 PM Subjective Short Answer 98. What is a milestone, and why is it significant to project planning? ANSWER: A milestone is a specific point in the project plan when a task and its action steps are complete and have a noticeable impact on the progress of the project plan as a whole. For example, the date for sending the final RFP to vendors is considered a milestone because it signals all RFP preparation is complete. POINTS: REFERENCES:
1 p. 431 H2: Developing the Project Plan H1: The Systems Development Life Cycle QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.3 - Discuss the many organizational considerations that a project plan must address DATE CREATED: 6/19/2021 9:39 AM Page 35
Name:
Class:
Date:
Module 11 Implementing Information Security DATE MODIFIED:
6/19/2021 9:41 AM
99. What is gap analysis? How is it used to keep a project in control? ANSWER:
Once a project is under way, it is managed using a process known as gap analysis (also known as a negative feedback loop or cybernetic loop), which ensures that progress is measured periodically. When significant deviation occurs, corrective action is taken to bring the deviating task back into compliance with the project plan; otherwise, the project is revised in light of the new information. POINTS: 1 REFERENCES: p. 435 H1: Information Security Project Management H2: The Need for Project Management QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.4 - Describe the need for professional project management for complex projects DATE CREATED: 6/19/2021 9:39 AM DATE MODIFIED: 6/27/2021 7:17 PM 100. List and describe the four basic conversion strategies that are used when converting to a new system. Under which circumstances is each strategy the best approach? ANSWER: Direct changeover—Also known as going “cold turkey,” a direct changeover involves stopping the old method and beginning the new one. This could be as simple as having employees follow the existing procedure one week and then use a new procedure the next. Some cases of direct changeover are simple, such as a change requiring employees to use a new password that has a stronger degree of authentication, beginning on an announced date. Some cases may be more complex, such as requiring the entire company to change procedures when the network team disables an old firewall and activates a new one. The primary drawback to a direct changeover is that if the new system fails or needs modification, users may be without services while the system’s bugs are worked out. Complete testing of the new system in advance of the direct changeover helps to reduce the probability of such problems. Phased implementation—A phased implementation is the most common conversion strategy; it involves rolling out a piece of the system across the entire organization. This could mean that the security group implements only a small portion of the new security profile, giving users a chance to get used to it and resolving small issues as they arise. This is usually the best approach to security project implementation. For example, if the organization plans to introduce a new VPN solution that employees can use to connect to the organization’s network while they’re traveling, one department per week might be added to the group allowed to use the new VPN. This process would continue until all departments are using the new approach. Pilot implementation—This strategy involves implementing all security improvements in a single office, department, or division and resolving issues within that group before expanding to the rest of the organization. The pilot implementation works well when an isolated group can serve as the “guinea pig,” which keeps the implementation from dramatically affecting the organization’s performance as a whole. The operation of a research and development group, for example, may not affect the organization’s real-time Page 36
Name:
Class:
Date:
Module 11 Implementing Information Security operations and could assist security in resolving issues that emerge. Parallel operations—The parallel operations strategy involves running the new methods alongside the old methods. In general, this means running two systems concurrently. In terms of information systems, it might involve running two firewalls concurrently, for example. Although this approach is usually complex, it can reinforce an organization’s information security by allowing the old system(s) to serve as a backup for the new systems if they fail or are compromised. Drawbacks usually include the need to deal with both systems and maintain both sets of procedures. POINTS: REFERENCES:
1 p. 437 H1: Technical Aspects Of Implementation H2: Conversion Strategies QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.11.5 - Discuss technical strategies and models for implementing a project plan DATE CREATED: 6/19/2021 9:39 AM DATE MODIFIED: 6/19/2021 9:43 AM
Page 37
Name:
Class:
Date:
Module 12 Information Security Maintenance True / False 1. If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Introduction To Information Security Maintenance p. 448 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.1 - Discuss the need for ongoing maintenance of the information security program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 3/29/2018 7:10 PM 2. Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” p. 449 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 9/14/2016 10:51 AM 3. An effective information security governance program requires no ongoing review once it is well established. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 449 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM Page 1
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE MODIFIED:
2/4/2017 7:25 PM
4. There are several key ongoing activities that can assist in monitoring and improving an organization’s information governance activities, including plans of action and milestones, measurement and metrics, continuous assessment and configuration management. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” p. 450 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:12 PM 5. Documentation procedures are not required for configuration and change management processes. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 469 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 9/14/2016 10:51 AM 6. While management models such as the ISO 27000 series and NIST SP 800 series deal with methods to manage and operate systems, a maintenance model is designed to focus the organization’s effort on securing systems. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 470 H1: The Security Maintenance Model QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM Page 2
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE MODIFIED:
6/28/2021 8:13 PM
7. External monitoring entails forming intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: The Security Maintenance Model H2: Monitoring the External Environment p. 470 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 3/2/2018 7:14 PM 8. Carnegie Mellon University's CC-CERT is generally viewed as the definitive authority for computer emergency response teams. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 471 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:13 PM 9. Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 471 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: True / False HAS VARIABLES: False Page 3
Name:
Class:
Date:
Module 12 Information Security Maintenance LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 3/10/2017 5:51 PM 10. Over time, external monitoring processes should capture information about the external environment in a format that can be referenced across the organization as threats emerge and for historical use. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 3/10/2017 5:51 PM 11. The internal monitoring domain is the component of the maintenance model that focuses on identifying, assessing, and managing the physical security of assets in an organization. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 9/14/2016 10:51 AM 12. Organizations should maintain a carefully planned and fully populated inventory of all their computing devices, including hardware, and software - both operating systems and applications. The process of collecting this information is often referred to as characterization.. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 474 Page 4
Name:
Class:
Date:
Module 12 Information Security Maintenance H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:18 PM 13. The target selection step of Internet vulnerability assessment involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation p. 485 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 9/14/2016 10:51 AM 14. internet vulnerability assessment is an assessment approach designed to find and document vulnerabilities that may be present in the organization’s internal networks. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation p. 485 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:18 PM 15. As the platform security validation (PSV) is designed to find and document vulnerabilities in misconfigured systems used in the organization, all systems that are mission critical should be enrolled PSV measurement. a. True b. False Page 5
Name:
Class:
Date:
Module 12 Information Security Maintenance ANSWER: POINTS: REFERENCES:
True 1 p. 487 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:20 PM 16. Wireless vulnerability assessment begins with the planning, scheduling, and notification of all Internet connections, and is usually performed on the organization's networks using every possible approach to penetration testing. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 487 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:21 PM 17. Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability, but the best solution in most cases is to repair the vulnerability, often by applying patch software or implementing a permanent alternative work practice. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 489 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:22 PM Page 6
Name:
Class:
Date:
Module 12 Information Security Maintenance 18. The vulnerability database is an essential part of effective remediation because it helps organizations keep track of specific vulnerabilities as they are reported and remediated. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 488 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:22 PM 19. Remediation is the processes of removing or repairing flaws in information assets that cause a vulnerability or reducing or removing the risk associated with the vulnerability. a. True b. False ANSWER: POINTS: REFERENCES:
True 1 p. 488 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:23 PM 20. The most common vulnerability repair is the disabling of an application's associated port; this usually allows the system function in the expected fashion and removes the vulnerability. a. True b. False ANSWER: False POINTS: 1 REFERENCES: p. 489 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability Page 7
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE CREATED: DATE MODIFIED:
assessment, and remediation tie into information security maintenance 9/14/2016 10:51 AM 6/28/2021 8:40 PM
21. Policy needs to be reviewed and refreshed from time to time to ensure that it’s providing a current foundation for the information security program. a. True b. False ANSWER: True POINTS: 1 REFERENCES: H1: The Security Maintenance Model H2: Readiness and Review p. 489 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 9/14/2016 10:51 AM 22. Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 489 H1: The Security Maintenance Model H2: Readiness and Review QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 9/14/2016 10:51 AM 23. Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed. a. True b. False ANSWER: True POINTS: 1 REFERENCES: p. 490 H1: The Security Maintenance Model H2: Readiness and Review Page 8
Name:
Class:
Date:
Module 12 Information Security Maintenance QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 9/14/2016 10:51 AM 24. Physical security is not as important as logical or computer security to an information security program. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Physical Security p. 490 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 6/23/2021 9:54 AM DATE MODIFIED: 6/28/2021 8:41 PM 25. A secure facility uses a different defense-in-depth strategy as logical network security. a. True b. False ANSWER: False POINTS: 1 REFERENCES: H1: Physical Security H2: Physical Access Controls p. 491 QUESTION TYPE: True / False HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 6/23/2021 9:55 AM DATE MODIFIED: 6/23/2021 9:57 AM Modified True / False 26. An effective information security governance program requires constant change. _____ ANSWER: False - review POINTS: 1 REFERENCES: p. 449 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False Page 9
Name:
Class:
Date:
Module 12 Information Security Maintenance STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 27. NIST Special Publication (SP) 800-100, “Information Security Handbook: A Guide for Managers,” provides managerial guidance for the establishment and implementation of an information security program; in particular, it addresses the ongoing tasks expected of an information security manager once the program is working and day-to-day operations are established. _____ ANSWER: True POINTS: 1 REFERENCES: p. 449 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:43 PM 28. The security development life cycle (SDLC) is the overall process of developing, implementing, and retiring information systems through a multistep approach—from initiation to maintenance and eventually disposal. _____ ANSWER: False - systems POINTS: 1 REFERENCES: p. 450 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:46 PM 29. For configuration management and control, it is important to document the proposed or actual changes in the system security plan. _____ ANSWER: True POINTS: 1 REFERENCES: p. 450 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 10
Name:
Class:
Date:
Module 12 Information Security Maintenance LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 30. Configuration change management is an approach to implementing system change that uses policies, procedures, techniques, and tools to manage and evaluate proposed changes, track changes through completion, and maintain systems security and supporting documentation. _____ ANSWER: False - inventory POINTS: 1 REFERENCES: p. 453 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:47 PM 31. A significant number of help-desk trouble tickets are the result of user access issues involving hackers and other mechanisms of authentication, authorization, and accountability, which can be reduced but not eliminated by proper user training and ongoing awareness campaigns. _____ ANSWER: False - passwords POINTS: 1 REFERENCES: p. 466 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:48 PM 32. In some organizations, status management is the identification, inventory, and documentation of the current information system's status—hardware, software, and networking configurations. _____ ANSWER: False - configuration POINTS: 1 REFERENCES: p. 466 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program Page 11
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE CREATED: DATE MODIFIED:
9/14/2016 10:51 AM 6/28/2021 8:48 PM
33. CCM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. _____ ANSWER: True POINTS: 1 REFERENCES: p. 467 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:49 PM 34. CERT stands for "computer emergency recovery team." _____ ANSWER: False - response POINTS: 1 REFERENCES: p. 471 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 35. TechTarget is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities and is sponsored in part by SecurityFocus. _____ ANSWER: False - Bugtraq POINTS: 1 REFERENCES: p. 473 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:50 PM Page 12
Name:
Class:
Date:
Module 12 Information Security Maintenance 36. Specific warning plans are issued when developing threats and specific attacks pose a measurable risk to the organization. _____ ANSWER: False - bulletins POINTS: 1 REFERENCES: p. 473 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:51 PM 37. The basic function of the external monitoring process is to monitor activity, report results, and escalate warnings. _____ ANSWER: True POINTS: 1 REFERENCES: p. 473 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 38. The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all the organization’s networks, information systems, and information security defenses. _____ ANSWER: False - internal POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM Page 13
Name:
Class:
Date:
Module 12 Information Security Maintenance 39. Organizations should have a carefully planned and fully populated inventory of all their network devices, communication channels, and computing devices. _____ ANSWER: True POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 40. A traffic analysis is a procedure that compares the current state of a network segment against a known previous state of the same network segment (the baseline of systems and services). _____ ANSWER: False - difference POINTS: 1 REFERENCES: p. 475 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:53 PM 41. An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. _____ ANSWER: True POINTS: 1 REFERENCES: p. 475 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM Page 14
Name:
Class:
Date:
Module 12 Information Security Maintenance 42. The process of identifying and documenting specific and provable flaws in the organization’s information asset environment is called vulnerability assessment (VA). _____ ANSWER: True POINTS: 1 REFERENCES: p. 481 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 43. The internal vulnerability assessment is usually performed against every device that is exposed to the Internet, using every possible penetration testing approach. _____ ANSWER: False - Internet POINTS: 1 REFERENCES: p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 44. A vulnerability analyst screens test results for possible vulnerabilities logged during scanning by performing three tasks: classify the test level, validate its existence and document the results. _____ ANSWER: False - risk POINTS: 1 REFERENCES: p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:54 PM Page 15
Name:
Class:
Date:
Module 12 Information Security Maintenance 45. WAP driving is the use of mobile scanning techniques to identify open wireless access points. _____ ANSWER: False - War POINTS: 1 REFERENCES: p. 488 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:55 PM 46. The final function in the vulnerability assessment and remediation domain is the maintenance phase. _____ ANSWER: False - remediation POINTS: 1 REFERENCES: p. 488 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:55 PM 47. The best method of remediation in most cases is to repair a vulnerability often by applying patch software or implementing a permanent alternative work practice. _____ ANSWER: True POINTS: 1 REFERENCES: p. 489 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:56 PM 48. When possible, major incident response plan elements should be rehearsed, which adds value by providing the Page 16
Name:
Class:
Date:
Module 12 Information Security Maintenance opportunity to improve the security plan before it is needed. _____ ANSWER: True POINTS: 1 REFERENCES: p. 489 H1: The Security Maintenance Model H2: Readiness and Review QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:57 PM 49. Because early CMM approaches were intended to improve the software development process, their use in assessing and improving security management systems was somewhat limited. _____ ANSWER: True POINTS: 1 REFERENCES: p. 490 H1: The Security Maintenance Model H2: Readiness and Review QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:58 PM 50. A type of rehearsal known as a war game, or simulation exercise, puts a subset of plans in place to create a realistic test environment. _____ ANSWER: True POINTS: 1 REFERENCES: p. 490 H1: The Security Maintenance Model H2: Readiness and Review QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:58 PM 51. A(n) data center is a small room or enclosure with separate entry and exit points, designed to restrain a person who Page 17
Name:
Class:
Date:
Module 12 Information Security Maintenance fails an access authorization attempt. _____ ANSWER: False - mantrap POINTS: 1 REFERENCES: p. 493 H1: Physical Security H2: Physical Access Controls QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 6/23/2021 9:59 AM DATE MODIFIED: 6/28/2021 8:59 PM 52. Fire suppression systems typically work by denying an environment one of the three requirements for a fire to burn: temperature (an ignition source), fuel, and oxygen. ANSWER: True POINTS: 1 REFERENCES: p. 494 H1: Physical Security H2: Fire Security and Safety QUESTION TYPE: Modified True / False HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 6/23/2021 10:02 AM DATE MODIFIED: 6/23/2021 10:02 AM Multiple Choice 53. _____ are a component of the "security triple." a. Threats b. Assets c. Vulnerabilities d. All of these are correct ANSWER: d POINTS: 1 REFERENCES: p. 448 H1: Introduction To Information Security Maintenance QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.1 - Discuss the need for ongoing maintenance of the information security program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 8:59 PM 54. A primary mailing list for new vulnerabilities, called simply _____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for Page 18
Name:
Class:
Date:
Module 12 Information Security Maintenance the flagship mailing list or any one of the entire family of its mailing lists. a. Bugs b. Bugfix c. Buglist d. Bugtraq ANSWER: d POINTS: 1 REFERENCES: p. 473 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 55. U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) coordinates CERT services at ________. a. US-CERT b. Bugtraq c. CM-CERT d. CERT/CC ANSWER: a POINTS: 1 REFERENCES: p. 472 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:00 PM 56. The _____ Web site is home to several security tools including the leading free network exploration tool, Nmap. a. insecure.org b. Packet Storm c. Security Focus d. Snort-sigs ANSWER: a POINTS: 1 REFERENCES: p. 472 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM Page 19
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE MODIFIED:
6/28/2021 9:01 PM
57. The _____ commercial site focuses on current security tool resources. a. Nmap-hackerz b. Packet Storm c. Security Laser d. Snort-SIGs ANSWER: b POINTS: 1 REFERENCES: p. 472 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 58. The monitoring process has three primary deliverables. Which of the following is NOT one of them?. a. Specific warning bulletins issued when developing threats and specific b. Periodic summaries of attacks pose a measurable risk to the organization external information c. Detailed intelligence on the highest-risk warnings d. All of these are correct ANSWER: d POINTS: 1 REFERENCES: p. 473 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:03 PM 59. Detailed intelligence on the highest risk warnings can include identifying which _____ apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported. a. risks b. vendor updates c. threats d. assets ANSWER: b POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external Page 20
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE CREATED: DATE MODIFIED:
and internal environment 9/14/2016 10:51 AM 6/28/2021 9:04 PM
60. A process called _____ examines the data packets that flows through a system and its associated devices to identify the most frequently used devices. a. difference analysis b. traffic analysis c. schema analysis d. data flow assessment ANSWER: b POINTS: 1 REFERENCES: p. 475 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:05 PM 61. One approach that can improve the situational awareness of the information security function is to use a process known as _____ to quickly identify changes to the internal environment. a. baselining b. difference analysis c. differentials d. revision ANSWER: b POINTS: 1 REFERENCES: p. 475 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 62. The _____ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization. a. ASP b. ISP c. SVP d. PSV ANSWER: d POINTS: 1 REFERENCES: p. 487 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation Page 21
Name:
Class:
Date:
Module 12 Information Security Maintenance QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 63. _____, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source like a hacker. a. Penetration testing b. Penetration simulation c. Attack simulation d. Attack testing ANSWER: a POINTS: 1 REFERENCES: p. 482 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:06 PM 64. Common vulnerability assessment processes include: a. Internet VA b. wireless VA c. intranet VA d. all of these are correct answers ANSWER: d POINTS: 1 REFERENCES: p. 481 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:07 PM 65. _____ penetration testing, also known as disclosure testing, is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target. a. White box b. Black box c. Gray box d. Green box ANSWER: a POINTS: 1 Page 22
Name:
Class:
Date:
Module 12 Information Security Maintenance REFERENCES:
p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:07 PM 66. A step commonly used for Internet vulnerability assessment includes _____, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection. a. scanning b. subrogation c. delegation d. targeting ANSWER: a POINTS: 1 REFERENCES: p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 67. The _____ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network. a. intranet b. Internet c. LAN d. WAN ANSWER: a POINTS: 1 REFERENCES: p. 486 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 68. The _____ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization’s wireless local area networks. a. wireless b. phone-in Page 23
Name:
Class:
Date:
Module 12 Information Security Maintenance c. battle-dialing ANSWER: POINTS: REFERENCES:
d. network a 1 p. 487 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 69. _____ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. a. System review b. Vulnerability assessment c. Program review d. Application review ANSWER: c POINTS: 1 REFERENCES: p. 489 H1: The Security Maintenance Model H2: Readiness and Review QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:07 PM 70. Most guards have clear __________ that help them to act decisively in unfamiliar situations. a. MACs b. SOPs c. POSs d. OPSs ANSWER: b POINTS: 1 REFERENCES: H1: Physical Security p. 492 H2: Physical Security Controls QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 9/14/2016 10:47 AM DATE MODIFIED: 9/14/2016 10:47 AM 71. __________ occurs when an authorized person opens a door, and other people, who may or may not be authorized, also enter. Page 24
Name:
Class:
Date:
Module 12 Information Security Maintenance a. Crowdsurfing c. Shoulder surfing ANSWER: POINTS: REFERENCES:
b. Tailgating d. Hitchhiking b 1 p. 492 H1: Physical Security H2: Physical Access Controls QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 9/14/2016 10:47 AM DATE MODIFIED: 6/28/2021 9:08 PM 72. Which of the following are NOT technologies commonly deployed in biometric locks? a. retina scanners b. palm readers c. voice readers d. breathalyzer ANSWER: d POINTS: 1 REFERENCES: p. 493 H1: Physical Security H2: Physical Security Controls QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 9/14/2016 10:47 AM DATE MODIFIED: 6/28/2021 9:10 PM 73. One of the leading causes of damage to sensitive circuitry is __________. a. CPU b. EPA c. ESD d. HVAC ANSWER: c POINTS: 1 REFERENCES: p. 495 H1: Physical Security H2: Heating, Ventilation, and Air Conditioning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 9/14/2016 10:47 AM DATE MODIFIED: 9/14/2016 10:47 AM 74. A device that assures the delivery of electric power without interruption is a(n) __________. a. GFCI b. HVAC c. GPS d. UPS Page 25
Name:
Class:
Date:
Module 12 Information Security Maintenance ANSWER: POINTS: REFERENCES:
d 1 p. 495 H1: Physical Security H2: Power Management and Conditioning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 9/14/2016 10:47 AM DATE MODIFIED: 9/14/2016 10:47 AM 75. Computing and other electrical equipment used in areas where water can accumulate must be uniquely grounded using __________ equipment. a. UPS b. HVAC c. GFCI d. ESD ANSWER: c POINTS: 1 REFERENCES: p. 495 H1: Physical Security H2: Power Management and Conditioning QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 9/14/2016 10:47 AM DATE MODIFIED: 3/10/2017 12:15 AM 76. Data or the trends in data that may indicate the effectiveness of security countermeasures or technical and managerial controls implemented in the organization are known as performance _____. a. indices b. monitors c. measurements d. evaluators ANSWER: c POINTS: 1 REFERENCES: p. 455 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 6/23/2021 10:41 AM DATE MODIFIED: 6/23/2021 10:43 AM 77. The InfoSec measurement development process recommended by NIST is divided into major activities that include all Page 26
Name:
Class:
Date:
Module 12 Information Security Maintenance of the following EXCEPT _____. a. Identification and definition of the current InfoSec program. b. Development and selection of specific measurements to gauge the implementation, effectiveness, efficiency, and impact of the security controls. c. Usage of the selected metrics. d. All other answers here are included in the NIST development process recommendation. ANSWER: c POINTS: 1 REFERENCES: H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” p. 457 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 6/23/2021 10:44 AM DATE MODIFIED: 6/23/2021 10:49 AM 78. _____ is one of the most crucial ongoing responsibilities in security management with strategic, tactical, and operating elements that must align with and support organizational and IT objectives. a. Organizing b. Controlling c. Supervision d. Planning ANSWER: d POINTS: 1 REFERENCES: H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” p. 460 QUESTION TYPE: Multiple Choice HAS VARIABLES: False LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 6/23/2021 10:44 AM DATE MODIFIED: 6/23/2021 10:55 AM Completion 79. Almost all aspects of a company’s environment are dynamic, meaning _____ that were originally assessed in the early stages of the project’s systems development life cycle have probably changed and new priorities have emerged. ANSWER: threats assets POINTS: 1 REFERENCES: p. 448 H1: Introduction To Information Security Maintenance QUESTION TYPE: Completion HAS VARIABLES: False Page 27
Name:
Class:
Date:
Module 12 Information Security Maintenance STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.1 - Discuss the need for ongoing maintenance of the information security program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:12 PM 80. An automated tool known as a log _____ can consolidate system logs, perform comparative analysis, and detect common occurrences or behavior of interest. ANSWER: analyzer POINTS: 1 REFERENCES: p. 461 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:13 PM 81. It is critical that any effort performed within the security program follows a _____ improvement approach involving periodic review and assessment of any implemented change. ANSWER: continuous POINTS: 1 REFERENCES: p. 449 H1: Security Management Maintenance Models QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/28/2021 9:13 PM 82. A _____ configuration is a current record of the configuration of the information system for use in comparisons to future states. ANSWER: baseline POINTS: 1 REFERENCES: p. 453 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program Page 28
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE CREATED: DATE MODIFIED:
9/14/2016 10:51 AM 6/6/2021 4:13 PM
83. One key advantage to having formal help-desk software is the ability to create and develop a _____ of common problems and solutions, which can be searched when a user problem comes up. ANSWER: knowledge base database POINTS: 1 REFERENCES: p. 466 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:11 PM 84. The objective of the _____ monitoring domain within the maintenance model is to provide early awareness of new and emerging threats, threat agents, vulnerabilities, and attacks that the organization needs in order to mount an effective and timely defense. ANSWER: external POINTS: 1 REFERENCES: p. 470 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:24 PM 85. When an organization uses specific hardware and software products as part of its information security program, the _____ often provides either direct support or indirect tools that allow user communities to support each other. ANSWER: vendors vendor POINTS: 1 REFERENCES: p. 471 H1: The Security Maintenance Model H2: Monitoring the External Environment QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 29
Name:
Class:
Date:
Module 12 Information Security Maintenance LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/19/2021 11:03 PM 86. The primary goal of the _____ monitoring domain is an informed awareness of the state of all the organization’s networks, information systems, and information security defenses. ANSWER: internal POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 87. The process of collecting detailed information about devices in a network that may not be owned by the organization but are essential to its continued partnership with another company, is often referred to as _____. ANSWER: characterization POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:24 PM 88. Partner _____ are the network devices, communications channels, and applications that may not be owned by the organization but are essential to the organization’s cooperation with another company. ANSWER: interconnections POINTS: 1 REFERENCES: p. 474 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 30
Name:
Class:
Date:
Module 12 Information Security Maintenance LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:25 PM 89. A(n) _____ analysis is a procedure that compares the current state of a network segment (the systems and services it offers) against a known previous state of that same network segment (the baseline of systems and services). ANSWER: difference POINTS: 1 REFERENCES: p. 475 H1: The Security Maintenance Model H2: Monitoring the Internal Environment QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.4 - Identify the key factors involved in monitoring the external and internal environment DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 90. The primary objective of the planning and _____ domain is to keep a lookout over the entire information security program in part by identifying and planning ongoing information security activities that further reduce risk. ANSWER: risk assessment POINTS: 1 REFERENCES: p. 476 H1: The Security Maintenance Model H2: Planning and Risk Assessment QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:26 PM 91. A recommended approach to the information security program planning and review function is to take advantage of the fact that most larger organizations have annual _____ budget planning cycles to develop an annual list of project ideas. ANSWER: capital POINTS: 1 REFERENCES: p. 477 H1: The Security Maintenance Model H2: Planning and Risk Assessment QUESTION TYPE: Completion HAS VARIABLES: False Page 31
Name:
Class:
Date:
Module 12 Information Security Maintenance STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:27 PM 92. The primary goal of the vulnerability assessment and _____ domain is to identify specific, documented vulnerabilities and remediate them in a timely fashion. ANSWER: remediation POINTS: 1 REFERENCES: p. 481 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 93. The _____ tester’s ultimate responsibility is to identify weaknesses in the security of the organization’s systems and networks and then present findings to the system owners in a detailed report. ANSWER: pen penetration POINTS: 1 REFERENCES: p. 482 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 94. The _____ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's public network. ANSWER: Internet POINTS: 1 REFERENCES: p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion Page 32
Name:
Class:
Date:
Module 12 Information Security Maintenance HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 95. The _____ step of an Internet vulnerability assessment occurs when a knowledgeable and experienced vulnerability analyst screens test results for candidate vulnerabilities logged during scanning. ANSWER: analysis POINTS: 1 REFERENCES: p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:28 PM 96. A(n) _____ risk is one that is higher than the risk appetite of the organization. ANSWER: significant POINTS: 1 REFERENCES: p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 97. As part of the analysis step of Internet Vulnerability Assessment is to _____ the existence of the vulnerability when appropriate. ANSWER: validate POINTS: 1 REFERENCES: p. 485 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False Page 33
Name:
Class:
Date:
Module 12 Information Security Maintenance STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:30 PM 98. The _____ step in the intranet vulnerability assessment is identical to the one followed in Internet vulnerability analysisand involves documenting the details of the vulnerability in a database. ANSWER: record-keeping POINTS: 1 REFERENCES: p. 486 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:31 PM 99. The _____ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks. ANSWER: wireless POINTS: 1 REFERENCES: p. 487 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 100. In wireless vulnerability assessment's _____ selection, all areas of the organization’s premises should be scanned with a portable wireless network scanner. ANSWER: target POINTS: 1 REFERENCES: p. 488 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False Page 34
Name:
Class:
Date:
Module 12 Information Security Maintenance STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:32 PM 101. An attacker's use of a laptop while driving around looking for open wireless connections is often called _____ driving. ANSWER: war POINTS: 1 REFERENCES: p. 487 H1: The Security Maintenance Model H2: Vulnerability Assessment and Remediation QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/29/2021 6:32 PM 102. The primary goal of the readiness and _____ domain is to keep the information security program functioning as designed and improve it continuously over time. ANSWER: review POINTS: 1 REFERENCES: p. 489 H1: The Security Maintenance Model H2: Readiness and Review QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM 103. Rehearsals that use plans as realistically as possible are called _____ games. ANSWER: war POINTS: 1 REFERENCES: p. 490 H1: The Security Maintenance Model H2: Readiness and Review QUESTION TYPE: Completion HAS VARIABLES: False STUDENT ENTRY MODE: Basic Page 35
Name:
Class:
Date:
Module 12 Information Security Maintenance LEARNING OBJECTIVES: POIS.WHMA.22.12.6 - Explain how to build readiness and review procedures into information security maintenance DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/6/2021 4:13 PM Essay 104. List the five steps to developing a CCM plan. ANSWER: Identify Change Evaluate Change Request Implementation Decision Implement Approved Change Request Continuous Monitoring POINTS: 1 REFERENCES: p. 468 H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.3 - Define a model for a full maintenance program DATE CREATED: 9/14/2016 10:51 AM DATE MODIFIED: 6/19/2021 11:17 PM 105. What is configuration and change management (CCM) and why is it important? ANSWER: For configuration and change management (CCM), also known as configuration management (CM), it is important to document proposed or actual changes in the system security plan. Information systems are typically in a constant state of evolution, with upgrades to hardware, software, and firmware and possible modifications to the system’s surrounding environment. Documenting information system changes and assessing their potential impact on system security is an essential part of continuous monitoring and key to avoiding a lapse in system security accreditation. Monitoring security controls helps to identify potential security problems in the information system that are not identified during the security impact analysis. This analysis is conducted as part of the CM and control process. POINTS: REFERENCES:
1 H1: Introduction to Information Security Maintenance H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” p. 452 QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.1 - Discuss the need for ongoing maintenance of the information security program DATE CREATED: 6/23/2021 9:47 AM Page 36
Name:
Class:
Date:
Module 12 Information Security Maintenance DATE MODIFIED:
6/29/2021 6:34 PM
106. What is a security facility? Provide an description of a secure facility from the employee's perspective, from with the parking lot to their office. ANSWER: A secure facility is A physical location with access barriers and controls in place to minimize the risk of attacks from physical threats. A secure facility includes the same defense-in-depth strategy as logical network security. Any intrusion attempt, whether natural or human-made, should be confronted with multiple layers of defense, including those for the facility’s location, the drive to and onto the facility grounds, and multiple layers of physical access controls needed to gain access to information. This could start with a facility guard at the employee parking lot, continue through a keycard mantrap, and end in the lock-and-key process necessary to access employees’ individual offices. POINTS: REFERENCES:
1 p. 491 H1: Physical Security H2: Physical Access Controls QUESTION TYPE: Essay HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.7 - Discuss physical security controls DATE CREATED: 9/14/2016 10:47 AM DATE MODIFIED: 6/29/2021 6:37 PM Subjective Short Answer 107. What is a management maintenance model? What does it accomplish? ANSWER: A management model deals with methods to manage and operate a particular business operation. It is designed to provide clear guidelines for accomplishing the outlined goals of the organization. POINTS: 1 REFERENCES: H1: Security Management Maintenance Models p. 449 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.2 - Describe recommended security management models DATE CREATED: 6/23/2021 9:47 AM DATE MODIFIED: 6/23/2021 11:01 AM 108. What is the difference between vulnerability assessment and penetration testing? ANSWER: The primary goal of the vulnerability assessment is to identify specific, documented vulnerabilities using the inventory of environment characteristics stored in the risk, threat, and attack database. These vulnerabilities are stored, tracked, and reported in the vulnerability database until they are remediated. Penetration testing, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a Page 37
Name:
Class:
Date:
Module 12 Information Security Maintenance malicious hacker. A penetration test, or pen test, is usually performed periodically as part of a full security audit. In most security tests, such as vulnerability assessments, great care is taken not to disrupt normal business operations, but in pen testing the analyst tries to get as far as possible by simulating the actions of an attacker. POINTS: 1 REFERENCES: p. 482 H2: Vulnerability Assessment and Remediation H1: The Security Maintenance Model QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.5 - Describe how planning, risk assessment, vulnerability assessment, and remediation tie into information security maintenance DATE CREATED: 6/23/2021 9:47 AM DATE MODIFIED: 6/23/2021 11:04 AM 109. What is InfoSec performance management and what is it used for? ANSWER: InfoSec performance management is the process of designing, implementing, and managing the use of collected data elements (called measurements or metrics) to determine the effectiveness of the overall security program. Performance measurements (or performance measures) are the data points or trends computed from such measurements that may indicate the effectiveness of security countermeasures or technical and managerial controls implemented in the organization. Some countermeasures are technical, while others are managerial. Both types require some method of assessing the results of their use. Control approaches that are not effective should be modified or replaced, and those that are effective should be supported and continued. Measurement supports managerial decision making, increased accountability, and improved effectiveness of the InfoSec function. Also, by enabling the collection, analysis, and reporting of critical performance data, measurements help organizations align InfoSec performance and objectives with the organization’s overall mission. POINTS: 1 REFERENCES: H1: Security Management Maintenance Models H2: NIST SP 800-100, “Information Security Handbook: A Guide for Managers” p. 455 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False STUDENT ENTRY MODE: Basic LEARNING OBJECTIVES: POIS.WHMA.22.12.2 - Describe recommended security management models DATE CREATED: 6/23/2021 9:47 AM DATE MODIFIED: 6/29/2021 6:40 PM
Page 38