1

The most successful kind of top-down approach involves a formal

development strategy referred to as a ____.
1. systems development life cycle
2. systems schema
3. systems design
4. development life project
true

Save Answer

2.
(Points: 1)
What is the methodology for the design and implementation of an
information system in an organization.
1. LCSD
2. DSLC
3. CLSD
4. SDLC
true

Save Answer

3.
(Points: 1)
Organisations that are seeking to improve not only the
functionality of the systems they have in place, but the
confidence of the consumer in their product, refer to this
process as.

1. availability-focused development
2. reliability-focused development
3. security-focused development
4. accessability-focused development
true

Save Answer

4.
(Points: 1)
____ was the first and only operating system created with
security as its primary goal.
1. ARPANET
2. DOS
3. MULTICS
4. UNIX
true

Save Answer

5.
(Points: 1)
A computer is the ____ of an attack when it is used to conduct
the attack.
1. subject
2. facilitator
3. target
4. object
false

Save Answer

6.
(Points: 1)
What type of security addresses the issues necessary to protect
the tangible items, objects, or areas of an organization from
unauthorized access and misuse.
1. Standard
2. Personal
3. Physical
4. Object
false

Save Answer

7.
(Points: 1)
This presents a comprehensive model for information security and
is becoming the evaluation standard for the security of
information systems.
1. IEEE 802.11 (g)
2. NSTISSI No. 4011
3. ISO 17788
4. NIST SP 800-12
false

Save Answer

8.

(Points: 1)
An Information System is the entire set of ____, people,
procedures, and networks necessary to use information as a
resource in the organization.
1. hardware
2. software
3. All of the above
4. data
false

Save Answer

9.
(Points: 1)
What term is used to describe an attack is when a hacker uses his
or her personal computer to break into a system.
1. hardware
2. indirect
3. direct
4. software
false

Save Answer

10.
(Points: 1)
What method is usually the best approach to security project
implementation.
1. direct changeover
2. phased implementation

3. parallel operation
4. pilot implementation
false

Save Answer

11.
(Points: 1)
The goal of the ____ is to resolve any pending issues, critique
the overall effort of the project, and draw conclusions about how
to improve the process for the future.
1. direct changeover
2. wrap-up
3. pilot implementation
4. phased implementation
false

Save Answer

12.
(Points: 1)
Implementing all security improvements in a single office,
department, or division, and resolving issues within that group
before expanding to the rest of the organisation. What is this
implementation process referred to?
1. pilot
2. direct
3. parallel
4. loop
false

Save Answer

13.
(Points: 1)
Technology ____ deals with how frequently technical systems are
updated, and how technical updates are approved and funded.
1. wrap-up
2. turnover
3. changeover
4. governance
false

Save Answer

14.
(Points: 1)
The Lewin change model consists of ____.
1. refreezing
2. All of the above
3. unfreezing
4. moving
false

Save Answer

15.
(Points: 1)
Which department in large organisations places the information
security personnel?

1. production
2. management
3. financial
4. information technology
false

Save Answer

16.
(Points: 1)
These staff are the real techies, who create and install security
solutions.
1. Builders
2. Definers
3. Senior managers
4. Administrators
false

Save Answer

17.
(Points: 1)
This position is typically considered the top information
security officer in the organization.
1. CIFO
2. CISO
3. CTO
4. CEO

false

Save Answer

18.
(Points: 1)
These members of staff are the technically qualified individuals
tasked to configure firewalls, deploy IDSs, implement security
software, diagnose and troubleshoot problems, and coordinate with
systems and network administrators to ensure that an
organisation's security technology is properly implemented.
1. Security managers
2. CISOs
3. Security technicians
4. CSOs
false

Save Answer

19.
(Points: 1)
What are a component of the security triple?
1. Threats
2. Assets
3. Vulnerabilities
4. All of the above
false

Save Answer

20.
(Points: 1)
The ____ is a part of the US-CERT and is located at the Software
Engineering Institute, a federally funded research and
development center operated by Carnegie Mellon University.
1. CERT/CC
2. Bug/CERT
3. CC/CERT
4. Bugtraq/CERT
false

Save Answer

21.
(Points: 1)
Detailed ____ on the highest risk warnings can include
identifying which vendor updates apply to which vulnerabilities
as well as which types of defenses have been found to work
against the specific vulnerabilities reported.
1. intelligence
2. None of the above
3. escalation
4. monitoring
false

Save Answer

22.
(Points: 1)
One approach that can improve the situational awareness of the
information security function uses a process known as ____ to

quickly identify changes to the internal environment.

1. difference analysis
2. baseline
3. differential
4. revision
false

Save Answer

23.
(Points: 1)
The information security personnel who perform penetration
testing are often consultants or outsourced contractors, and are
commonly referred to as?
1. All of the above
2. tiger teams
3. whitehat hackers
4. ethical hackers
false

Save Answer

24.
(Points: 1)
A ____ is a statement of the boundaries of the Risk Assessment.
1. footer
2. scope
3. disclaimer

4. head
false

Save Answer

25.
(Points: 1)
This process involves security personnel simulating or performing
specific and controlled attacks to compromise or disrupt their
own systems by exploiting documented vulnerabilities.
1. Attack simulation
2. Penetration testing
3. Attack testing
4. Penetration simulation
false

Save Answer

26.
(Points: 1)
This type of management is the administration of changes in the
strategy, operation, or components of the information security
program.
1. Update
2. Change
3. Upload
4. Revision
false

Save Answer

27.
(Points: 1)
The Plan-Do-Check-Act process is an implementation of the ____
approach to internal controls to manage risk.
1. CNSS 4012
2. ISO 1899
3. ISO 27001
4. NIST SP800-12
false

Save Answer

28.
(Points: 1)
Which of the following functions does information security
perform for an organization?
1. Protects the data the organization collects and uses.
2. Enables the safe operation of applications implemented on
the organizations IT systems.
3. Protects the organizations ability to function.
4. All of the above.
false

Save Answer

29.
(Points: 1)
As frustrating as viruses and worms are, perhaps more time and
money is spent on resolving ____.

1. power faults
2. urban legends
3. hoaxes
4. false alarms
false

Save Answer

30.
(Points: 1)
Web hosting services are usually arranged with an agreement
providing minimum service levels known as a ____.
1. MIN
2. SSL
3. MSL
4. SLA
false

Save Answer

31.
(Points: 1)
In this type of attack, the attacker sends a large number of
connection or information requests to a target.
1. spam
2. denial-of-service
3. virus
4. distributed denial-of-service
false

Save Answer

32.
(Points: 1)
Acts of ____ can lead to unauthorized real or virtual actions
that enable information gatherers to enter premises or systems
they have not been authorized to enter.
1. bypass
2. trespass
3. security
4. nature
false

Save Answer

33.
(Points: 1)
Deliberate software attacks are referred to as?
1. malicious code
2. All of the above
3. malware
4. malicious software
false

Save Answer

34.
(Points: 1)
Software programs that hide their true nature, and reveal their

designed behavior only when activated are referred to as:

1. Trojan horses
2. Spam
3. Worms
4. Viruses
false

Save Answer

35.
(Points: 1)
Which Australian act has penalties relating to the improper use
of ICT equipment?
1. Copyright Act
2. Computer Crimes Act
3. Sarbanes-Oxley Act
4. Criminal Code Act
false

Save Answer

36.
(Points: 1)
Risk ____ is the process of applying safeguards to reduce the
risks to an organizations data and information systems.
1. security
2. management
3. control

4. identification
false

Save Answer

37.
(Points: 1)
Management of classified data includes its storage and ____.
1. destruction
2. All of the above
3. distribution
4. portability
false

Save Answer

38.
(Points: 1)
There are individuals who search trash and recycling a
practice known as ____ to retrieve information that could
embarrass a company or compromise information security.
1. side view
2. garbage collection
3. dumpster diving
4. recycle diving
false

Save Answer

39.
(Points: 1)
What equals likelihood of vulnerability occurrence times value
(or impact) minus percentage risk already controlled plus an
element of uncertainty?
1. Risk
2. Probability
3. Possibility
4. Chance
false

Save Answer

40.
(Points: 1)
The concept of competitive ____ refers to the need to avoid
falling behind the competition.
1. failure
2. benefit
3. advantage
4. disadvantage
false

Save Answer

41.
(Points: 1)
____ feasibility addresses user acceptance and support,
management acceptance and support, and the overall requirements
of the organizations stakeholders.

1. Political
2. Operational
3. Technical
4. Organizational
false

Save Answer

42.
(Points: 1)
Risk ____ defines the quantity and nature of risk that
organizations are willing to accept as they evaluate the
tradeoffs between perfect security and unlimited accessibility.
1. acceptance
2. benefit
3. appetite
4. avoidance
false

Save Answer

43.
(Points: 1)
Strategic planning is the process of moving the organisation
towards its?
1. vision
2. mission
3. standard
4. policy

false

Save Answer

44.
(Points: 1)
Incident damage ____ is the rapid determination of the scope of
the breach of the confidentiality, integrity, and availability of
information and information assets during or just following an
incident.
1. evaluation
2. assessment
3. plan
4. recovery
false

Save Answer

45.
(Points: 1)
A ____ is a private data network that makes use of the public
telecommunication infrastructure, maintaining privacy through the
use of a tunneling protocol and security procedures.
1. SESAME
2. SVPN
3. VPN
4. KERBES
false

Save Answer

46.
(Points: 1)
The restrictions most commonly implemented in packet filtering
firewalls are based on ____.
1. IP source and destination address
2. All of the above
3. TCP or UDP source and destination port requests
4. Direction (inbound or outbound)
false

Save Answer

47.
(Points: 1)
What kind of filtering allows the firewall to react to an
emergent event and update or create rules to deal with the event?
1. Stateless
2. Stateful
3. Static
4. Dynamic
false

Save Answer

48.
(Points: 1)
Most guards have clear ____ that help them to act decisively in
unfamiliar situations.
1. POSs

2. SOPs
3. MACs
4. OPSs
false

Save Answer

49.
(Points: 1)
This occurs when an authorized individual presents a key to open
a door, and other individuals, who may or may not be authorized,
also enter through.
1. Tailgating
2. Freeloading
3. Sidegating
4. Hitchhiking
false

Save Answer

50.
(Points: 1)
Electronic monitoring includes ____ systems.
1. open-circuit television
2. blocked video
3. closed-circuit television
4. local video
false

Save Answer