Mid Term Exam

Post on 02-Mar-2016

113 views 0 download


Mid Term Exam

Transcript of Mid Term Exam

Top of Form

Grading SummaryThese are the automatically computed results of your exam. Grades for essay questions, and comments from your instructor, are in the "Details" section below. Date Taken: 7/31/2014

Time Spent:2 h , 00 secs

Points Received:440 / 495 (88.9%)

Question Type:# Of Questions:# Correct:

Multiple Choice3129

Fill in the Blank1914

Grade Details - All Questions

Question1.Question :Information security is the process of protecting all of the following except:

Student Answer:Confidentiality of data

Data integrity

Availability of data

Data configuration

Points Received:10 of 10


Question2.Question :Information security managers are often motivated by which of the following?

Student Answer:Concern for the well-being of society

Governmental regulation

Fear of unwanted publicity

All of the above are motivating factors

Points Received:5 of 5


Question3.Question :Security professionals activities include all of the following except:

Student Answer:Finding the source of the problem

Naming the virus

Eradicating the problem

Repairing the damage

Points Received:10 of 10


Question4.Question :Demand for expertly trained security professionals is the result of:

Student Answer:Specialized training

Increased terrorist activity

New laws regulating the flow of information

Retirement of current security professionals

Points Received:10 of 10


Question5.Question :One increasingly important step to becoming an information security specialist is to:

Student Answer:Get a degree in the psychology of crime

Create, test, and debug a virus or worm program

Build a home laboratory

Do all of the above

Points Received:10 of 10


Question6.Question :Information Security magazine suggests that a good curriculum includes courses in:

Student Answer:Quality assurance

Legal issues

Human factors


Points Received:10 of 10


Question7.Question :____________ establish and maintain the user base permitted to access a system in the normal course of their job duties.

Student Answer:Security testers

Security administrators

Access coordinators

Network engineers

Points Received:10 of 10


Question8.Question :Topics within the umbrella of information security include all of the following except:

Student Answer:Incident response

Key management

Security testing

Electronic forensics

Points Received:10 of 10


Question9.Question :Given enough time, tools, inclination, and ____________, a hacker can break through any security measure.

Student Answer:talent




Points Received:10 of 10


Question10.Question :IS professionals who create a plan to protect a computer system consider all of the following in the planning process except:

Student Answer:Defining the structural composition of data

Protecting the confidentiality of data

Preserving the integrity of data

Promoting the availability of data for authorized use

Points Received:10 of 10


Question11.Question :Which of the following is NOT a goal of an integrity model security system?

Student Answer:Preventing unauthorized users from modifying data or programs

Verifying data consistency for internal and external programs

Preventing authorized users form making unauthorized modifications

Maintaining internal and external consistency of data and programs

Points Received:10 of 10


Question12.Question :Overlapping layers provide all of the following elements necessary to secure assets except:

Student Answer:Direction




Points Received:10 of 10


Question13.Question :Which of the following statements about Principle 4 is false?

Student Answer:exchange for worthless goods, people tend to give up credentials.

The organizers of Infosecurity Europe 2003 found that 75% of survey respondents revealed information immediately.

Todays virus writers are not very sophisticated.

It is easy to fool people into spreading viruses.

Points Received:10 of 10


Question14.Question :IS principle five states that security depends on these requirements:

Student Answer:Functional and assurance

Verification and validation

Availability and integrity

Usability and interface

Points Received:10 of 10


Question15.Question :Software developers often lack the ____________ and ____________ needed to test and break their software.

Student Answer:Wherewithal, motivation

Money, time

Expertise, resources

Qualifications, experience.

Points Received:10 of 10


Question16.Question :The unique security issues and considerations of every system make it crucial to understand all of the following except:

Student Answer:Adherence to security standards

The security skills of the development teams

What hardware and software is used to deploy the system

The specific nature of data the system maintains.

Points Received:10 of 10


Question17.Question :The Common Body of Knowledge with ____________ domains is the framework of the information security field.

Student Answer:5




Points Received:10 of 10


Question18.Question :Security professional benefits from ISC2 certification include all of the following except:

Student Answer:Establishes best practices

Confirms knowledge of information security

Confirms passing of an examination

Broadens career expectations.

Points Received:10 of 10


Question19.Question :An effective security policy contains all of the following information except:

Student Answer:Reference to other policies

Measurement expectations

Compliance management and measurements description

Glossary of terms

Points Received:10 of 10


Question20.Question :The basic components of an issue-specific policy might include all of the following except:

Student Answer:Compliance


Issue statement

Standard library structure

Points Received:10 of 10


Question21.Question :A basic component of an issue-specific policy that defines a security issue and any relevant terms, distinctions, and conditions is a(n):

Student Answer:Issue statement

Statement of the organizations position

Point of contact and supplementary information

Role and responsibility

Points Received:10 of 10


Question22.Question :Step-by-step directions to execute a specific security activity is referred to as a:

Student Answer:Regulation




Points Received:10 of 10


Question23.Question :In the standards taxonomy _____________ suggests that no single person is responsible for approving his own work.

Student Answer:Separation of duties

Education, awareness, and training

Asset and data classification

Risk analysis and management

Points Received:10 of 10


Question24.Question :____________ provides technical facilities, data processing, and support services to users of information systems.

Student Answer:Chief information security officer

Information resources manager

Owners of information resources

Custodians of information resources

Points Received:10 of 10


Question25.Question :What is within a trusted system that people want to access or use?

Student Answer:Object




Points Received:10 of 10


Question26.Question :All of the following general rules are used to construct rings of trust in networked systems except:

Student Answer:Hosts trust more inner ring hosts than themselves

Hosts do not trust outer ring hosts more than themselves

Hosts in a ring of a segmented sub network trust hosts in the same ring of a different segment

Hosts trust hosts in the same ring

Points Received:10 of 10


Question27.Question :Which of the following uses a specific OS and lacks a standard interface to connect to other systems?

Student Answer:Finite-state machine

Open system

Closed system

None of the above

Points Received:10 of 10


Question28.Question :The criteria used to rate the effectiveness of trusted systems is set forth in:

Student Answer:TCSEC



Allof the above

Points Received:10 of 10


Question29.Question :Which of the following is NOT a criterion for Class A1 design verification?

Student Answer:Clearly identified and documented model of a security policy

Top-level specification that includes definitions of the functions of TCB

TCB implementation consistent with top-level specification

None of the above

Points Received:10 of 10


Question30.Question :Which of the following is NOT an ITSEC specialized, stand alone class?

Student Answer:F-AP




Points Received:0 of 10


Question31.Question :All of the following are classes of security functional requirements except:

Student Answer:Privacy



Security training

Points Received:0 of 10


Question32.Question :____________ is the process of protecting the confidentiality, integrity, and availability of data from accidental or intentional misuse.

Student Answer: information security

Instructor Explanation:

Points Received:10 of 10


Question33.Question :Information security consists of best practices and experiences from several domains but begins with the non-technical, ____________ aspects of a security posture.

Student Answer: human-centric

Instructor Explanation:

Points Received:10 of 10


Question34.Question :Information security specialists need to have a(n) ___________ view of the world around them and avoid a strictly technical orientation.

Student Answer: holistic

Instructor Explanation:

Points Received:10 of 10


Question35.Question :____________ security is within the umbrella of information security.

Student Answer: physical

Instructor Explanation:

Points Received:10 of 10


Question36.Question :The first principle of information security says that a hacker can break any security system given enough time, inclination, tools, and ____________.

Student Answer: skills

Instructor Explanation:

Points Received:10 of 10


Question37.Question :One goal of information security is to promote the ____________ of data for authorized use.

Student Answer: availability

Instructor Explanation:

Points Received:10 of 10


Question38.Question :Spending more on securing on asset than the intrinsic value of the asset is a waste of ____________.

Student Answer: time(A correct answer: resources)

Instructor Explanation:

Points Received:5 of 10

Comments:Time, yes, but more generally resources

Question39.Question :People, ____________, and technology must work together to secure systems.

Student Answer: process

Instructor Explanation:

Points Received:10 of 10


Question40.Question :A technical area of study within the CBK, the security architecture domain, addresses ____________ issues.

Student Answer: network

Instructor Explanation:

Points Received:10 of 10


Question41.Question :A compilation of all security information collected internationally and relevant to information security professionals is the ____________.

Student Answer: orange book(A correct answer: CBK)

Instructor Explanation:

Points Received:0 of 10


Question42.Question :To maintain relevance and currency ____________ and governance of certification process is needed.

Student Answer: oversight

Instructor Explanation:

Points Received:10 of 10


Question43.Question :The Security Management Practices domain highlights the importance of a comprehensive security ____________.

Student Answer: plan

Instructor Explanation:

Points Received:10 of 10


Question44.Question :Operational procedures and tools familiar to IT specialists are covered in the ____________ Security domain.

Student Answer: operations

Instructor Explanation:

Points Received:10 of 10


Question45.Question :Information security ____________ are often dictated by the nature of an organizations business.

Student Answer: standards

Instructor Explanation:

Points Received:10 of 10


Question46.Question :User education, awareness, and training on policies and procedures are important because ____________ are the weakest link in a security-related process.

Student Answer: people

Instructor Explanation:

Points Received:10 of 10


Question47.Question :One or more components that enforce a unified security policy over a product or system make up a ____________.

Student Answer: operating system(A correct answer: TCB)

Instructor Explanation:

Points Received:0 of 10


Question48.Question :Directly addressable by the CPU, ____________ memory stores application or system code as well as data.

Student Answer: CPU(A correct answer: random)

Instructor Explanation:

Points Received:0 of 10


Question49.Question :Describing how functional requirements should be implemented and tested is defined as ____________ requirements.

Student Answer: assurance

Instructor Explanation:

Points Received:10 of 10


Question50.Question :Security testing ____________ that the implementation of the function is not flawed.

Student Answer: ensures(A correct answer: validates)

Instructor Explanation:

Points Received:10 of 10


* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)

Bottom of Form