Module 9 – Practice Test- Information Security management – Flashcards
30 test answers
Unlock all answers in this set
Unlock answers 30question
_______ is when someone deceives by pretending to be someone else.
answer
Pretexting
Unlock the answer
question
About 90 per cent of all viruses are spread via ________.
answer
email attachments
Unlock the answer
question
________ refers to things we do not know that we do not know.
answer
Uncertainty
Unlock the answer
question
Organisations should protect sensitive data by storing it in ________ form
answer
encrypted
Unlock the answer
question
Independent third-party companies that validate public keys are known as ________.
answer
certificate authorities
Unlock the answer
question
Which of the following is an example of a human safeguard?
answer
procedure design
Unlock the answer
question
________ a site means to take extraordinary measures to reduce a system's vulnerability.
answer
Hardening
Unlock the answer
question
________ take computers with wireless connections through an area, search for unprotected wireless networks and then monitor and intercept wireless traffic at will.
answer
Drive-by sniffers
Unlock the answer
question
Which of the following is an example of a data safeguard?
answer
physical security
Unlock the answer
question
Which of the following is a technique used to ensure that plaintext messages are received without alteration?
answer
digital signatures
Unlock the answer
question
Because encryption keys can be lost or destroyed, a copy of the key should be stored with a trusted third party. This procedure is called ________.
answer
key escrow
Unlock the answer
question
Which of the following is used to counter spoofing?
answer
digital certificates
Unlock the answer
question
________ is defined as any action, device, procedure, technique or other measure that reduces a system's vulnerability to a threat.
answer
Safeguard
Unlock the answer
question
Which of the following is an example of a technical safeguard?
answer
encryption
Unlock the answer
question
Which element of the security policy specifies how the organisation will ensure enforcement of security programmes and policies?
answer
general statement of the security programme
Unlock the answer
question
Which of the following is an example of an intangible consequence?
answer
loss of customer goodwill due to an outage
Unlock the answer
question
The ________ pretends to be a legitimate company and sends an email trying to obtain confidential data, such as account numbers, IRD numbers, account passwords and so forth.
answer
phisher
Unlock the answer
question
________ refers to threats and consequences that we know about.
answer
Risk
Unlock the answer
question
Which of the following is a critical security function of senior-management involvement?
answer
establishing the security policy
Unlock the answer
question
________ encryption uses the same key for both parties.
answer
Symmetric
Unlock the answer
question
________ is a virus that masquerades as a useful program or file.
answer
A Trojan horse
Unlock the answer
question
Which of the following observations is true of a cold site?
answer
Customers will have to install and manage systems themselves.
Unlock the answer
question
Users should scan their computers with anti-malware programs at least ________.
answer
once a week
Unlock the answer
question
The ________ plan should specify what to do when an employee notices a virus on their machine.
answer
incident-response
Unlock the answer
question
________ is a virus that propagates with no user involvement, using the Internet or other computer networks.
answer
A worm
Unlock the answer
question
No safeguard is ironclad; there is always a ________ that the safeguard will not protect the assets under some circumstances.
answer
residual risk
Unlock the answer