Module 9 – Practice Test- Information Security management – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following is the first step in risk management?
answer
Assess what the threats are.
question
A ________ is a company that can take over another company's processing with no forewarning.
answer
hot site
question
________ is the term used to denote viruses, worms, Trojan horses, spyware and adware.
answer
Malware
question
Maintaining the DBMS on computers in a locked room is part of the ________.
answer
physical security
question
_______ is when someone deceives by pretending to be someone else.
answer
Pretexting
question
About 90 per cent of all viruses are spread via ________.
answer
email attachments
question
________ refers to things we do not know that we do not know.
answer
Uncertainty
question
Organisations should protect sensitive data by storing it in ________ form
answer
encrypted
question
Independent third-party companies that validate public keys are known as ________.
answer
certificate authorities
question
Which of the following is an example of a human safeguard?
answer
procedure design
question
________ a site means to take extraordinary measures to reduce a system's vulnerability.
answer
Hardening
question
________ take computers with wireless connections through an area, search for unprotected wireless networks and then monitor and intercept wireless traffic at will.
answer
Drive-by sniffers
question
Which of the following is an example of a data safeguard?
answer
physical security
question
Which of the following is a technique used to ensure that plaintext messages are received without alteration?
answer
digital signatures
question
Because encryption keys can be lost or destroyed, a copy of the key should be stored with a trusted third party. This procedure is called ________.
answer
key escrow
question
Which of the following is used to counter spoofing?
answer
digital certificates
question
________ is defined as any action, device, procedure, technique or other measure that reduces a system's vulnerability to a threat.
answer
Safeguard
question
Which of the following is an example of a technical safeguard?
answer
encryption
question
Which element of the security policy specifies how the organisation will ensure enforcement of security programmes and policies?
answer
general statement of the security programme
question
Which of the following is an example of an intangible consequence?
answer
loss of customer goodwill due to an outage
question
The ________ pretends to be a legitimate company and sends an email trying to obtain confidential data, such as account numbers, IRD numbers, account passwords and so forth.
answer
phisher
question
________ refers to threats and consequences that we know about.
answer
Risk
question
Which of the following is a critical security function of senior-management involvement?
answer
establishing the security policy
question
________ encryption uses the same key for both parties.
answer
Symmetric
question
________ is a virus that masquerades as a useful program or file.
answer
A Trojan horse
question
Which of the following observations is true of a cold site?
answer
Customers will have to install and manage systems themselves.
question
Users should scan their computers with anti-malware programs at least ________.
answer
once a week
question
The ________ plan should specify what to do when an employee notices a virus on their machine.
answer
incident-response
question
________ is a virus that propagates with no user involvement, using the Internet or other computer networks.
answer
A worm
question
No safeguard is ironclad; there is always a ________ that the safeguard will not protect the assets under some circumstances.
answer
residual risk
