Information Security and Risk Assessment MCQ With Answers

Risk Assessment Information Security MCQ Tech Hyme

For most businesses, the threat to their intellectual assets and technical infrastructure comes from the bad guys sitting outside their organizations, trying to break in. These organizations establish strong perimeter defenses, essentially boxing in their assets. However, internal employees have access to proprietary information to do their jobs, and they often disseminate this information to areas where it is no longer under the control of the employer.

You may also read:

133. Which of the following technologies would utilize a Public Key Infrastructure (PKI)?

Secure HyperText Transfer Protocol (SHTTP)
Secure Shell (SSH)
Message Authentication Codes (MAC)
Digital signatures

134. Smart card technology is often used for what information security purpose?

Message Integrity
Authentication
Confidentiality
Availability

135. Extensible Markup Language (XML) is a language often used with Web application development. XML provides which of the following?

Dynamic content delivery
Dynamic message integrity
Dynamic user authentication
Dynamic client configuration

136. An acceptable use policy would be an example of which type of control?

Process
Platform
Physical
Network

137. Which type of attack against access control systems uses a list of common words?

A brute force attack
A denial-of-service attack
A dictionary attack
A network spoofing attack

138. Which type of information security process assigns a level of sensitivity to data as it is being created, amended, enhanced, stored, or transmitted?

Risk analysis
Risk assessment
Network vulnerability assessment
Information classification

139. Which type of device creates a variable, alternating current (AC) field for the purpose of demagnetizing magnetic recording media?

A degausser
A demagnetizer
A deionizer
A deflator

140. Which of the following terms frequently refers to a network segment between the Internet and a private network?

A security domain
A zone of control
A DeMilitarized Zone (DMZ)
A security kernel

141. Which type of network attack captures sensitive pieces of information, such as passwords, passing through the network?

Spoofing
SYN flood
Sniffing
Steganography

142. Which of the following technologies would best secure the data on a laptop or other device that could be stolen?

Data encryption
File deletion
No access to the floppy drive
Steganography

143. Which of the following attacks is an example of a passive attack?

Spoofing
SYN flood
Information gathering
Port scanning

144. Which of the following common network attacks is an example of a denial-of-service attack?

Spoofing
SYN flood
Sniffing
Port scanning

145. Which of the following common network attacks is an example of an active attack?

Information gathering
Traffic analysis
Sniffing
Port scanning

146. Which type of network attack is most likely to present the ability to execute commands on the compromised machine?

Spoofing
SYN flood
Sniffing
Buffer overflow

147. Which attack is due to poor programming practices?

Spoofing
SYN flood
Sniffing
Buffer overflow

148. The change management procedure most likely to cause concern to the information security manager is when:

Fallback processes are tested the weekend immediately prior to when the changes are made.
Users are notified via electronic mail of major scheduled system changes.
Manual process is used by operations for comparing program versions.
Development managers have final authority for releasing new programs into production.

149. Which of the following would indicate that an automated production scheduling system has inadequate security controls?

Control statements are frequently changed to point to test libraries.
Failure of a process will automatically initiate the resetting of parameters.
Developers have read access to both production and test schedules.
Scheduling personnel have the ability to initiate an emergency override.

150. When a trading partner who has access to the corporate internal network refuses to follow corporate security policies, the information security manager should initiate which of the following?

Revoke their access.
Provide minimal access.
Send a breach of contract letter.
Contact the partner’s external auditors.

151. Which of the following is most important in writing good information security policies?

Easy to read and understand
Allows for flexible interpretation
Describes technical vulnerability issues
Changes whenever operating systems are upgraded

152. Which of the following would be the best approach when conducting a security awareness campaign?

Provide technical details on exploits.
Target system administrators and the help desk.
Provide customized messages for different groups.
Target senior managers and business process owners.

153. Performance objectives reached by consensus between the user and the provider of a service, or between an outsourcer and an organization are discussed is a(n):

Outsource
Contract
Service level agreement
Controlled by security administration

154. The act of overseeing the progress of a process to ensure that the rights and well-being of an enterprise are protected; that the data is accurate, complete, and verifiable; and that the conduct of the staff is in compliance with the policies, with applicable regulatory requirements, and with standards of the field is termed:

Surveillance
Monitoring
Service level agreement
Level of trust that is granted to system users

155. Cleanup or other methods used to remove or contain vulnerabilities:

Remediation
Penetration testing
Vulnerability assessment
Hard to do

156. An individual who attempts to access computer systems without authorization. These people are often malicious, as opposed to hackers, and have many means at their disposal for breaking into a system:

Phreaker
Placker
Employee
Cracker

157. An obligation to act in the best interest of another party. For instance, a corporation’s board member has a _________ to the shareholders, a trustee has a _______ to the trust’s beneficiaries, and an attorney has a _________ to a client:

Due diligence
Required by law
Prudent person concept
Fiduciary duty

158. Access to, knowledge of, or possession of information based on need to perform assigned job duties:

Need to know
Least privilege
Classified
Job rotation

159. The process of identifying and defining all items in a system, recording and reporting the status of these items and requests for change, and verifying the completeness and correctness of these items:

Configuration management
Change management
Service level agreement
Business impact analysis

160. Comprehensive evaluation of the technical and nontechnical security features of an information system and other safeguards, made in support of the approval/accreditation process, to establish the extent to which a particular design and implementation meet a set of specified security requirements:

Certification
Compliance audit
Accreditation
Nonrepudiation

161. A binding agreement between two or more persons that is enforceable by law:

Contract
Service level agreement
Outsource
Proposal

162. Process of controlling modifications to the infrastructure or any aspect of services, in a controlled manner, enabling approved changes with minimum disruption:

Rotation of assignments
Separation of duties
Change management
Service level agreements

163. File sharing is the practice of making files available for other users to download over the Internet and smaller networks. The file sharing model, where the files are stored on and served by personal computers of the users is called:

Kazaa
Morpheus
Peer-to-peer
Hybrid

164. Every department has its own language therefore the procedures must be developed using the terms that they are used to. If you write procedures using the wrong “language,” the procedure may as well be written in Sanskrit. The intended audience will not be able to understand it, or they will find in difficult to follow. The individual(s) that will provide the information for the procedure body are typically:

Socially Awkward Males (SAM)
Subject Matter Experts (SME)
Business Approval Team (BAT)
Technical Writing Expert (TWP)

165. A key component in the administrative procedures process is to implement a process that will help ensure that modifications to the information technology infrastructure are controlled and approved. The ability to track and approve changes to the production environment will go a long way in establishing an effective internal control structure. This process is called: