November 27, 2021

TECH HYME

A Blog For Tech Enthusiasts

Information Security and Risk Assessment MCQ With Answers – Part 6

7 min read
Risk Assessment Information Security MCQ Tech Hyme

One of the biggest concerns in an organization today is data leaks, which are ways that confidential information can leave an organization despite robust perimeter security. USB Flash drives are one cause of data leaks; another is the recovery of data found in the unallocated clusters of a computer’s hard drive.

You may also read:

166. A method of working whereby tasks are apportioned between different members of staff in order to reduce the scope for error and fraud:

  1. Segregation of duties
  2. Challenge response
  3. Rotation of duties
  4. Checks and balances

167. The policy that establishes the way in which the organization conducts its business with outside firms is termed what? This policy includes language that discusses the need for third parties to comply with organization policies, procedures, and standards.

  1. Terms of employment
  2. Procurement and contracts
  3. Service level agreements
  4. Nondisclosure agreement

168. Performance objectives reached by negotiation between the user and the provider of a service, or between an outsourcer and an organization. These can be internal as well as external.

  1. Terms of employment
  2. Procurement and contracts
  3. Service level agreements
  4. Nondisclosure agreement

169. During the design and implementation of the security program the information security manager should ensure that Key Performance Indicators (KPI) are defined and that the mechanism to measure progress against those indicators is implemented. This way the information security manager can assess the success or failure of various security components and whether they are cost justifiable.

  1. Design requirements
  2. Assessment variables
  3. Penetration testing criteria
  4. Key success indicators

170. Changes to the production environment should only be made when there is a valid business reason to do so. Updating the production system to apply the latest version or patch may not always be in the best interest of the organization. All changes, even patches and new releases, must go through what process to assess their impact on the user community?

  1. Change management
  2. Peer review of code
  3. Structured walk-through
  4. Quality assurance testing

171. The systematic examination of a critical infrastructure, the interconnected systems on which it relies, its information, or product to determine the adequacy of security measures, identify security deficiencies, evaluate security alternatives, and verify the adequacy of such measures after implementation is termed:

  1. Risk mitigation
  2. Penetration testing
  3. Vulnerability assessment
  4. Risk assessment

172. The portion of security testing in which the evaluators attempt to circumvent the security features of a system. The evaluators may be assumed to use all system design and implementation documentation which may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints applied to ordinary users.

  1. Risk mitigation
  2. Penetration testing
  3. Vulnerability assessment
  4. Risk assessment

173. A slang term for a computer enthusiast. Among professional programmers, the term implies an amateur or a programmer who lacks formal training. Depending on how it is used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation. The pejorative sense of this activity is becoming more prominent largely because the popular press has co-opted the term to refer to individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data.

  1. Hacker
  2. Cracker
  3. Phreaker
  4. Spaminator

174. This is a measure of prudence, activity, or assessment, as is properly to be expected from, and ordinarily exercised by, a reasonable and prudent person under the particular circumstances; not measured by any absolute standard but depending on the relative facts of the special case,

  1. Fiduciary duty
  2. Due care
  3. Due diligence
  4. Duty of loyalty

175. Section 107 of the Copyright Act establishes this doctrine provides for specific exemptions from copyright liability. An example of this is the use of certain excerpts of a written work for educational
purposes. This doctrine is called:

  1. Public domain
  2. Fair use
  3. Patent pending
  4. Trademark usage

176. Comprehensive evaluation of the technical and nontechnical security features of an information system and other safeguards, made in support of the approval process, to establish the extent to which a particular design and implementation meet a set of specified security requirements.

  1. Accreditation
  2. Compliance audit
  3. Vulnerability assessment
  4. Certification

177. To be successful, the awareness program should take into account the needs and current levels of training and understanding of the employees and audience. Typically there are five key ways to perform this activity:

  • Current level of computer usage
  • What the audience really wants to learn
  • How receptive the audience is to the security program
  • How to gain acceptance
  • Who might be a possible ally.

This security awareness process is called:

  1. Divide and conquer
  2. Audience participation
  3. Audience segmentation
  4. Stunned owl syndrome

178. Which of the following is not a responsibility of the data or systems owner?

  1. To identify, describe, and designate the sensitivity of their applications systems
  2. To ensure that appropriate security control requirements are included in specifications
  3. To assess security requirements by evaluating application assets, threats, and vulnerabilities
  4. To develop industry best practices

179. Which of the following attacks would compromise the integrity of system information?

  1. Denial-of-service
  2. Smurf
  3. SQL Injection
  4. Fraggle

180. A policy for the physical component of the information technology infrastructure could work with all of the following except

  1. Firewalls
  2. ID badges
  3. Cameras
  4. Security guards

181. Which of the following is not an example of the platform component of information technology infrastructure?

  1. Switch security
  2. Operating system security
  3. Application security
  4. Anti-virus

182. Which of the following is an example of the network component of information technology infrastructure?

  1. Switch security
  2. Operating system security
  3. Application security
  4. Anti-virus

183. When implementing a security control, an information security manager needs to be especially aware of:

  1. Change control management
  2. What the organization’s competition is doing
  3. A promotion to production procedure
  4. The impact on the end-user community

184. Which of the following is often a disadvantage of using a closed system?

  1. Lack of end-user support
  2. Lack of product functionality
  3. The source code cannot be verified
  4. The source code is provided by the Internet community at large

185. Which of the following is an advantage of an open system?

  1. End-user support
  2. The source code can be verified
  3. Difficulty in management
  4. All users are always permitted to access the system

186. What would be a disadvantage of deploying a proxy-based firewall?

  1. Proxy-based firewalls may not support custom applications
  2. Proxy-based firewalls inspect only to the network layer of the OSI model
  3. Proxy-based firewalls cannot block unwanted traffic
  4. Proxy-based firewalls do not provide network address translation

187. Which of the following is true of a stateful inspection firewall?

  1. Stateful inspection firewalls protect through all layers of the OSI model
  2. Stateful inspection firewalls support more custom applications than other firewalls
  3. Stateful inspection firewalls are faster then other firewalls
  4. Stateful inspection firewalls do not provide network address translation

188. Which of the following is true regarding a packet filter firewall?

  1. Packet filter firewalls provide more protection than other firewalls
  2. Packet filter firewalls provide protection through the entire OSI model
  3. Packet filter firewalls do not provide network address translation
  4. Packet filter firewalls provide less protection than other firewalls

189. Which of the following would be an advantage to deploying public key (asymmetric) as opposed to private key (symmetric) encryption technologies?

  1. Public key is more scalable
  2. Public key encryption is faster
  3. Public key requires less infrastructure
  4. Private key is easier on the end-user community

190. Digital signatures encrypt the message hash with which of the following keys?

  1. Sender’s public key
  2. Sender’s private key
  3. Receiver’s public key
  4. Receiver’s private key

191. What term is best defined as a model used to determine the security and functionality of a proposed project?

  1. Prototype
  2. Checkpoint
  3. Journaling
  4. Service level agreement

192. What is an advantage in performing a vulnerability assessment over a penetration test?

  1. Penetration tests test the entire network
  2. Vulnerability assessments compromise a system or network
  3. Vulnerability assessments are a structured repeatable test
  4. Vulnerability assessments are faster to conduct than penetration testing

193. What advantage does discretionary access control have over mandatory access control?

  1. Mandatory access control is easier to implement
  2. Discretionary access control uses extensive labeling
  3. Discretionary access control has less administrative overhead
  4. Discretionary access control is determined by policy

194. Which of the following technologies protects the confidentiality of information by embedding the message into an image or music file?

  1. Public key cryptography
  2. Private key cryptography
  3. Digital signatures
  4. Steganography

195. Which of the following algorithms is a public key algorithm?

  1. DES
  2. AES
  3. RC4
  4. RSA

196. Two-factor authentication can be established by combining something you have, you are, and which of the following terms?

  1. You know
  2. You read
  3. You touch
  4. You need

197. Which of the following can be a security concern with host-based single-sign-on implementations?

  1. Passwords are often stored in plaintext
  2. Passwords are often transmitted in plaintext
  3. The authentication host can be a single point of failure
  4. Lack of scalability

198. A Message Authentication Code (MAC) is a message digest encrypted with which of the following keys?

  1. The sender’s public key
  2. The session key
  3. The receiver’s public key
  4. The server’s public key

199. Message hashes provide which of the following principles of information security management?

  1. Integrity
  2. Confidentiality
  3. Availability
  4. Authentication

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *