Mid Term Exam
description
Transcript of Mid Term Exam
Top of Form
Grading SummaryThese are the automatically computed results of your exam. Grades for essay questions, and comments from your instructor, are in the "Details" section below. Date Taken: 7/31/2014
Time Spent:2 h , 00 secs
Points Received:440 / 495 (88.9%)
Question Type:# Of Questions:# Correct:
Multiple Choice3129
Fill in the Blank1914
Grade Details - All Questions
Question1.Question :Information security is the process of protecting all of the following except:
Student Answer:Confidentiality of data
Data integrity
Availability of data
Data configuration
Points Received:10 of 10
Comments:
Question2.Question :Information security managers are often motivated by which of the following?
Student Answer:Concern for the well-being of society
Governmental regulation
Fear of unwanted publicity
All of the above are motivating factors
Points Received:5 of 5
Comments:
Question3.Question :Security professionals activities include all of the following except:
Student Answer:Finding the source of the problem
Naming the virus
Eradicating the problem
Repairing the damage
Points Received:10 of 10
Comments:
Question4.Question :Demand for expertly trained security professionals is the result of:
Student Answer:Specialized training
Increased terrorist activity
New laws regulating the flow of information
Retirement of current security professionals
Points Received:10 of 10
Comments:
Question5.Question :One increasingly important step to becoming an information security specialist is to:
Student Answer:Get a degree in the psychology of crime
Create, test, and debug a virus or worm program
Build a home laboratory
Do all of the above
Points Received:10 of 10
Comments:
Question6.Question :Information Security magazine suggests that a good curriculum includes courses in:
Student Answer:Quality assurance
Legal issues
Human factors
Bioengineering
Points Received:10 of 10
Comments:
Question7.Question :____________ establish and maintain the user base permitted to access a system in the normal course of their job duties.
Student Answer:Security testers
Security administrators
Access coordinators
Network engineers
Points Received:10 of 10
Comments:
Question8.Question :Topics within the umbrella of information security include all of the following except:
Student Answer:Incident response
Key management
Security testing
Electronic forensics
Points Received:10 of 10
Comments:
Question9.Question :Given enough time, tools, inclination, and ____________, a hacker can break through any security measure.
Student Answer:talent
skills
intelligence
assets
Points Received:10 of 10
Comments:
Question10.Question :IS professionals who create a plan to protect a computer system consider all of the following in the planning process except:
Student Answer:Defining the structural composition of data
Protecting the confidentiality of data
Preserving the integrity of data
Promoting the availability of data for authorized use
Points Received:10 of 10
Comments:
Question11.Question :Which of the following is NOT a goal of an integrity model security system?
Student Answer:Preventing unauthorized users from modifying data or programs
Verifying data consistency for internal and external programs
Preventing authorized users form making unauthorized modifications
Maintaining internal and external consistency of data and programs
Points Received:10 of 10
Comments:
Question12.Question :Overlapping layers provide all of the following elements necessary to secure assets except:
Student Answer:Direction
Response
Detection
Prevention
Points Received:10 of 10
Comments:
Question13.Question :Which of the following statements about Principle 4 is false?
Student Answer:exchange for worthless goods, people tend to give up credentials.
The organizers of Infosecurity Europe 2003 found that 75% of survey respondents revealed information immediately.
Todays virus writers are not very sophisticated.
It is easy to fool people into spreading viruses.
Points Received:10 of 10
Comments:
Question14.Question :IS principle five states that security depends on these requirements:
Student Answer:Functional and assurance
Verification and validation
Availability and integrity
Usability and interface
Points Received:10 of 10
Comments:
Question15.Question :Software developers often lack the ____________ and ____________ needed to test and break their software.
Student Answer:Wherewithal, motivation
Money, time
Expertise, resources
Qualifications, experience.
Points Received:10 of 10
Comments:
Question16.Question :The unique security issues and considerations of every system make it crucial to understand all of the following except:
Student Answer:Adherence to security standards
The security skills of the development teams
What hardware and software is used to deploy the system
The specific nature of data the system maintains.
Points Received:10 of 10
Comments:
Question17.Question :The Common Body of Knowledge with ____________ domains is the framework of the information security field.
Student Answer:5
10
15
20
Points Received:10 of 10
Comments:
Question18.Question :Security professional benefits from ISC2 certification include all of the following except:
Student Answer:Establishes best practices
Confirms knowledge of information security
Confirms passing of an examination
Broadens career expectations.
Points Received:10 of 10
Comments:
Question19.Question :An effective security policy contains all of the following information except:
Student Answer:Reference to other policies
Measurement expectations
Compliance management and measurements description
Glossary of terms
Points Received:10 of 10
Comments:
Question20.Question :The basic components of an issue-specific policy might include all of the following except:
Student Answer:Compliance
Applicability
Issue statement
Standard library structure
Points Received:10 of 10
Comments:
Question21.Question :A basic component of an issue-specific policy that defines a security issue and any relevant terms, distinctions, and conditions is a(n):
Student Answer:Issue statement
Statement of the organizations position
Point of contact and supplementary information
Role and responsibility
Points Received:10 of 10
Comments:
Question22.Question :Step-by-step directions to execute a specific security activity is referred to as a:
Student Answer:Regulation
Standard
Guideline
Procedure
Points Received:10 of 10
Comments:
Question23.Question :In the standards taxonomy _____________ suggests that no single person is responsible for approving his own work.
Student Answer:Separation of duties
Education, awareness, and training
Asset and data classification
Risk analysis and management
Points Received:10 of 10
Comments:
Question24.Question :____________ provides technical facilities, data processing, and support services to users of information systems.
Student Answer:Chief information security officer
Information resources manager
Owners of information resources
Custodians of information resources
Points Received:10 of 10
Comments:
Question25.Question :What is within a trusted system that people want to access or use?
Student Answer:Object
Subject
MAC
TCB
Points Received:10 of 10
Comments:
Question26.Question :All of the following general rules are used to construct rings of trust in networked systems except:
Student Answer:Hosts trust more inner ring hosts than themselves
Hosts do not trust outer ring hosts more than themselves
Hosts in a ring of a segmented sub network trust hosts in the same ring of a different segment
Hosts trust hosts in the same ring
Points Received:10 of 10
Comments:
Question27.Question :Which of the following uses a specific OS and lacks a standard interface to connect to other systems?
Student Answer:Finite-state machine
Open system
Closed system
None of the above
Points Received:10 of 10
Comments:
Question28.Question :The criteria used to rate the effectiveness of trusted systems is set forth in:
Student Answer:TCSEC
ITSEC
CTCPEC
Allof the above
Points Received:10 of 10
Comments:
Question29.Question :Which of the following is NOT a criterion for Class A1 design verification?
Student Answer:Clearly identified and documented model of a security policy
Top-level specification that includes definitions of the functions of TCB
TCB implementation consistent with top-level specification
None of the above
Points Received:10 of 10
Comments:
Question30.Question :Which of the following is NOT an ITSEC specialized, stand alone class?
Student Answer:F-AP
F-IN
F-AV
F-DC
Points Received:0 of 10
Comments:
Question31.Question :All of the following are classes of security functional requirements except:
Student Answer:Privacy
Communications
Audit
Security training
Points Received:0 of 10
Comments:
Question32.Question :____________ is the process of protecting the confidentiality, integrity, and availability of data from accidental or intentional misuse.
Student Answer: information security
Instructor Explanation:
Points Received:10 of 10
Comments:
Question33.Question :Information security consists of best practices and experiences from several domains but begins with the non-technical, ____________ aspects of a security posture.
Student Answer: human-centric
Instructor Explanation:
Points Received:10 of 10
Comments:
Question34.Question :Information security specialists need to have a(n) ___________ view of the world around them and avoid a strictly technical orientation.
Student Answer: holistic
Instructor Explanation:
Points Received:10 of 10
Comments:
Question35.Question :____________ security is within the umbrella of information security.
Student Answer: physical
Instructor Explanation:
Points Received:10 of 10
Comments:
Question36.Question :The first principle of information security says that a hacker can break any security system given enough time, inclination, tools, and ____________.
Student Answer: skills
Instructor Explanation:
Points Received:10 of 10
Comments:
Question37.Question :One goal of information security is to promote the ____________ of data for authorized use.
Student Answer: availability
Instructor Explanation:
Points Received:10 of 10
Comments:
Question38.Question :Spending more on securing on asset than the intrinsic value of the asset is a waste of ____________.
Student Answer: time(A correct answer: resources)
Instructor Explanation:
Points Received:5 of 10
Comments:Time, yes, but more generally resources
Question39.Question :People, ____________, and technology must work together to secure systems.
Student Answer: process
Instructor Explanation:
Points Received:10 of 10
Comments:
Question40.Question :A technical area of study within the CBK, the security architecture domain, addresses ____________ issues.
Student Answer: network
Instructor Explanation:
Points Received:10 of 10
Comments:
Question41.Question :A compilation of all security information collected internationally and relevant to information security professionals is the ____________.
Student Answer: orange book(A correct answer: CBK)
Instructor Explanation:
Points Received:0 of 10
Comments:
Question42.Question :To maintain relevance and currency ____________ and governance of certification process is needed.
Student Answer: oversight
Instructor Explanation:
Points Received:10 of 10
Comments:
Question43.Question :The Security Management Practices domain highlights the importance of a comprehensive security ____________.
Student Answer: plan
Instructor Explanation:
Points Received:10 of 10
Comments:
Question44.Question :Operational procedures and tools familiar to IT specialists are covered in the ____________ Security domain.
Student Answer: operations
Instructor Explanation:
Points Received:10 of 10
Comments:
Question45.Question :Information security ____________ are often dictated by the nature of an organizations business.
Student Answer: standards
Instructor Explanation:
Points Received:10 of 10
Comments:
Question46.Question :User education, awareness, and training on policies and procedures are important because ____________ are the weakest link in a security-related process.
Student Answer: people
Instructor Explanation:
Points Received:10 of 10
Comments:
Question47.Question :One or more components that enforce a unified security policy over a product or system make up a ____________.
Student Answer: operating system(A correct answer: TCB)
Instructor Explanation:
Points Received:0 of 10
Comments:
Question48.Question :Directly addressable by the CPU, ____________ memory stores application or system code as well as data.
Student Answer: CPU(A correct answer: random)
Instructor Explanation:
Points Received:0 of 10
Comments:RAM
Question49.Question :Describing how functional requirements should be implemented and tested is defined as ____________ requirements.
Student Answer: assurance
Instructor Explanation:
Points Received:10 of 10
Comments:
Question50.Question :Security testing ____________ that the implementation of the function is not flawed.
Student Answer: ensures(A correct answer: validates)
Instructor Explanation:
Points Received:10 of 10
Comments:
* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)
Bottom of Form