Mid Term Exam

Top of Form

Grading SummaryThese are the automatically computed results of your exam. Grades for essay questions, and comments from your instructor, are in the "Details" section below. Date Taken: 7/31/2014

Time Spent:2 h , 00 secs

Points Received:440 / 495 (88.9%)

Question Type:# Of Questions:# Correct:

Multiple Choice3129

Fill in the Blank1914

Grade Details - All Questions

Question1.Question :Information security is the process of protecting all of the following except:

Student Answer:Confidentiality of data

Data integrity

Availability of data

Data configuration

Points Received:10 of 10

Comments:

Question2.Question :Information security managers are often motivated by which of the following?

Student Answer:Concern for the well-being of society

Governmental regulation

Fear of unwanted publicity

All of the above are motivating factors


Comments:

Question3.Question :Security professionals activities include all of the following except:

Student Answer:Finding the source of the problem

Naming the virus

Eradicating the problem

Repairing the damage


Comments:

Question4.Question :Demand for expertly trained security professionals is the result of:

Student Answer:Specialized training

Increased terrorist activity

New laws regulating the flow of information

Retirement of current security professionals


Comments:

Question5.Question :One increasingly important step to becoming an information security specialist is to:

Student Answer:Get a degree in the psychology of crime

Create, test, and debug a virus or worm program

Build a home laboratory

Do all of the above


Comments:

Question6.Question :Information Security magazine suggests that a good curriculum includes courses in:

Student Answer:Quality assurance

Legal issues

Human factors

Bioengineering


Comments:

Question7.Question :____________ establish and maintain the user base permitted to access a system in the normal course of their job duties.

Student Answer:Security testers

Security administrators

Access coordinators

Network engineers


Comments:

Question8.Question :Topics within the umbrella of information security include all of the following except:

Student Answer:Incident response

Key management

Security testing

Electronic forensics


Comments:

Question9.Question :Given enough time, tools, inclination, and ____________, a hacker can break through any security measure.

Student Answer:talent

skills

intelligence

assets


Comments:

Question10.Question :IS professionals who create a plan to protect a computer system consider all of the following in the planning process except:

Student Answer:Defining the structural composition of data

Protecting the confidentiality of data

Preserving the integrity of data

Promoting the availability of data for authorized use


Comments:

Question11.Question :Which of the following is NOT a goal of an integrity model security system?

Student Answer:Preventing unauthorized users from modifying data or programs

Verifying data consistency for internal and external programs

Preventing authorized users form making unauthorized modifications

Maintaining internal and external consistency of data and programs


Comments:

Question12.Question :Overlapping layers provide all of the following elements necessary to secure assets except:

Student Answer:Direction

Response

Detection

Prevention


Comments:

Question13.Question :Which of the following statements about Principle 4 is false?

Student Answer:exchange for worthless goods, people tend to give up credentials.

The organizers of Infosecurity Europe 2003 found that 75% of survey respondents revealed information immediately.

Todays virus writers are not very sophisticated.

It is easy to fool people into spreading viruses.


Comments:

Question14.Question :IS principle five states that security depends on these requirements:

Student Answer:Functional and assurance

Verification and validation

Availability and integrity

Usability and interface


Comments:

Question15.Question :Software developers often lack the ____________ and ____________ needed to test and break their software.

Student Answer:Wherewithal, motivation

Money, time

Expertise, resources

Qualifications, experience.


Comments:

Question16.Question :The unique security issues and considerations of every system make it crucial to understand all of the following except:

Student Answer:Adherence to security standards

The security skills of the development teams

What hardware and software is used to deploy the system

The specific nature of data the system maintains.


Comments:

Question17.Question :The Common Body of Knowledge with ____________ domains is the framework of the information security field.

Student Answer:5

10

15

20


Comments:

Question18.Question :Security professional benefits from ISC2 certification include all of the following except:

Student Answer:Establishes best practices

Confirms knowledge of information security

Confirms passing of an examination

Broadens career expectations.


Comments:

Question19.Question :An effective security policy contains all of the following information except:

Student Answer:Reference to other policies

Measurement expectations

Compliance management and measurements description

Glossary of terms


Comments:

Question20.Question :The basic components of an issue-specific policy might include all of the following except:

Student Answer:Compliance

Applicability

Issue statement

Standard library structure


Comments:

Question21.Question :A basic component of an issue-specific policy that defines a security issue and any relevant terms, distinctions, and conditions is a(n):

Student Answer:Issue statement

Statement of the organizations position

Point of contact and supplementary information

Role and responsibility


Comments:

Question22.Question :Step-by-step directions to execute a specific security activity is referred to as a:

Student Answer:Regulation

Standard

Guideline

Procedure


Comments:

Question23.Question :In the standards taxonomy _____________ suggests that no single person is responsible for approving his own work.

Student Answer:Separation of duties

Education, awareness, and training

Asset and data classification

Risk analysis and management


Comments:

Question24.Question :____________ provides technical facilities, data processing, and support services to users of information systems.

Student Answer:Chief information security officer

Information resources manager

Owners of information resources

Custodians of information resources


Comments:

Question25.Question :What is within a trusted system that people want to access or use?

Student Answer:Object

Subject

MAC

TCB


Comments:

Question26.Question :All of the following general rules are used to construct rings of trust in networked systems except:

Student Answer:Hosts trust more inner ring hosts than themselves

Hosts do not trust outer ring hosts more than themselves

Hosts in a ring of a segmented sub network trust hosts in the same ring of a different segment

Hosts trust hosts in the same ring


Comments:

Question27.Question :Which of the following uses a specific OS and lacks a standard interface to connect to other systems?

Student Answer:Finite-state machine

Open system

Closed system

None of the above


Comments:

Question28.Question :The criteria used to rate the effectiveness of trusted systems is set forth in:

Student Answer:TCSEC

ITSEC

CTCPEC

Allof the above


Comments:

Question29.Question :Which of the following is NOT a criterion for Class A1 design verification?

Student Answer:Clearly identified and documented model of a security policy

Top-level specification that includes definitions of the functions of TCB

TCB implementation consistent with top-level specification

None of the above


Comments:

Question30.Question :Which of the following is NOT an ITSEC specialized, stand alone class?

Student Answer:F-AP

F-IN

F-AV

F-DC


Comments:

Question31.Question :All of the following are classes of security functional requirements except:

Student Answer:Privacy

Communications

Audit

Security training


Comments:

Question32.Question :____________ is the process of protecting the confidentiality, integrity, and availability of data from accidental or intentional misuse.

Student Answer: information security

Instructor Explanation:


Comments:

Question33.Question :Information security consists of best practices and experiences from several domains but begins with the non-technical, ____________ aspects of a security posture.

Student Answer: human-centric



Comments:

Question34.Question :Information security specialists need to have a(n) ___________ view of the world around them and avoid a strictly technical orientation.

Student Answer: holistic



Comments:

Question35.Question :____________ security is within the umbrella of information security.

Student Answer: physical



Comments:

Question36.Question :The first principle of information security says that a hacker can break any security system given enough time, inclination, tools, and ____________.

Student Answer: skills



Comments:

Question37.Question :One goal of information security is to promote the ____________ of data for authorized use.

Student Answer: availability



Comments:

Question38.Question :Spending more on securing on asset than the intrinsic value of the asset is a waste of ____________.

Student Answer: time(A correct answer: resources)



Comments:Time, yes, but more generally resources

Question39.Question :People, ____________, and technology must work together to secure systems.

Student Answer: process



Comments:

Question40.Question :A technical area of study within the CBK, the security architecture domain, addresses ____________ issues.

Student Answer: network



Comments:

Question41.Question :A compilation of all security information collected internationally and relevant to information security professionals is the ____________.

Student Answer: orange book(A correct answer: CBK)



Comments:

Question42.Question :To maintain relevance and currency ____________ and governance of certification process is needed.

Student Answer: oversight



Comments:

Question43.Question :The Security Management Practices domain highlights the importance of a comprehensive security ____________.

Student Answer: plan



Comments:

Question44.Question :Operational procedures and tools familiar to IT specialists are covered in the ____________ Security domain.

Student Answer: operations



Comments:

Question45.Question :Information security ____________ are often dictated by the nature of an organizations business.

Student Answer: standards



Comments:

Question46.Question :User education, awareness, and training on policies and procedures are important because ____________ are the weakest link in a security-related process.

Student Answer: people



Comments:

Question47.Question :One or more components that enforce a unified security policy over a product or system make up a ____________.

Student Answer: operating system(A correct answer: TCB)



Comments:

Question48.Question :Directly addressable by the CPU, ____________ memory stores application or system code as well as data.

Student Answer: CPU(A correct answer: random)



Comments:RAM

Question49.Question :Describing how functional requirements should be implemented and tested is defined as ____________ requirements.

Student Answer: assurance



Comments:

Question50.Question :Security testing ____________ that the implementation of the function is not flawed.

Student Answer: ensures(A correct answer: validates)



Comments:

* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)

Bottom of Form

Mid Term Exam

Documents

Transcript of Mid Term Exam