Module 9 – Practice Test- Information Security management

Which of the following is the first step in risk management?
Assess what the threats are.
A ________ is a company that can take over another company’s processing with no forewarning.
hot site
________ is the term used to denote viruses, worms, Trojan horses, spyware and adware.
Malware
Maintaining the DBMS on computers in a locked room is part of the ________.
physical security
_______ is when someone deceives by pretending to be someone else.
Pretexting
About 90 per cent of all viruses are spread via ________.
email attachments
________ refers to things we do not know that we do not know.
Uncertainty
Organisations should protect sensitive data by storing it in ________ form
encrypted
Independent third-party companies that validate public keys are known as ________.
certificate authorities
Which of the following is an example of a human safeguard?
procedure design
________ a site means to take extraordinary measures to reduce a system’s vulnerability.
Hardening
________ take computers with wireless connections through an area, search for unprotected wireless networks and then monitor and intercept wireless traffic at will.
Drive-by sniffers
Which of the following is an example of a data safeguard?
physical security
Which of the following is a technique used to ensure that plaintext messages are received without alteration?
digital signatures
Because encryption keys can be lost or destroyed, a copy of the key should be stored with a trusted third party. This procedure is called ________.
key escrow
Which of the following is used to counter spoofing?
digital certificates
________ is defined as any action, device, procedure, technique or other measure that reduces a system’s vulnerability to a threat.
Safeguard
Which of the following is an example of a technical safeguard?
encryption
Which element of the security policy specifies how the organisation will ensure enforcement of security programmes and policies?
general statement of the security programme
Which of the following is an example of an intangible consequence?
loss of customer goodwill due to an outage
The ________ pretends to be a legitimate company and sends an email trying to obtain confidential data, such as account numbers, IRD numbers, account passwords and so forth.
phisher
________ refers to threats and consequences that we know about.
Risk
Which of the following is a critical security function of senior-management involvement?
establishing the security policy
________ encryption uses the same key for both parties.
Symmetric
________ is a virus that masquerades as a useful program or file.
A Trojan horse
Which of the following observations is true of a cold site?
Customers will have to install and manage systems themselves.
Users should scan their computers with anti-malware programs at least ________.
once a week
The ________ plan should specify what to do when an employee notices a virus on their machine.
incident-response
________ is a virus that propagates with no user involvement, using the Internet or other computer networks.
A worm
No safeguard is ironclad; there is always a ________ that the safeguard will not protect the assets under some circumstances.
residual risk