1. Which one of the following should be employed to protect data against undetected corruption?
a. Non-repudiation
b. Encryption
c. Authentication
d. Integrity
2. Which factors is critical in all systems to protect data integrity?
a. Data Classification
b. Information ownership
c. Change control
d. System design
3. What name is given to the study and control of signal emanations from electical and electromagnetic equipment?
a. EMI
b. Cross Talk
c. EMP
d. TEMPEST
4. Management can expect penetration tests to provide all of the following EXCEPT:
a. identification of security flaws
b. demonstration of the effects of the flaws
c. a method to correct the security flaws
d. verification of the levels of existing infiltration resistance
5. Which one of the following attacks is MOST effective against an Internet Protocol Security (IPSEC) based virtual private network (VPN)?
a. brute force
b. Man-in-the-middle
c. Traffic analysis
d. Replay
6. After law enforcement is informed of a computer crime, the organization's investigators contraints are
a. removed
b. reduced
c. increased
d. unchanged
7. Who is the individual permitted to add users or install trusted programs?
a. Database Admin
b. Computer Manager
c. Security Admin
d. Operations Manager
8. When developing an information security policy, what is the FIRST step that should be taken?
a. Obtain copies of mandatory regulations
b. Gain management approval
c. Seek acceptance from other departments
d. Ensure policy is compliant with current working practices
9. Which of the following implements the authorized access relationship between subjects and objects of a system?
a. Security model
b. Reference kernel
c. Security kernel
d. Information flow model
10. Which one of the following should NOT be contained within a computer policy?
a. Definition of management expectations.
b. Responsibilities of individuals and groups for protected information.
c. Statement of senior executive support.
d. Definitions of legal and regulatory controls.
11. Which one of the following could a company implement to help reduce PBX fraud?
a. Call vectoring
b. Direct Inward System Access (DISA)
c. Teleconferencing bridges
d. Remote maintenance ports
12. Which of the following are objectives of an information systems security program?
a. Threats, vulnerabilities, and risks
b. Security, Information value, and threats
c. Integrity, confidentiality, and availability
d. Authenticity, vulnerabilities, and costs
13. Firewalls filters incoming traffic according to
a. The packet composition
b. A security policy
c. Stateful packet rules
d. A security process
14. Which one of the following is the primary goal of Business Continuity Planning?
a. Sustain the organization
b. Recover from a major data center outage
c. Test the ability to prevent major outages
d. Satisfy audit requirements
15. What technique is used to prevent eavesdropping of digital cellular telephone conversations?
a. Encryption
b. Authentication
c. Call detail suppression
d. Time-division multiplexing
ANSWERS:
1-D, 2-A, 3-D, 4-B, 5-B, 6-C, 7-D, 8-B, 9-A, 10-B, 11-B, 12-C, 13-B, 14-A, 15-D
|
