3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Home My courses UGRD-IT6206A-2223T MIDTERM EXAM MIDTERM EXAM

Started on Saturday, 18 March 2023, 8:57 AM

State Finished
Completed on Saturday, 18 March 2023, 9:46 AM
Time taken 49 mins 53 secs
Marks 24.00/50.00
Grade 48.00 out of 100.00

Question 1
Correct

Mark 1.00 out of 1.00

It is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system
unavailable.

Answer:  Contingency planning

Question 2
Correct

Mark 1.00 out of 1.00

To ensure availability usually includes responses only to acts of God (e.g., earthquakes) or accidental anthropogenic events (e.g., a toxic gas
leak preventing entry to a facility).

Answer:  Traditional contingency planning

Question 3
Correct

Mark 1.00 out of 1.00

A system's audit records, often called an audit trail , have other potential uses besides establishing accountability.

Question 4
Incorrect

Mark 0.00 out of 1.00

It is a requirement whose purpose is to keep sensitive information from being disclosed to unauthorized recipients.

Answer:  Informational privacy rights

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 1/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 5

Incorrect

Mark 0.00 out of 1.00

They consolidate various preparing subjects and instructing procedures to help ensure worker readiness and improve their guarded
reactions.

Answer:  Security Training and Awareness Manager

Question 6
Incorrect

Mark 0.00 out of 1.00

Rules and administrative codes are issued by governmental agencies at all levels, municipal, county, state, and federal.

Answer:  Regulations

Question 7
Correct

Mark 1.00 out of 1.00

It may check that software has not changed, that file access controls are properly set, that obsolete user accounts have been turned off, that
incoming and outgoing communications lines are correctly enabled, that passwords are hard to guess, and so on. 

Answer:  Static audit services

Question 8
Incorrect

Mark 0.00 out of 1.00

It can install keyloggers to capture everything you type, control your webcam/microphone, or send all your data to remote servers that the
criminal controls.

Answer:  Trojan

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 2/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 9

Incorrect

Mark 0.00 out of 1.00

They determine access privileges and some security policies.

Answer:  Access Control Specialist

Question 10
Incorrect

Mark 0.00 out of 1.00

It can be fortified by workers being sent fake phishing and malware messages to perceive how they respond, and afterward gave focused on
preparing to the individuals who neglect to react in a safe way.

Answer:  Phishing

Question 11
Correct

Mark 1.00 out of 1.00

Ensuring information is disclosed to, and reviewed exclusively by intended recipients/authorized individuals.

Answer:  Confidentiality

Question 12
Incorrect

Mark 0.00 out of 1.00

A multi-factor authentication (MFA) solution that allows you to use a second factor that you have or have access to when you log in to your
account.

Answer:  Google Authenticator

Question 13
Correct

Mark 1.00 out of 1.00

These is the mechanisms and techniques—administrative, procedural, and technical—that are instituted to implement a security policy.

Answer:  Management controls

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 3/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 14

Correct

Mark 1.00 out of 1.00

Its purpose is to keep track of what has happened, of who has had access to information and resources and what actions have been taken. 

Answer:  Individual accountability

Question 15
Correct

Mark 1.00 out of 1.00

One of the biggest cyberattacks occur last 2017 .

Answer:  WannaCry

Question 16
Correct

Mark 1.00 out of 1.00

The attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for
malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Answer:  Phishing

Question 17
Incorrect

Mark 0.00 out of 1.00

It might be expected to provide confidentiality if it serves diverse clientele, integrity if it is used as a development environment for software
or engineering designs, and availability to the extent that no one user can monopolize the service and that lost files will be retrievable.

Answer:  Confidentiality

Question 18
Incorrect

Mark 0.00 out of 1.00

Organizations and people that use computers can describe their needs for information security and trust in systems in terms of three major
requirements:  confidentiality, int , __________, and _________.

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 4/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 19

Correct

Mark 1.00 out of 1.00

They reflect concerns for preventing errors and omissions, and controlling the effects of program change. 

Answer:  Integrity policies

Question 20
Incorrect

Mark 0.00 out of 1.00

They provide independent assurance to management on the appropriateness of the security objectives.

Answer:  Internal audit

Question 21
Correct

Mark 1.00 out of 1.00

Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals.

Answer:  Availability

Question 22
Incorrect

Mark 0.00 out of 1.00

In these systems (e.g., Bitnet) messages travel lengthy paths through computers in the control of numerous organizations of which the
communicants are largely unaware, and for which message handling is not a central business concern.

Answer:  The Internet Worm

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 5/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 23

Incorrect

Mark 0.00 out of 1.00

It is an example of a broader class of controls that attempt to specify who is trusted for a given purpose.

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 6/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Answer:  Trust models

Question 24
Incorrect

Mark 0.00 out of 1.00

Planning a security program is somewhat like buying insurance. An organization must consider the following:  The value of t , _________,
_________, _________, and __________.

Question 25

Incorrect

Mark 0.00 out of 1.00

Who developed and launched Internet worm?

Answer:  Robert Tappan Morris

Question 26
Correct

Mark 1.00 out of 1.00

Responsible for using resources and preserving availability, integrity, and confidentiality of assets and responsible for adhering to security
policy.

Answer:  Users

Question 27
Correct

Mark 1.00 out of 1.00

They are assigned to the overall responsibility for information security and should include specific organizational roles.

Answer:  Executive Management

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 7/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 28

Incorrect

Mark 0.00 out of 1.00

Proper cyber defense training should cover the following:  Securing mobile , __________, ________, and _________.

Question 29
Incorrect

Mark 0.00 out of 1.00

The need to protect personal information is addressed in several laws which was enacted during a period of international concern about
privacy triggered by advancing computerization of personal data.

Answer:  Republic Act 10173

Question 30
Incorrect

Mark 0.00 out of 1.00

Identity information, financial records, healthcare records, etc. are examples of  Personally id .

Question 31
Correct

Mark 1.00 out of 1.00

It is an interdependent collection of components that can be considered as a unified whole. 

Answer:  system

Question 32
Correct

Mark 1.00 out of 1.00

The year when the Internet was attacked by a self-replicating program called a worm that spread within hours to somewhere between 2,000
and 6,000 computer systems—the precise number remains uncertain. Only systems (VAX and Sun 3) running certain types of Unix (variants of
BSD 4) were affected.

Answer:  November 2, 1988

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 8/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 33

Correct

Mark 1.00 out of 1.00

It determines whether a particular user, who has been authenticated as the source of a request to do something, is trusted for that operation.

Answer:  Authorization

Question 34
Incorrect

Mark 0.00 out of 1.00

Email spoofing typically uses an email address that mimics a trusted party, such as a manager, executive or co-worker, and can be difficult to
recognize (especially on mobile devices).

Answer:  Yes, that is correct. Email spoofing is a type of forgery where an attacker sends an

Question 35
Incorrect

Mark 0.00 out of 1.00

It includes environmental controls such as guards, locks, doors, and fences as well as protection against and recovery from fire, flood, and
other natural hazards.

Answer:  Physical security

Question 36
Correct

Mark 1.00 out of 1.00

A function that has custody of the system/databases, not necessarily belonging to them, for any period of time.

Answer:  Data Custodians

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 9/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 37

Incorrect

Mark 0.00 out of 1.00

It may even affect applications that do not involve communication at all: the risks of interconnection are borne not only by the applications
they benefit, but also by other applications that share the same equipment. 

Answer:  Yes, that is correct. When applications share the same equipment or infrastructure

Question 38
Incorrect

Mark 0.00 out of 1.00

From a security standpoint, it represents the ability to protect against and recover from a damaging event.

Answer:  Confidentiality

Question 39
Correct

Mark 1.00 out of 1.00

The Internet was attacked by a self-replicating program called a  Worm .

Question 40
Incorrect

Mark 0.00 out of 1.00

It has much in common with a failure that results from faulty equipment, software, or operations.

Answer:  Improper operation

Question 41
Correct

Mark 1.00 out of 1.00

An international network of computer systems that has evolved over the last decade, provides electronic mail, file transfer, and remote log-in
capabilities.

Answer:  Internet

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 10/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 42

Correct

Mark 1.00 out of 1.00

Such mechanisms are called  Discretionary a  by the DOD, and user-directed, identity-based access controls by the International
Organization for Standards.

Question 43
Correct

Mark 1.00 out of 1.00

They a duty to preserve and protect assets and to maintain the quality of service.

Answer:  Management

Question 44

Correct

Mark 1.00 out of 1.00

It is offered by few computer systems today, although a legal need for it can be foreseen as computer-mediated transactions become more
common in business.

Answer:  Nonrepudiation

Question 45
Correct

Mark 1.00 out of 1.00

It may prevent people from doing unauthorized things but cannot prevent them from doing things that their job functions entitle them to
do.

Answer:  Technical measures

Question 46
Incorrect

Mark 0.00 out of 1.00

The email will normally impersonate a genuine company or person.

Answer:  Email impersonation

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 11/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review

Question 47

Incorrect

Mark 0.00 out of 1.00

It specifies that important operations cannot be performed by a single person but instead require the agreement of (at least) two different
people. 

Answer:  dual control

Question 48
Incorrect

Mark 0.00 out of 1.00

The basic principles in preventing breaches of security:  confidentiality, in , __________, and _______.

Question 49

Correct

Mark 1.00 out of 1.00

Ensuring the accuracy and completeness of information and processing methods.

Answer:  Integrity

Question 50
Incorrect

Mark 0.00 out of 1.00

It supports accountability and therefore are valuable to management and to internal or external auditors.

Answer:  The principle of separation of duties

trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 12/12