Professional Documents
Culture Documents
MIDTERM EXAM - Attempt Review
MIDTERM EXAM - Attempt Review
Question 1
Correct
It is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system
unavailable.
Question 2
Correct
To ensure availability usually includes responses only to acts of God (e.g., earthquakes) or accidental anthropogenic events (e.g., a toxic gas
leak preventing entry to a facility).
Question 3
Correct
A system's audit records, often called an audit trail , have other potential uses besides establishing accountability.
Question 4
Incorrect
It is a requirement whose purpose is to keep sensitive information from being disclosed to unauthorized recipients.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 1/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 5
Incorrect
They consolidate various preparing subjects and instructing procedures to help ensure worker readiness and improve their guarded
reactions.
Question 6
Incorrect
Rules and administrative codes are issued by governmental agencies at all levels, municipal, county, state, and federal.
Answer: Regulations
Question 7
Correct
It may check that software has not changed, that file access controls are properly set, that obsolete user accounts have been turned off, that
incoming and outgoing communications lines are correctly enabled, that passwords are hard to guess, and so on.
Question 8
Incorrect
It can install keyloggers to capture everything you type, control your webcam/microphone, or send all your data to remote servers that the
criminal controls.
Answer: Trojan
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 2/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 9
Incorrect
Question 10
Incorrect
It can be fortified by workers being sent fake phishing and malware messages to perceive how they respond, and afterward gave focused on
preparing to the individuals who neglect to react in a safe way.
Answer: Phishing
Question 11
Correct
Ensuring information is disclosed to, and reviewed exclusively by intended recipients/authorized individuals.
Answer: Confidentiality
Question 12
Incorrect
A multi-factor authentication (MFA) solution that allows you to use a second factor that you have or have access to when you log in to your
account.
Question 13
Correct
These is the mechanisms and techniques—administrative, procedural, and technical—that are instituted to implement a security policy.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 3/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 14
Correct
Its purpose is to keep track of what has happened, of who has had access to information and resources and what actions have been taken.
Question 15
Correct
Answer: WannaCry
Question 16
Correct
The attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for
malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Answer: Phishing
Question 17
Incorrect
It might be expected to provide confidentiality if it serves diverse clientele, integrity if it is used as a development environment for software
or engineering designs, and availability to the extent that no one user can monopolize the service and that lost files will be retrievable.
Answer: Confidentiality
Question 18
Incorrect
Organizations and people that use computers can describe their needs for information security and trust in systems in terms of three major
requirements: confidentiality, int , __________, and _________.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 4/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 19
Correct
They reflect concerns for preventing errors and omissions, and controlling the effects of program change.
Question 20
Incorrect
They provide independent assurance to management on the appropriateness of the security objectives.
Question 21
Correct
Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals.
Answer: Availability
Question 22
Incorrect
In these systems (e.g., Bitnet) messages travel lengthy paths through computers in the control of numerous organizations of which the
communicants are largely unaware, and for which message handling is not a central business concern.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 5/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 23
Incorrect
It is an example of a broader class of controls that attempt to specify who is trusted for a given purpose.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 6/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 24
Incorrect
Planning a security program is somewhat like buying insurance. An organization must consider the following: The value of t , _________,
_________, _________, and __________.
Question 25
Incorrect
Question 26
Correct
Responsible for using resources and preserving availability, integrity, and confidentiality of assets and responsible for adhering to security
policy.
Answer: Users
Question 27
Correct
They are assigned to the overall responsibility for information security and should include specific organizational roles.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 7/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 28
Incorrect
Proper cyber defense training should cover the following: Securing mobile , __________, ________, and _________.
Question 29
Incorrect
The need to protect personal information is addressed in several laws which was enacted during a period of international concern about
privacy triggered by advancing computerization of personal data.
Question 30
Incorrect
Identity information, financial records, healthcare records, etc. are examples of Personally id .
Question 31
Correct
Answer: system
Question 32
Correct
The year when the Internet was attacked by a self-replicating program called a worm that spread within hours to somewhere between 2,000
and 6,000 computer systems—the precise number remains uncertain. Only systems (VAX and Sun 3) running certain types of Unix (variants of
BSD 4) were affected.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 8/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 33
Correct
It determines whether a particular user, who has been authenticated as the source of a request to do something, is trusted for that operation.
Answer: Authorization
Question 34
Incorrect
Email spoofing typically uses an email address that mimics a trusted party, such as a manager, executive or co-worker, and can be difficult to
recognize (especially on mobile devices).
Answer: Yes, that is correct. Email spoofing is a type of forgery where an attacker sends an
Question 35
Incorrect
It includes environmental controls such as guards, locks, doors, and fences as well as protection against and recovery from fire, flood, and
other natural hazards.
Question 36
Correct
A function that has custody of the system/databases, not necessarily belonging to them, for any period of time.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 9/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 37
Incorrect
It may even affect applications that do not involve communication at all: the risks of interconnection are borne not only by the applications
they benefit, but also by other applications that share the same equipment.
Answer: Yes, that is correct. When applications share the same equipment or infrastructure
Question 38
Incorrect
From a security standpoint, it represents the ability to protect against and recover from a damaging event.
Answer: Confidentiality
Question 39
Correct
Question 40
Incorrect
It has much in common with a failure that results from faulty equipment, software, or operations.
Question 41
Correct
An international network of computer systems that has evolved over the last decade, provides electronic mail, file transfer, and remote log-in
capabilities.
Answer: Internet
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 10/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 42
Correct
Such mechanisms are called Discretionary a by the DOD, and user-directed, identity-based access controls by the International
Organization for Standards.
Question 43
Correct
They a duty to preserve and protect assets and to maintain the quality of service.
Answer: Management
Question 44
Correct
It is offered by few computer systems today, although a legal need for it can be foreseen as computer-mediated transactions become more
common in business.
Answer: Nonrepudiation
Question 45
Correct
It may prevent people from doing unauthorized things but cannot prevent them from doing things that their job functions entitle them to
do.
Question 46
Incorrect
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 11/12
3/18/23, 8:25 PM MIDTERM EXAM: Attempt review
Question 47
Incorrect
It specifies that important operations cannot be performed by a single person but instead require the agreement of (at least) two different
people.
Question 48
Incorrect
The basic principles in preventing breaches of security: confidentiality, in , __________, and _______.
Question 49
Correct
Answer: Integrity
Question 50
Incorrect
It supports accountability and therefore are valuable to management and to internal or external auditors.
trimestralexam.amaesonline.com/2223/mod/quiz/review.php?attempt=136866&cmid=1680&showall=1 12/12