Mid Term Exam

Grading Summary
These are the automatically

computed results of your exam.
Grades for essay questions, and
comments from your instructor, are
in the "Details" section below.
Date Taken: 7/31/2014
Time Spent: 2 h , 00 secs
Points Received: 440 / 495 (88.9%)
Question Type: # Of Questions: # Correct:
Multiple Choice 31 29
Fill in the Blank 19 14

Grade Details - All Questions
Question 1. Question : Information security is the process of protecting
all of the following except:
Student Answer:

Confidentiality of data

Data integrity

Availability of data

Data configuration

Points Received: 10 of 10
Comments:

-1388448646 MultipleChoice 1 True

0 -1388448646 MultipleChoice 1

Question 2. Question : Information security managers are often motivated
by which of the following?
Student Answer:

Concern for the well-being of
society

Governmental regulation

Fear of unwanted publicity

All of the above are motivating
factors

Comments:



Question 3. Question : Security professionals activities include all of the
following except:
Student Answer:

Finding the source of the problem

Naming the virus

Eradicating the problem

Repairing the damage

Comments:



Question 4. Question : Demand for expertly trained security professionals
is the result of:
Student Answer:

Specialized training

Increased terrorist activity

New laws regulating the flow of
information

Retirement of current security
professionals

Comments:



Question 5. Question : One increasingly important step to becoming an
information security specialist is to:
Student Answer:

Get a degree in the psychology of
crime

Create, test, and debug a virus or
worm program

Build a home laboratory

Do all of the above

Comments:



Question 6. Question : Information Security magazine suggests that a
good curriculum includes courses in:
Student Answer:

Quality assurance

Legal issues

Human factors

Bioengineering

Comments:



Question 7. Question : ____________ establish and maintain the user
base permitted to access a system in the normal
course of their job duties.
Student Answer:

Security testers

Security administrators

Access coordinators

Network engineers

Comments:



Question 8. Question : Topics within the umbrella of information security
include all of the following except:
Student Answer:

Incident response

Key management

Security testing

Electronic forensics

Comments:



Question 9. Question : Given enough time, tools,
inclination, and ____________, a
hacker can break through any
security measure.
Student Answer:

talent

skills

intelligence

assets

Comments:



Question 10. Question : IS professionals who create a plan
to protect a computer system
consider all of the following in the
planning process except:
Student Answer:

Defining the structural composition
of data

Protecting the confidentiality of
data

Preserving the integrity of data

Promoting the availability of data
for authorized use

Comments:



Question 11. Question : Which of the following is NOT a
goal of an integrity model security
system?
Student Answer:

Preventing unauthorized users from
modifying data or programs

Verifying data consistency for
internal and external programs

Preventing authorized users form
making unauthorized modifications

Maintaining internal and external
consistency of data and programs

Comments:



Question 12. Question : Overlapping layers provide all of
the following elements necessary to
secure assets except:
Student Answer:

Direction

Response

Detection

Prevention

Comments:



Question 13. Question : Which of the following statements
about Principle 4 is false?
Student Answer:

exchange for worthless goods,
people tend to give up credentials.

The organizers of Infosecurity
Europe 2003 found that 75% of
survey respondents revealed
information immediately.

Todays virus writers are not very
sophisticated.

It is easy to fool people into
spreading viruses.

Comments:



Question 14. Question : IS principle five states that security
depends on these requirements:
Student Answer:

Functional and assurance

Verification and validation

Availability and integrity

Usability and interface

Comments:



Question 15. Question : Software developers often lack the
____________ and ____________
needed to test and break their
software.
Student Answer:

Wherewithal, motivation

Money, time

Expertise, resources

Qualifications, experience.

Comments:



Question 16. Question : The unique security issues and
considerations of every system
make it crucial to understand all of
the following except:
Student Answer:

Adherence to security standards

The security skills of the
development teams

What hardware and software is
used to deploy the system

The specific nature of data the
system maintains.

Comments:



Question 17. Question : The Common Body of Knowledge with
____________ domains is the framework of the
information security field.
Student Answer:

5

10

15

20

Comments:



Question 18. Question : Security professional benefits from ISC
2 certification
include all of the following except:

Student Answer:

Establishes best practices

Confirms knowledge of
information security

Confirms passing of an
examination

Broadens career expectations.

Comments:



Question 19. Question : An effective security policy contains all of the
following information except:
Student Answer:

Reference to other policies

Measurement expectations

Compliance management and
measurements description

Glossary of terms

Comments:



Question 20. Question : The basic components of an issue-specific policy
might include all of the following except:
Student Answer:

Compliance

Applicability

Issue statement

Standard library structure

Comments:



Question 21. Question : A basic component of an issue-specific policy that
defines a security issue and any relevant terms,
distinctions, and conditions is a(n):
Student Answer:

Issue statement

Statement of the organizations
position

Point of contact and supplementary
information

Role and responsibility

Comments:



Question 22. Question : Step-by-step directions to execute a specific
security activity is referred to as a:
Student Answer:

Regulation

Standard

Guideline

Procedure

Comments:



Question 23. Question : In the standards taxonomy _____________
suggests that no single person is responsible for
approving his own work.
Student Answer:

Separation of duties

Education, awareness, and training

Asset and data classification

Risk analysis and management

Comments:



Question 24. Question : ____________ provides technical facilities, data
processing, and support services to users of
information systems.
Student Answer:

Chief information security officer

Information resources manager

Owners of information resources

Custodians of information
resources

Comments:



Question 25. Question : What is within a trusted system that people want
to access or use?
Student Answer:

Object

Subject

MAC

TCB

Comments:



Question 26. Question : All of the following general rules are used to
construct rings of trust in networked systems
except:
Student Answer:

Hosts trust more inner ring hosts
than themselves

Hosts do not trust outer ring hosts
more than themselves

Hosts in a ring of a segmented sub
network trust hosts in the same ring
of a different segment

Hosts trust hosts in the same ring

Comments:



Question 27. Question : Which of the following uses a specific OS and
lacks a standard interface to connect to other
systems?
Student Answer:

Finite-state machine

Open system

Closed system

None of the above

Comments:



Question 28. Question : The criteria used to rate the effectiveness of
trusted systems is set forth in:
Student Answer:

TCSEC

ITSEC

CTCPEC

All of the above

Comments:



Question 29. Question : Which of the following is NOT a criterion for
Class A1 design verification?
Student Answer:

Clearly identified and documented
model of a security policy

Top-level specification that
includes definitions of the functions
of TCB

TCB implementation consistent
with top-level specification

None of the above

Comments:



Question 30. Question : Which of the following is NOT an ITSEC
specialized, stand alone class?
Student Answer:

F-AP

F-IN

F-AV

F-DC

Comments:

-1388448617 MultipleChoice 30 False


Question 31. Question : All of the following are classes of security
functional requirements except:
Student Answer:

Privacy

Communications

Audit

Security training

Comments:

-1388448616 MultipleChoice 31 False


Question 32. Question : ____________ is the process of protecting the
confidentiality, integrity, and availability of data
from accidental or intentional misuse.
Student Answer: information security
Instructor Explanation:

Comments:

-1388448615 FillInTheBlank 1 True

0 -1388448615 FillInTheBlank 1

Question 33. Question : Information security consists of best practices and
experiences from several domains but begins with
the non-technical, ____________ aspects of a
security posture.
Student Answer: human-centric

Comments:



Question 34. Question : Information security specialists need to have a(n)
___________ view of the world around them and
avoid a strictly technical orientation.
Student Answer: holistic

Comments:



Question 35. Question : ____________ security is within the umbrella of
information security.
Student Answer: physical

Comments:



Question 36. Question : The first principle of information
security says that a hacker can
break any security system given
enough time, inclination, tools, and
____________.
Student Answer: skills

Comments:



Question 37. Question : One goal of information security is
to promote the ____________ of
data for authorized use.
Student Answer: availability

Comments:



Question 38. Question : Spending more on securing on asset
than the intrinsic value of the asset
is a waste of ____________.
Student Answer: time (A correct answer: resources)
Instructor
Explanation:

Comments: Time, yes, but more generally resources

-1388448609 FillInTheBlank 7 False


Question 39. Question : People, ____________, and
technology must work together to
secure systems.
Student Answer: process

Comments:



Question 40. Question : A technical area of study within the CBK, the
security architecture domain, addresses
____________ issues.
Student Answer: network

Comments:



Question 41. Question : A compilation of all security information collected
internationally and relevant to information security
professionals is the ____________.
Student Answer: orange book (A correct answer: CBK)
Instructor
Explanation:

Comments:



Question 42. Question : To maintain relevance and currency
____________ and governance of certification
process is needed.
Student Answer: oversight

Comments:



Question 43. Question : The Security Management Practices domain
highlights the importance of a comprehensive
security ____________.
Student Answer: plan

Comments:



Question 44. Question : Operational procedures and tools familiar to IT
specialists are covered in the ____________
Security domain.
Student Answer: operations

Comments:



Question 45. Question : Information security ____________ are often
dictated by the nature of an organizations
business.
Student Answer: standards

Comments:



Question 46. Question : User education, awareness, and training on
policies and procedures are important because
____________ are the weakest link in a security-
related process.
Student Answer: people

Comments:



Question 47. Question : One or more components that enforce a unified
security policy over a product or system make up a
____________.
Student Answer: operating system (A correct answer: TCB)
Instructor
Explanation:

Comments:



Question 48. Question : Directly addressable by the CPU, ____________
memory stores application or system code as well
as data.
Student Answer: CPU (A correct answer: random)
Instructor
Explanation:

Comments: RAM



Question 49. Question : Describing how functional requirements should be
implemented and tested is defined as
____________ requirements.
Student Answer: assurance

Comments:



Question 50. Question : Security testing ____________ that the
implementation of the function is not flawed.
Student Answer: ensures (A correct answer: validates)
Instructor
Explanation:

Comments:



* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)

Mid Term Exam

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Mid Term Exam

Caricato da

Copyright:

Formati disponibili

Grading Summary

These are the automatically

Potrebbero piacerti anche