Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Complete
Mark 1.00 out of 1.00
Question text
Which of the following is not a part of risk analysis?
Select one:
a. Choose the best countermeasure
b. Identify risks
c. Quantify the impact of potential threats
d. Provide an economic balance between the impact of the risk and the cost of the
associated countermeasures
Question 4
Complete
Mark 1.00 out of 1.00
Question text
What is the BEST method for mitigating against network denial of service (DoS) attacks?
Select one:
a. Ensure all servers are up-to-date on as patches
b. Employ packet filtering to drop suspect packets
c. Implement load balancing for Internet facing devices
d. Implement network address translation to make internal addresses nonroutable
Question 5
Complete
Mark 1.00 out of 1.00
Question text
You work in the office of a large company. You receive a call from a person claiming to be
from the Helpdesk. He asks you for your password. What kind of threat is this?
Select one:
a. Natural threat
b. Social Engineering
c. Organizational threat
Question 6
Complete
Mark 1.00 out of 1.00
Question text
Most computer attacks result in violation of which of the following security properties?
Select one:
a. All of the choices
b. Confidentiality
c. Integrity and control
d. Availability
Question 8
Complete
Mark 1.00 out of 1.00
Question text
Which one of the following is not one of the outcomes of a vulnerability analysis?
Select one:
a. Formal approval of BCP scope and initiation document
b. Defining critical support areas
c. Qualitative loss assessment
d. Quantative loss assessment
Question 9
Complete
Mark 1.00 out of 1.00
Question text
A new worm has been released on the Internet. After investigation, you have not been able to
determine if you are at risk of exposure. Management is concerned as they have heard that a
number of their counterparts are being affected by the worm. How could you determine if
you are at risk?
Select one:
a. Contact your anti-virus vendor
b. Discuss threat with a peer in another organization
Question 10
Complete
Mark 1.00 out of 1.00
Question text
Which of the following is a key area of the ISO 27001 framework?
Select one:
a. Operational risk assessment
b. Financial crime metrics
c. Business continuity management
d. Capacity management
Question 15
Complete
Mark 1.00 out of 1.00
Question text
Making sure that the data is accessible when and where it is needed is which of the
following?
Select one:
a. Integrity
b. Confidentiality
c. Availability
d. Acceptability
Question 16
Complete
Mark 1.00 out of 1.00
Question text
Which of the following choices is NOT part of a security policy?
Select one:
a. definition of general and specific responsibilities for information security management
b. description of specific technologies used in the field of information security
Question 17
Complete
Mark 1.00 out of 1.00
Question text
Security is a process that is:
Select one:
a. Abnormal
b. Examined
c. Indicative
d. Continuous
Question 18
Complete
Mark 1.00 out of 1.00
Question text
Information security is the protection of data. Information will be protected mainly based
on:
Select one:
a. Its value
b. Its confidentiality
c. All of the choices
d. Its sensitivity to the company
Question 23
Complete
Mark 1.00 out of 1.00
Question text
The computer room is protected by a pass reader. Only the System Management department
has a pass. What type of security measure is this?
Select one:
a. a physical security measure
Question 24
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Why is it necessary to keep a disaster recovery plan up to date and to test it regularly?
Select one:
a. Because otherwise, in the event of a far-reaching disruption, the measures taken and
the incident procedures planned may not be adequate or may be outdated.
b. In order to be able to cope with daily occurring faults.
c. In order to always have access to recent backups that are located outside the office.
d. Because this is required by Personal Data Protection legislation.
Started on
State
Finished
Completed on
Time taken
18 mins 1 sec
Overdue
3 mins 1 sec
Marks
9.00/25.00
Grade
Question 1
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Which of the following would be the first step in establishing an
information security
program?
Select one:
a. Development and implementation of an information security
standards manual
b. Adoption of a corporate information security policy
statement
c. Purchase of security access control software
d. Development of a security awareness-training program
Question 2
Complete
Mark 0.00 out of 1.00
Flag question
Question text
You are the owner of the courier company SpeeDelivery. You
employ a few people who, while waiting to make a delivery, can
carry out other tasks. You notice, however, that they use this
time to send and read their private mail and surf the Internet.
In legal terms, in which way can the use of the Internet and email facilities be best regulated?
Select one:
a. Installing an application that makes certain websites no
longer accessible and that filters attachments in e-mails
b. Drafting a code of conduct for the use of the Internet and email in which the rights and obligations of both the employer
and staff are set down
c. Installing a virus scanner
d. Implementing privacy regulations
Question 3
Complete
Mark 0.00 out of 1.00
Flag question
Question text
Which must bear the primary responsibility for determining the
level of protection needed
for information systems resources?
Select one:
a. IS Security Specialists
b. Senior Management
c. System Auditors
d. Seniors Security Analysts
Question 4
Complete
Mark 0.00 out of 1.00
Flag question
Question text
Within the organizational environment, the security function
should report to an organizational level that
Select one:
a. Provides the internal audit function
b. Is an external operation
c. Has information technology oversight
d. Has autonomy from other levels
Question 5
Complete
Mark 0.00 out of 1.00
Flag question
Question text
Under which condition is an employer permitted to check if
Internet and e-mail services in the workplace are being used for
private purposes?
Select one:
a. The employer is permitted to check this if a firewall is also
installed.
b. The employer is permitted to check this if the employees are
aware that this could happen.
c. The employer is permitted to check this if the employee is
informed after each instance of checking.
Question 6
Complete
Mark 0.00 out of 1.00
Flag question
Question text
Strong authentication is needed to access highly protected
areas. In case of strong authentication the identity of a person
is verified by using three factors. Which factor is verified when
we must show our access pass?
Select one:
a. something you are
b. something you know
c. something you have
Question 7
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Organizations develop change control procedures to ensure
that
Select one:
a. Management is advised of changes made to systems
b. Changes are controlled by the Policy Control Board (PCB)
c. All changes are requested, scheduled, and completed on
time
d. All changes are authorized, tested, and recorded
Question 8
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Which of the following choices is NOT part of a security policy?
Select one:
a. definition of overall steps of information security and the
importance of security
b. definition of general and specific responsibilities for
information security management
c. description of specific technologies used in the field of
information security
d. statement of management intend, supporting the goals and
principles of information security
Question 9
Complete
Mark 1.00 out of 1.00
Flag question
Question text
What is the BEST method for mitigating against network denial
of service (DoS) attacks?
Select one:
a. Employ packet filtering to drop suspect packets
b. Ensure all servers are up-to-date on as patches
c. Implement load balancing for Internet facing devices
d. Implement network address translation to make internal
addresses nonroutable
Question 10
Complete
Mark 1.00 out of 1.00
Flag question
Question text
On the basis of which legislation can someone request to
inspect the data that has been registered about him or her?
Select one:
a. Personal data protection legislation
b. Computer criminality legislation
c. Public records legislation
d. Government information (public access) legislation
Question 11
Complete
Mark 1.00 out of 1.00
Flag question
Question text
A security incident regarding a webserver is reported to a
helpdesk employee. His colleague has more experience on
webservers, so he transfers the case to her. Which term
describes this transfer?
Select one:
a. Functional escalation
b. Hierarchical escalation
Question 12
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Which one of the following is the MAIN goal of a security
awareness program when addressing senior management?
Select one:
a. Provide a vehicle for communicating security procedures
b. Provide a clear understanding of potential risk and exposure
c. Provide a forum for disclosing exposure and risk analysis
d. Provide a forum to communicate user responsibilities
Question 13
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Which of the following describes elements that create reliability
and stability in networks
and systems and which assures that connectivity is accessible
when needed?
Select one:
a. Availability
b. Acceptability
c. Integrity
d. Confidentiality
Question 14
Complete
Mark 0.00 out of 1.00
Flag question
Question text
Which of the following is the MOST relevant metric to include in
an information security quarterly report to the executive
committee?
Select one:
a. Security compliant servers trend report
b. Number of security patches applied
c. Security patches applied trend report
d. Percentage of security compliant servers
Question 15
Complete
Mark 1.00 out of 1.00
Flag question
Question text
You work in the IT department of a medium-sized company.
Confidential information has come into the wrong hands several
times. This has hurt the image of the company. You have been
asked to propose organizational security measures for laptops
at your company. What is the first step that you should take?
Select one:
a. Formulate a policy regarding mobile media (PDAs, laptops,
smartphones, USB sticks)
b. Set up an access control policy 12
c. Encrypt the hard disks of laptops and USB sticks
d. Appoint security personnel
Question 16
Not answered
Marked out of 1.00
Flag question
Question text
Which of the following embodies all the detailed actions that
personnel are required to
follow?
Select one:
a. Procedures
b. Guidelines
c. Standards
d. Baselines
Question 17
Not answered
Question text
Most computer attacks result in violation of which of the
following security properties?
Select one:
a. Availability
b. Confidentiality
c. All of the choices
d. Integrity and control
Question 18
Not answered
Marked out of 1.00
Flag question
Question text
What is the purpose of risk management?
Select one:
a. To determine the probability that a certain risk will occur.
b. To determine the damage caused by possible security
incidents.
c. To outline the threats to which IT resources are exposed.
d. To implement measures to reduce risks to an acceptable
level.
Question 19
Not answered
Marked out of 1.00
Flag question
Question text
Which of the following are objectives of an information systems
security program?
Select one:
a. Threats, vulnerabilities, and risks
b. Integrity, confidentiality, and availability
c. Authenticity, vulnerabilities, and costs
d. Security, information value, and threats
Question 20
Not answered
Marked out of 1.00
Flag question
Question text
A security policy would include all of the following EXCEPT
Select one:
a. enforcement
b. audit requirements
c. background
d. scope statement
Question 21
Not answered
Marked out of 1.00
Flag question
Question text
Within an organization the security officer detects that a
workstation of an employee is infected with malicious software.
The malicious software was installed due to a targeted Phishing
attack. Which action is the most beneficial to prevent such
incidents in the future?
Select one:
a. Implementing MAC technology
b. Start a security awareness program
c. Update the firewall rules
d. Update the signatures of the spamfilter
Question 22
Not answered
Marked out of 1.00
Flag question
Question text
In order to take out a fire insurance policy, an administration
office must determine the value of the data that it manages.
Which factor is not important for determining the value of data
for an organization?
Select one:
a. The content of data.
b. The indispensability of data for the business processes.
c. The importance of the business processes that make use of
the data.
d. The degree to which missing, incomplete or incorrect data
can be recovered.
Question 23
Not answered
Marked out of 1.00
Flag question
Question text
Which of the following is most relevant to determining the
maximum effective cost of
access control?
Select one:
a. management's perceptions regarding data importance
b. the cost to replace lost data
Question text
What is an example of a human threat?
Select one:
a. a lightning strike
b. phishing
c. fire
Question 25
Not answered
Marked out of 1.00
Flag question
Question text
What is the function of a corporate information security policy?
Select one:
a. Define the main security objectives which must be achieved
and the security framework to meet business objectives
b. Issue corporate standard to be used when addressing
specific security problems
c. Issue guidelines in selecting equipment, configuration,
design, and secure operations
d. Define the specific assets to be protected and identify the
specific tasks which must be completed to secure them
Prei Nexus5
Home My courses Tes Bidang INFORMATIKA DAN KOMPUTER
PREI-ETA-005
General Tes Profisiensi Pengetahuan B (25 soal, 15 menit)
dalam Bahasa Inggris
PREI-ETA-005: AHLI
KEAMANAN SISTEM
INFORMASI (Information
System Security
Expert)
vulnerability analysis?
Select one:
a. Defining critical support areas
b. Formal approval of BCP scope and initiation document
c. Quantative loss assessment
d. Qualitative loss assessment
Question 8
Complete
Mark 1.00 out of 1.00
Flag question
Question 11
Complete
Mark 1.00 out of 1.00
Flag question
15
Complete
Mark 0.00 out of 1.00
Flag question
19
Complete
Mark 0.00 out of 1.00
Flag question
A couple of years ago you started your company which has now
grown from 1 to 20 employees.
Your company's information is worth more and more and gone
are the days when you could
keep control yourself. You are aware that you have to take
measures, but what should they be?
You hire a consultant who advises you to start with a qualitative
risk analysis. What is a
qualitative risk analysis?
Select one:
a. This analysis is based on scenarios and situations and
produces a subjective view of the
possible threats.
b. This analysis follows a precise statistical probability
calculation in order to calculate exact
checking.
c. The employer is permitted to check this if a firewall is also
installed.
Question 25
Complete
Mark 1.00 out of 1.00
Flag question
State
Finished
Completed on
Time taken
15 mins 12 secs
Marks
19.00/25.00
Grade
Question 1
Complete
Mark 1.00 out of 1.00
Flag question
Question text
In developing a security awareness program, it is MOST
important to
Select one:
a. Identify weakness in line management support
b. Understand the corporate culture and how it will affect
security
c. Know what security awareness products are available
d. Understand employees preferences for information security
Question 2
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Question text
In order to take out a fire insurance policy, an administration
office must determine the value of the data that it manages.
Which factor is not important for determining the value of data
for an organization?
Select one:
a. The content of data.
b. The indispensability of data for the business processes.
c. The importance of the business processes that make use of
the data.
d. The degree to which missing, incomplete or incorrect data
can be recovered.
Question 4
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Which of the following would be the first step in establishing an
information security
program?
Select one:
a. Development of a security awareness-training program
b. Purchase of security access control software
c. Development and implementation of an information security
standards manual
d. Adoption of a corporate information security policy
statement
Question 5
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Under which condition is an employer permitted to check if
Internet and e-mail services in the workplace are being used for
private purposes?
Select one:
a. The employer is permitted to check this if the employees are
aware that this could happen.
b. The employer is permitted to check this if the employee is
informed after each instance of checking.
c. The employer is permitted to check this if a firewall is also
installed.
Question 6
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Risk is commonly expressed as a function of the
Select one:
a. Likelihood that the harm will occur and its potential impact
b. Computer system-related assets and their costs
c. Systems vulnerabilities and the cost to mitigate
d. Types of countermeasures needed and the system's
vulnerabilities
Question 7
Complete
Mark 1.00 out of 1.00
Flag question
Question text
The computer room is protected by a pass reader. Only the
System Management department has a pass. What type of
security measure is this?
Select one:
a. a physical security measure
b. a repressive security measure
c. a corrective security measure
d. a logical security measure
Question 8
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Who is responsible for raising awareness of the need for
adequate funding for risk action plans?
Select one:
a. Business unit management
b. Chief financial officer (CFO)
Question text
Which of the following embodies all the detailed actions that
personnel are required to
follow?
Select one:
a. Guidelines
b. Baselines
c. Standards
d. Procedures
Question 10
Complete
Mark 1.00 out of 1.00
Flag question
Question text
A desktop computer that was involved in a computer security
incident should be secured as evidence by:
Select one:
a. disabling all local user accounts except for one administrator.
b. disconnecting the computer from all power sources.
c. copying all files using the operating system (OS) to writeonce media.
d. encrypting local files and uploading exact copies to a secure
server.
Question 11
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Which of the following is not a compensating measure for
access violations?
Select one:
a. Business Continuity Planning
b. Backups
c. Insurance
d. Security awareness
Question 12
Complete
Mark 1.00 out of 1.00
Flag question
Question text
How is the purpose of information security policy best
described?
Select one:
a. An information security policy provides direction and support
to the management regarding information security.
b. An information security policy provides insight into threats
and the possible consequences.
c. An information security policy documents the analysis of
risks and the search for countermeasures.
d. An information security policy makes the security plan
concrete by providing it with the necessary details.
Question 13
Not answered
Marked out of 1.00
Flag question
Question text
In an organization, an Information Technology security function
should:
Select one:
a. Be lead by a Chief Security Officer and report directly to the
CEO
b. Be a function within the information systems functions of an
organization
c. Be independent but report to the Information Systems
function
d. Report directly to a specialized business unit such as legal,
corporate security or insurance
Question 14
Complete
Mark 1.00 out of 1.00
Flag question
Question text
A security incident regarding a webserver is reported to a
helpdesk employee. His colleague has more experience on
webservers, so he transfers the case to her. Which term
describes this transfer?
Select one:
a. Hierarchical escalation
b. Functional escalation
Question 15
Complete
Mark 1.00 out of 1.00
Flag question
Question text
What is the goal of classification of information?
Select one:
a. To create a manual about how to handle mobile devices
b. Structuring information according to its sensitivity
c. Applying labels making the information easier to recognize
Question 16
Complete
Mark 1.00 out of 1.00
Flag question
Question text
You are the owner of the courier company SpeeDelivery. You
have carried out a risk analysis and now want to determine
your risk strategy. You decide to take measures for the large
risks but not for the small risks. What is this risk strategy
called?
Select one:
a. Risk bearing
b. Risk neutral
c. Risk avoidance
Question 17
Not answered
Marked out of 1.00
Flag question
Question text
Which of the following is characteristic of decentralized
information security management across a geographically
dispersed organization?
Select one:
a. Better adherence to policies
b. More uniformity in quality of service
c. More savings in total operating costs
d. Better alignment to business unit needs
Question 18
Complete
Mark 0.00 out of 1.00
Flag question
Question text
When developing an information security policy, what is the
FIRST step that should be taken?
Select one:
a. Gain management approval
b. Seek acceptance from other departments
Question text
Organizations develop change control procedures to ensure
that
Select one:
a. Management is advised of changes made to systems
b. All changes are requested, scheduled, and completed on
time
c. Changes are controlled by the Policy Control Board (PCB)
d. All changes are authorized, tested, and recorded
Question 20
Complete
Mark 1.00 out of 1.00
Flag question
Question text
What is 'establishing whether someone's identity is correct'
called?
Select one:
a. Authorization
b. Authentication
c. Identification
Question 21
Not answered
Marked out of 1.00
Flag question
Question text
When conducting a risk assessment, which one of the following
is NOT an acceptable social engineering practice?
Select one:
a. Misrepresentation
b. Subversion
c. Dumpster diving
d. Shoulder surfing
Question 22
Complete
Mark 1.00 out of 1.00
Flag question
Question text
When an organization is using an automated tool to manage
Question text
Which of the following would be best suited to provide
information during a review of the
controls over the process of defining IT service levels?
Select one:
a. Systems Programmer
b. Legal Stuff
c. Business Unit Manager
d. Programmer
Question 24
Not answered
Marked out of 1.00
Flag question
Question text
Which one of the following risk analysis terms characterizes the
absence or weakness of
risk-reducing safegaurd?
Select one:
a. Loss expectancy
b. Probability
c. Vulnerability
d. Threat
Question 25
Complete
Mark 1.00 out of 1.00
Flag question
Question text
Which one of the following is an important characteristic of an
information security policy?
Select one:
a. Requires the identification of information owners
b. Quantifies the effect of the loss of the information
c. Identifies major functional areas of information