Information Security Controls Quiz
30 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of control is a Computer Incident Response Team (CIRT)?

  • Detection
  • Response (correct)
  • Prevention
  • Protection
  • What is the primary function of authorization?

  • Verifying user identities
  • Scanning for malware
  • Restricting access to system resources (correct)
  • Monitoring network traffic
  • What is the goal of containment in an incident response process?

  • To recover from the incident
  • To eradicate the incident
  • To identify the cause of the incident
  • To prevent further damage from the incident (correct)
  • What is the first step in the attack process used by criminals?

    <p>Learn as much as possible about the target and its vulnerabilities</p> Signup and view all the answers

    What is the primary function of a demilitarized zone (DMZ)?

    <p>To provide a separate network for controlled access to internal systems</p> Signup and view all the answers

    What is not a basic step in an incident response process?

    <p>Patch management</p> Signup and view all the answers

    What is the primary purpose of identifying controls in a risk assessment?

    <p>To mitigate or reduce risk</p> Signup and view all the answers

    A company is considering implementing two control procedures to deal with a identified threat. What should be the primary consideration in deciding which control to implement?

    <p>The cost of implementing the control</p> Signup and view all the answers

    What is the type of computer attack that encrypts data and demands payment in exchange for the decryption key?

    <p>ransomware</p> Signup and view all the answers

    What is the concept of defense-in-depth?

    <p>Implementing multiple layers of security controls</p> Signup and view all the answers

    What is the term for a computer attack that captures data from information items as it travels over networks?

    <p>packet sniffers</p> Signup and view all the answers

    What is the primary purpose of continuous monitoring?

    <p>To detect security incidents</p> Signup and view all the answers

    Which type of computer attack steals contact lists, images, and other data using Bluetooth?

    <p>bluesnarfing</p> Signup and view all the answers

    What is the purpose of verifying the validity of credit or debit card numbers during an online transaction?

    <p>preventive controls</p> Signup and view all the answers

    What should be the primary concern of information security?

    <p>Protecting confidentiality, integrity, and availability of information resources</p> Signup and view all the answers

    What is the primary consideration for a managerial concern in information security?

    <p>Security policies and procedures</p> Signup and view all the answers

    What is the key principle of the COBIT 5 framework?

    <p>ensuring an approach where governance is effectively managed</p> Signup and view all the answers

    What is the term for a type of attack that takes place when you leave your phone's Bluetooth setting as discoverable and someone takes control of your phone and connects it to the Internet?

    <p>bluebugging</p> Signup and view all the answers

    What is the purpose of aligning with other standards at a low level?

    <p>To create a comprehensive framework for IT governance and management</p> Signup and view all the answers

    What is the primary focus of control activities in COSO's internal control model?

    <p>Control activities performed at the management level</p> Signup and view all the answers

    What is the structure of the ERM model developed by COSO?

    <p>A rigid three-dimensional structure with four fixed management objectives</p> Signup and view all the answers

    How does the ERM framework compare to the IC framework?

    <p>The ERM framework is more comprehensive than the IC framework</p> Signup and view all the answers

    Which type of control is superior to others?

    <p>There is no superior type of control</p> Signup and view all the answers

    What can assist management in reconciling the conflict between creativity and control?

    <p>Implementing a belief system that describes how a company creates value</p> Signup and view all the answers

    According to best practices, why should emergency changes be documented?

    <p>To maintain a record of changes made</p> Signup and view all the answers

    What is the purpose of change controls?

    <p>To segregate duties and maintain adequate controls</p> Signup and view all the answers

    What is the most effective way for a firewall to protect the perimeter?

    <p>All of the above are equally effective</p> Signup and view all the answers

    What is the primary risk associated with allowing employees to use personal portable devices to access corporate networks?

    <p>Employees may not consider security when using their devices</p> Signup and view all the answers

    What is the term for modifying default configurations to turn off unnecessary programs and features to improve security?

    <p>Hardening</p> Signup and view all the answers

    What is the term for a decoy system used to provide early warning that an insider or outsider is attempting to search for confidential information?

    <p>Honeypot</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser