Information Security Fundamentals

Questions and Answers

What are the multiple layers of security that a successful organization should have in place?

• Physical security, personal security, operations security, communications security (correct)
• Financial security, emotional security, network security, information security
• Password security, firewall security, antivirus security, encryption security
• Cybersecurity, data security, internet security, software security

Which of the following is considered a necessary tool for ensuring information security?

• Encryption keys, biometrics, access controls, and CCTV cameras
• Data backups, antivirus software, network monitoring tools, and intrusion detection systems
• Policies, awareness, training, and technology (correct)
• Firewalls, routers, switches, and servers

What are the critical elements protected by information security?

• Hardware only
• Systems and hardware that use, store, and transmit information (correct)
• Software only
• Networking devices only

What does the C.I.A. triangle stand for in the context of information security?

Confidentiality, Integrity, Availability (C)

Which of the following is NOT one of the multiple layers of security in place for a successful organization?

Malware security (D)

What is the primary goal of the Systems Development Life Cycle (SDLC) methodology?

To create a comprehensive security posture or program (A)

Which phase of the SDLC involves identifying the project's goals, constraints, and outcomes?

Investigation (A)

In the Logical Design phase, what aspect of information security is addressed?

Creating blueprints for information security (A)

What is the most important phase of the SDLC, according to the text?

Maintenance and Change (B)

In which phase are security solutions acquired, tested, implemented, and tested again?

Implementation (C)

What is the purpose of performing a feasibility analysis in the Physical Design phase?

To determine whether the project should continue or be outsourced (B)

Which component of information security is considered the weakest link?

People (B)

When a computer is used as an active tool to conduct an attack, it is considered:

The subject of the attack (D)

What type of attack involves compromising a system and using it to attack other systems?

Indirect attack (D)

Which of the following is NOT considered a component of information security?

Firewalls (A)

What is the main target of intentional attacks, according to the text?

Data (C)

Which statement about information security is true, according to the text?

Perfect security is impossible to achieve (A)

What is the responsibility of a Data Custodian?

Ensuring storage, maintenance, and protection of information (C)

Who are Data Users in an organization?

End users who work with information to support the organization's mission (B)

What type of individuals are part of Communities of Interest?

Information security and technology management professionals (D)

When did computer security begin according to the text?

After the development of mainframes (D)

What is the primary goal of successful organizations according to the text?

Having multiple layers of security in place (A)

What does Information Security aim to achieve?

Balanced management of information risks and controls (B)

What is information security described as?

A combination of art and science (C)

What does the text suggest about how information security should be managed in an organization?

It should be managed using a structured methodology like SecSDLC (C)

What does security represent?

A balance between protection and availability (A)

What does the text NOT suggest about information security?

It is a purely technical endeavor (C)

Based on the text, which of the following is true about managing information security?

It should be managed using a structured methodology like SecSDLC (B)

What is the primary consideration when it comes to security?

A balance between protection and availability (C)

Flashcards are hidden until you start studying