Information Security Fundamentals

Questions and Answers

What are the multiple layers of security that a successful organization should have in place?

Physical security, personal security, operations security, communications security (correct)

Financial security, emotional security, network security, information security

Password security, firewall security, antivirus security, encryption security

Cybersecurity, data security, internet security, software security

Which of the following is considered a necessary tool for ensuring information security?

Encryption keys, biometrics, access controls, and CCTV cameras

Data backups, antivirus software, network monitoring tools, and intrusion detection systems

Policies, awareness, training, and technology (correct)

Firewalls, routers, switches, and servers

What are the critical elements protected by information security?

Hardware only

Systems and hardware that use, store, and transmit information (correct)

Software only

Networking devices only

What does the C.I.A. triangle stand for in the context of information security?

Confidentiality, Integrity, Availability

Which of the following is NOT one of the multiple layers of security in place for a successful organization?

Malware security

What is the primary goal of the Systems Development Life Cycle (SDLC) methodology?

To create a comprehensive security posture or program

Which phase of the SDLC involves identifying the project's goals, constraints, and outcomes?

Investigation

In the Logical Design phase, what aspect of information security is addressed?

Creating blueprints for information security

What is the most important phase of the SDLC, according to the text?

Maintenance and Change

In which phase are security solutions acquired, tested, implemented, and tested again?

Implementation

What is the purpose of performing a feasibility analysis in the Physical Design phase?

To determine whether the project should continue or be outsourced

Which component of information security is considered the weakest link?

People

When a computer is used as an active tool to conduct an attack, it is considered:

The subject of the attack

What type of attack involves compromising a system and using it to attack other systems?

Indirect attack

Which of the following is NOT considered a component of information security?

Firewalls

What is the main target of intentional attacks, according to the text?

Data

Which statement about information security is true, according to the text?

Perfect security is impossible to achieve

What is the responsibility of a Data Custodian?

Ensuring storage, maintenance, and protection of information

Who are Data Users in an organization?

End users who work with information to support the organization's mission

What type of individuals are part of Communities of Interest?

Information security and technology management professionals

When did computer security begin according to the text?

After the development of mainframes

What is the primary goal of successful organizations according to the text?

Having multiple layers of security in place

What does Information Security aim to achieve?

Balanced management of information risks and controls

What is information security described as?

A combination of art and science

What does the text suggest about how information security should be managed in an organization?

It should be managed using a structured methodology like SecSDLC

What does security represent?

A balance between protection and availability

What does the text NOT suggest about information security?

It is a purely technical endeavor

Based on the text, which of the following is true about managing information security?

It should be managed using a structured methodology like SecSDLC

What is the primary consideration when it comes to security?

A balance between protection and availability