Information Security Quiz
24 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of attack involves the attacker altering system resources?

  • Direct attack
  • Indirect attack
  • Active attack (correct)
  • Passive attack
  • The rule stating that students are not allowed to bring cell phones into the exam hall is an example of what?

  • Security mechanism
  • Security service
  • Security Policy (correct)
  • Security Council
  • Which of the following constitutes the three pillars of information security?

  • Confidentiality, integrity, availability (correct)
  • Risk assessment, policy enforcement, monitoring
  • Authentication, availability, access control
  • Encryption, auditing, restoration
  • What is ransomware known for?

    <p>Encrypting data on computers and servers</p> Signup and view all the answers

    At which layer in the information security transformation framework is the NESSUS tool primarily used?

    <p>Vulnerability management</p> Signup and view all the answers

    Which standard/framework is specific to a particular type of industry?

    <p>PCI.DSS</p> Signup and view all the answers

    Which of the following is not a challenge of information security?

    <p>Widespread internet access</p> Signup and view all the answers

    What is the primary function of the next-generation firewall?

    <p>Positioning it at the network perimeter and entrance to the data center</p> Signup and view all the answers

    What is the primary purpose of a patch?

    <p>To fix security vulnerabilities and bugs</p> Signup and view all the answers

    Which type of testing involves actively attempting to exploit vulnerabilities?

    <p>Penetration testing</p> Signup and view all the answers

    What is the first step in an effective patch management process?

    <p>Establish baseline IT assets inventory</p> Signup and view all the answers

    After TCP port scanning in Qualys Guard, which test is performed to identify the operating system?

    <p>OS detection</p> Signup and view all the answers

    Who is responsible for implementing security controls under the Security Transformation Model?

    <p>IT teams</p> Signup and view all the answers

    What is the significance of validating security controls?

    <p>To confirm that controls are being used correctly</p> Signup and view all the answers

    Which of the following factors can contribute to insecure software?

    <p>Complexity</p> Signup and view all the answers

    Which activity is NOT performed during the accreditation process?

    <p>Install software</p> Signup and view all the answers

    What are the four layers of the transformation model in sequence?

    <p>Security hardening, vulnerability management, security engineering, security governance</p> Signup and view all the answers

    Which percentage of organizations in Pakistan have been found to have a deficient security posture?

    <p>90%</p> Signup and view all the answers

    If a system enters into which state, it indicates a security violation?

    <p>Unsecure</p> Signup and view all the answers

    Which factor is identified as part of a deficient program structure leading to security failures?

    <p>Ineffective Information Security Management Committee (ISMC)</p> Signup and view all the answers

    The PCI data security standard applies to which type of organizations?

    <p>All companies that accept, process, store, or transmit credit card data</p> Signup and view all the answers

    What is the maximum trial period offered by Nessus scanner?

    <p>30 days</p> Signup and view all the answers

    Which solution can be implemented to reduce spoofed or modified emails from valid addresses?

    <p>Domain-based message authentication</p> Signup and view all the answers

    How many steps are involved in a policy compliance scan of Qualys?

    <p>Four</p> Signup and view all the answers

    Study Notes

    Security

    • Active attack alters system resources
    • Passive attack observes system without altering
    • Direct attack targets the system directly
    • Indirect attack affects system indirectly

    Exam Policies

    • Students are not allowed to bring cell phones to exams; This is an example of a security policy.

    Pillars of Information Security

    • Confidentiality, Integrity, Availability

    Ransomware

    • A type of attack encrypting data on computers and servers.

    Nessus Tool

    • Used in security engineering for security analysis
    • Used in vulnerability management
    • Used in security hardening

    Effective Security Program Management

    • Security governance is the effective management of security programs
    • Security engineering is the design of secure systems
    • Vulnerability management is identifying and mitigating vulnerabilities
    • Security hardening is the process of making systems more secure

    Information Security Standards

    • ISO27002.2013 is a general standard
    • COBIT is a standard for IT management and governance
    • PCI DSS is a standard for the payment card industry
    • ISO27001.2013 applies to all industries

    Information Security Challenges

    • Lack of budget and insufficient resources
    • Highly specialized and continually evolving technology
    • Cloud and internet of things (IoT) issues
    • Lack of ownership and inconsistent security practices

    Information Security Life Cycle

    • There are 6 to 7 steps in the information security life cycle

    Cyber Security Strategy & Framework

    • Malaysia is regionally well developed in cyber security strategies and frameworks; ranks 2nd or 3rd.

    Resource Security

    • Access control prevents unauthorized resource usage

    Firewall Placement

    • Next generation firewalls are placed at the network perimeter and at the entrance to the data center.

    Mobile Security

    • Mobile technology leads to time wastage and distractions
    • Traditional security perimeters no longer exist because of mobile devices
    • User locations can be tracked from mobile devices
    • Apps downloaded via mobile devices can be harmful

    Data Protection in VMs

    • Protect sensitive data in VMs by encrypting data stored on virtual and cloud servers

    Small Business Security Challenges

    • A lack of funding for data centers can be a challenge for small-sized organizations in security

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Test your knowledge on information security concepts, including types of attacks, security frameworks, and tools. This quiz covers pivotal topics like ransomware, firewalls, and patch management, essential for understanding modern cybersecurity practices.

    More Like This

    Use Quizgecko on...
    Browser
    Browser