Bis202 - MCQ TF.pdf

Transcript

Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

116) Which of the following refers to a period of time when a system is unavailable?

A) downtime
B) down MIS
C) data down
D) downtown

117) Which of the following is not an example of unplanned downtime?

A) power outage
B) tornado
C) system upgrade
D) flood

118) Which of the following is a cost of downtime in addition to lost revenue?

A) legal expenses
B) loss in financial performance
C) damage to reputation
D) All of the answers are correct.

119) A company should be able to calculate the cost of downtime by which of the following?

Version 1 40
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) per hour, per day, and per week
B) per employee, per computer, and per company
C) per stock, per stockholder, and per investment capital
D) All of the answers are correct.

120) Which quadrant in the cost of downtime includes equipment rental, overtime costs, and
travel expenses?

A) fiscal responsibility
B) damaged reputation
C) other expenses
D) regeneration

121) Jensen is a senior developer for HackersRUs, a company that helps secure management
information systems. Jensen’s new task is to break into the computer system of one of
HackersRUs’s top clients to identify system vulnerabilities and plug the holes. What type of
hacker is Jensen?

A) cracker
B) white-hat hacker
C) script bunny
D) black-hat hacker

122) Which of the following defines information security?

Version 1 41
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a broad term encompassing the protection of information
B) protects information from accidental misuse
C) protects information from intentional misuse
D) All of the answers are correct.

123) What are experts in technology who use their knowledge to break into computers and
networks for profit or just as a challenge known as?

A) elevation of privilege
B) viruses
C) hackers
D) worms

124) What is a hacker who breaks into other people’s computer systems and may just look
around or steal and destroy information?

A) script-kiddies
B) black-hat hacker
C) white-hat hacker
D) cracker

125) Which of the following is the correct list of the six different types of hackers listed in
your text?

Version 1 42
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) black-hat, crackers, cyberterrorists, hacktivists, script-kiddies, and white-hat
B) black-top, cookie, script-kiddies, environment, web 3.0, and white-top
C) black-hat, script-kiddies, script bats, spider crawlers, ad spiders, and white-hat
D) All of the answers are correct.

126) What is software written with malicious intent to cause annoyance or damage?

A) elevation of privilege
B) spoofing
C) sniffer
D) virus

127) What are malicious attempts to access or damage a computer system?

A) cyberattacks
B) spoofing
C) information attacks
D) information ethics

128) What involves prevention, detection, and response to cyberattacks that can have wide-
ranging effects on the individual, organization, community, and at the national level?

Version 1 43
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) cyberattacks
B) cybersecurity
C) sniffer
D) information attacks

129) What builds the national capacity to defend against cyberattacks and works with the
federal government to provide cyber security tools, incident response services, and assessment
capabilities to safeguard.gov networks?

A) cyberattacks
B) data security
C) Cybersecurity and Infrastructure Security Agency
D) information attacks

130) What includes a variety of threats such as viruses, worms, and Trojan horses?

A) malicious code
B) hoaxes
C) spoofing
D) sniffers

131) What is the forging of the return address on an email so that the email message appears to
come from someone other than the actual sender?

Version 1 44
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) malicious code
B) hoax
C) spoofing
D) sniffer

132) What is a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission?

A) sniffer
B) spyware
C) spoofware
D) splog

133) What is a new ransomware program that encrypts your personal files and demands
payment for the files’ decryption keys?

A) sniffer
B) spyware
C) spoofware
D) simplelocker

134) What is a form of malicious software that infects your computer and asks for money?

Version 1 45
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) sniffer
B) spyware
C) spoofware
D) ransomware

135) What is ransomware?

A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment
for the files’ decryption keys
C) software that allows Internet advertisers to display advertisements without the consent
of the computer user
D) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission

136) What is simplelocker?

A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment
for the files’ decryption keys
C) software that allows Internet advertisers to display advertisements without the consent
of the computer user
D) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission

Version 1 46
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

137) What is adware?

A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment
for the files’ decryption keys
C) software that allows Internet advertisers to display advertisements without the consent
of the computer user
D) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission

138) What is spyware?

A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment
for the files’ decryption keys
C) software that allows Internet advertisers to display advertisements without the consent
of the computer user
D) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission

139) What is the primary difference between a worm and a virus?

A) A worm must attach to something to spread, whereas a virus does not need to attach to
anything to spread and can tunnel itself into the computer.
B) A virus is copied and spread by a person, whereas a worm takes a string of tag words
and deletes websites.
C) A virus must attach to something to spread, whereas a worm does not need to attach to
anything to spread and can tunnel itself into the computer.
D) All of the answers are correct.

Version 1 47
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

140) What is a process by which a user misleads a system into granting unauthorized rights,
usually for the purpose of compromising or destroying the system?

A) elevation of privilege
B) packet tampering
C) spoofing
D) spyware

141) DDoS stands for one of the common forms of viruses that attack multiple computers to
flood a website until it slows or crashes. What does DDoS stand for?

A) data distribution of systems attack
B) data denial-of-software attack
C) distributed data online systems attack
D) distributed denial-of-service attack

142) Which of the following are all common forms of viruses?

A) packet tampering, worms, cakes, and Trojan viruses
B) polymorphic, sniffer, splogs, and denial-of-service viruses
C) backdoor program, worm, and Trojan-horse viruses
D) All of the answers are correct.

Version 1 48
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

143) What is the software called that allows Internet advertisers to display advertisements
without the consent of the computer user?

A) sploging
B) adware
C) spygloss
D) CPU buzzer

144) Who are hackers with criminal intent?

A) crackers
B) black-hat hackers
C) hoaxes
D) cyberterrorists

145) Who are those who seek to cause harm to people or to destroy critical systems or
information and use the Internet as a weapon of mass destruction?

A) white-hat hackers
B) black-hat hackers
C) cyberterrorists
D) script bunnies

146) Which of the following types of viruses spread themselves not just from file to file but
also from computer to computer?

Version 1 49
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) polymorphic virus
B) worm
C) Trojan-horse virus
D) backdoor program

147) What is the one of the most common forms of computer vulnerabilities that can cause
massive computer damage?

A) virus
B) white-hat hackers
C) dumpster diving
D) All of the answers are correct.

148) Which of the following change form as they propagate?

A) backdoor programs
B) strikers
C) polymorphic viruses and worms
D) splogs

149) Which of the following is a computer attack where an attacker accesses a wireless
computer network, intercepts data, uses network services, and/or sends attack instructions
without entering the office or organization that owns the network?

Version 1 50
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) backdoor program
B) drive-by hacking
C) polymorphic virus or worm
D) hacker

150) What is a broad term encompassing the protection of information from accidental or
intentional misuse by persons inside or outside an organization?

A) information security
B) physical security
C) drive-by hacking
D) adware

151) Who is an expert in technology who uses their knowledge to break into computers and
computer networks, either for profit or just motivated by the challenge?

A) information spy
B) hacker
C) spyware
D) adware

152) What is a computer attack where an attacker accesses a wireless computer network,
intercepts data, uses network services, and/or sends attack instructions without entering the office
or organization that owns the network?

Version 1 51
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) spyware
B) hacker
C) drive-by hacking
D) adware

153) What is a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission?

A) spyware
B) hacker
C) drive-by hacking
D) adware

154) What is software that while purporting to serve some useful function and often fulfilling
that function also allows Internet advertisers to display advertisements without the consent of the
computer user?

A) spyware
B) hacker
C) drive-by hacking
D) adware

155) What is spyware?

Version 1 52
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer
networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts
data, uses network services, and/or sends attack instructions without entering the office or
organization that owns the network
D) software that while purporting to serve some useful function and often fulfilling that
function also allows Internet advertisers to display advertisements without the consent of the
computer user

156) What is adware?

A) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer
networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts
data, uses network services, and/or sends attack instructions without entering the office or
organization that owns the network
D) software that while purporting to serve some useful function and often fulfilling that
function also allows Internet advertisers to display advertisements without the consent of the
computer user

157) What is drive-by hacking?

Version 1 53
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer
networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts
data, uses network services, and/or sends attack instructions without entering the office or
organization that owns the network
D) software that while purporting to serve some useful function and often fulfilling that
function also allows Internet advertisers to display advertisements without the consent of the
computer user

158) What is a hacker?

A) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer
networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts
data, uses network services, and/or sends attack instructions without entering the office or
organization that owns the network
D) software that while purporting to serve some useful function and often fulfilling that
function also allows Internet advertisers to display advertisements without the consent of the
computer user

159) Which of the following terms refers to groups of many people whose job is to infiltrate
message boards and comments sections to advance national aims or seed discord and
disharmony?

Version 1 54
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) black-hat hackers
B) cyberterrorists
C) troll farms
D) script bunnies

160) What is it called if a group of people organize and plan to follow a politician’s Twitter
account and bombard it with misinformation or extreme opinions?

A) troll farms
B) botnets
C) black-hat hackers
D) script bunnies

161) What is the primary goal of a troll farm?

A) infiltrate message boards to create discord
B) take control of computer access for ransom
C) look through people’s trash to obtain personal information
D) deface websites as a form of protest

162) What is information security?

Version 1 55
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a broad term encompassing the protection of information from accidental or
intentional misuse by persons inside or outside an organization
B) a special class of adware that collects data about the user and transmits it over the
Internet without the user’s knowledge or permission
C) a computer attack where an attacker accesses a wireless computer network, intercepts
data, uses network services, and/or sends attack instructions without entering the office or
organization that owns the network
D) software that while purporting to serve some useful function and often fulfilling that
function also allows Internet advertisers to display advertisements without the consent of the
computer user

163) What is a crowdsourcing initiative that rewards individuals for discovering and reporting
software bugs?

A) bug bounty program
B) malware
C) scareware
D) ransomware

164) What is software that is intended to damage or disable computers and computer systems?

A) bug bounty program
B) malware
C) scareware
D) ransomware

Version 1 56
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

165) What is a type of malware designed to trick victims into giving up personal information
to purchase or download useless and potentially dangerous software?

A) bug bounty program
B) malware
C) scareware
D) ransomware

166) What is a form of malicious software that infects your computer and asks for money?

A) bug bounty program
B) malware
C) scareware
D) ransomware

167) What is a bug bounty program?

A) a crowdsourcing initiative that rewards individuals for discovering and reporting
software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to
purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money

168) What is malware?

Version 1 57
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a crowdsourcing initiative that rewards individuals for discovering and reporting
software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to
purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money

169) What is scareware?

A) a crowdsourcing initiative that rewards individuals for discovering and reporting
software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to
purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money

170) What is ransomware?

A) a crowdsourcing initiative that rewards individuals for discovering and reporting
software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to
purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money

Version 1 58
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

171) What are the first two lines of defense a company should take when addressing security
risks?

A) technology first, customers second
B) technology first, people second
C) innovation first, technology second
D) people first, technology second

172) Which of the following represents the biggest problem of information security breaches?

A) people misusing organizational information
B) technology failures
C) customers misusing organizational systems
D) company departments missing sales goals

173) Angela works for an identity protection company that maintains large amounts of
sensitive customer information such as usernames, passwords, personal information, and Social
Security numbers. Angela and a coworker decide to use the sensitive information to open credit
cards in a few of her customer’s names. This is a classic example of which of the following
security breaches?

A) social engineer
B) insider
C) spammer
D) dumpster diver

Version 1 59
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

174) What is it called when you use your social skills to trick people into revealing access
credentials or other valuable information?

A) social engineering
B) social media
C) social viruses
D) social processes

175) What is it called when a hacker looks through your trash to find personal information?

A) striker bunny
B) dumpster diving
C) trash retrieval
D) approved consent

176) What is a form of social engineering in which one individual lies to obtain confidential
data about another individual?

A) dumpster texting
B) dumpster diving
C) trash retrieval
D) pretexting

177) What are malicious agents designed by spammers and other Internet attackers to farm
email addresses off websites or deposit spyware on machines?

Version 1 60
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) dumpster texting
B) dumpster diving
C) trash retrieval
D) destructive agents

178) What is pretexting?

A) a form of social engineering in which one individual lies to obtain confidential data
about another individual
B) when a hacker looks through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment
and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email
addresses off websites or deposit spyware on machines

179) What is dumpster diving?

A) a form of social engineering in which one individual lies to obtain confidential data
about another individual
B) a hacker looking through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment
and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email
addresses off websites or deposit spyware on machines

180) What are insiders?

Version 1 61
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a form of social engineering in which one individual lies to obtain confidential data
about another individual
B) a hacker looking through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment
and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email
addresses off websites or deposit spyware on machines

181) What are destructive agents?

A) a form of social engineering in which one individual lies to obtain confidential data
about another individual
B) hackers looking through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment
and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email
addresses off websites or deposit spyware on machines

182) Working at a ski resort in the mountains has its own unique security issues. Kenny is the
chief information officer for Sundance Ski Resort, and he is faced with both physical and
information security threats every month. Since the resort implemented a new software system,
they have been having larger number of threats and breaches of company information. He
suspects that an internal employee may be causing this. He needs to clarify and establish what
type of plan to help reduce further problems?

A) information security plan
B) ethical information policy
C) antivirus plan
D) None of the answer choices are correct.

Version 1 62
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

183) eBay is an example of an online company that has been faced with numerous security
issues. For example, imagine you purchase a digital camera on eBay. Three months later, you
might receive an email asking you to log in to the system to update your credit card or PayPal
information. This email is not actually from eBay, and as soon as you log in, your information
will be stolen. What type of information security breach would you consider this to be?

A) an insider
B) dumpster diving
C) social engineering
D) phishing

184) Which of the following is an example of a way to maintain information security that a
company should include in their information security policies?

A) requiring computer users to log off before leaving for lunch
B) never sharing user or password information with anyone
C) changing passwords every 30 to 60 days
D) All of the answers are correct.

185) Janet is a financial aid counselor at a local community college, and she shares an office
with three coworkers. Janet feels safe in her office environment and frequently leaves her
username and password on a sticky note next to her computer. Without realizing it, Janet is
creating the potential for which type of information security breach to occur?

Version 1 63
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) insiders to hack into the college system
B) dumpster diving to find usernames and passwords
C) viruses and worms to spread through the college system
D) All of the answers are correct.

186) Applications allowed to be placed on the corporate network, such as IM software, and
corporate computer equipment used for personal reasons on personal networks are two areas that
should be addressed by managers in which of the following company policies?

A) information ethics policy
B) information security policy
C) Information technology plan
D) All of the answers are correct.

187) Which of the following represents the three areas where technology can aid in the defense
against information security attacks?

A) authentication and authorization, prevention and resistance, prevention and response
B) authentication and authorization, prevention and response, detection and response
C) analyzing and authenticating, prevention and repositioning, detection and response
D) authentication and authorization, prevention and resistance, detection and response

188) What is the forging of someone’s identity for the purpose of fraud?

Version 1 64
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) identity crisis
B) identity theft
C) ediscovery
D) All of the answers are correct.

189) What is the use of a false identity to artificially stimulate demand for a product, brand, or
service?

A) personally identifiable information (PII)
B) astroturfing
C) sensitive PII
D) sock puppet marketing

190) What includes any data that could potentially identify a specific individual?

A) personally identifiable information (PII)
B) nonsensitive PII
C) astroturfing
D) sock puppet marketing

191) What is information transmitted without encryption and includes information collected
from public records, phone books, corporate directories, or websites?

Version 1 65
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) astroturfing
B) nonsensitive PII
C) sensitive PII
D) sock puppet marketing

192) What is information transmitted with encryption and, when disclosed, results in a breach
of an individual’s privacy and can potentially cause the individual harm?

A) astroturfing
B) nonsensitive PII
C) sensitive PII
D) sock puppet marketing

193) What is sensitive PII?

A) any data that could potentially identify a specific individual
B) information transmitted without encryption and includes information collected from
public records, phone books, corporate directories, websites, etc.
C) information transmitted with encryption and, when disclosed, results in a breach of an
individual’s privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or
service

194) What is nonsensitive PII?

Version 1 66
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) any data that could potentially identify a specific individual
B) information transmitted without encryption and includes information collected from
public records, phone books, corporate directories, websites, etc.
C) information transmitted with encryption and, when disclosed, results in a breach of an
individual’s privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or
service

195) What is personally identifiable information (PII)?

A) any data that could potentially identify a specific individual
B) information transmitted without encryption and includes information collected from
public records, phone books, corporate directories, websites, etc.
C) information transmitted with encryption and, when disclosed, results in a breach of an
individual’s privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or
service

196) What is sock puppet marketing?

A) any data that could potentially identify a specific individual
B) the practice of artificially stimulating online conversation and positive reviews about a
product, service, or brand
C) information transmitted with encryption and, when disclosed, results in a breach of an
individual’s privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or
service

Version 1 67
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

197) What is astroturfing?

A) any data that could potentially identify a specific individual
B) the practice of artificially stimulating online conversation and positive reviews about a
product, service, or brand
C) information transmitted with encryption and, when disclosed, results in a breach of an
individual’s privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or
service

198) Imagine you accidentally mistype the URL for your bank and you are redirected to a fake
website that collects your information. What type of identity theft were you just a victim of with
this attack?

A) pharming
B) worm holes
C) phishing
D) insider hacking

199) What area of information security focuses on preventing identity theft, phishing, and
pharming scams?

A) prevention and resistance
B) detection and authorizing
C) detection and response
D) authentication and authorization

Version 1 68
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

200) What is the process that provides a user with permission including access levels and
abilities such as file access, hours of access, and amount of allocated storage space?

A) pharming
B) authentication
C) authorization
D) programming

201) What is a method for confirming users’ identities?

A) phishing
B) authentication
C) authorization
D) programming

202) The most secure procedures combine which of the following authentication and
authorization techniques?

A) something the user knows, such as a user ID and password
B) something the user has, such as a smart card or token
C) something that is part of the user, such as a fingerprint or voice signature
D) All of the answers are correct.

Version 1 69
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

203) A smart card is a device the size of a credit card that contains embedded technology that
stores information and small amounts of software and can act as a(n)

A) identification instrument.
B) form of digital cash.
C) data storage device.
D) All of the answers are correct.

204) The best and most effective way to manage authentication is through

A) smart technology card.
B) tokens.
C) biometrics.
D) passwords.

205) Which of the following is not considered a form of biometrics?

A) iris scan
B) password
C) fingerprint
D) handwriting

206) Which of the following is the main drawback of biometrics?

Version 1 70
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) it is considered illegal
B) it is viewed as an invasion of privacy
C) it can be costly and intrusive
D) it requires constant monitoring and upgrading

207) How do prevention and resistance technologies stop intruders from accessing and reading
sensitive information?

A) content filtering, encryption, and firewalls
B) calculating, locking, and firewalls
C) content prohibiting and cookies
D) All of the answers are correct.

208) Which of the following occurs when organizations use software that filters content, such
as email, to prevent the accidental or malicious transmission of unauthorized information?

A) antivirus software
B) content filtering
C) encryption
D) firewalls

209) What prevention technique scrambles information into an alternative form that requires a
key or password to decrypt?

Version 1 71
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) encryption
B) content filtering
C) firewalls
D) antivirus software

210) What can encryption technology perform?

A) switching the order of characters
B) replacing characters with other characters
C) inserting or removing characters
D) All of the answers are correct.

211) What type of encryption technology uses multiple keys, one for public and one for
private?

A) private key encryption
B) policy key encryption
C) public key encryption
D) protective key code

212) What is a data file that identifies individuals or organizations online and is comparable to
a digital signature?

Version 1 72
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) digital code
B) digital sign
C) digital certificate
D) digital card

213) Charles Mott works for a company called VeriSign that acts a trusted third party to verify
information. One of Charles’ largest clients is CheckMd, which holds and authenticates customer
reviews of doctors and dentists online. Having a third party validating the reviews is critical to
CheckMd’s success. What type of authentication technique is VeriSign providing for CheckMD?

A) firewall
B) certificate authority
C) online certificate
D) digital content certificate

214) What is hardware or software that guards a private network by analyzing incoming and
outgoing information for the correct markings?

A) firewall
B) certificate authority
C) online certificate
D) digital certificate

215) Which of the following protection techniques scans and searches hard drives to prevent,
detect, and remove known viruses, adware, and spyware?

Version 1 73
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) firewall
B) digital certificate
C) virus software
D) antivirus software

216) What must you do with antivirus software to make it protect effectively?

A) never upgrade or change vendors
B) download a portable button for it to activate
C) frequently update it to protect against viruses
D) All of the answers are correct.

217) Which of the following systems is designed with full-time monitoring tools that search
for patterns in network traffic to identify intruders and to protect against suspicious network
traffic that attempts to access files and data?

A) interconnected data software (IDS)
B) intrusion detection software (IDS)
C) security information system (SIS)
D) Internet detection scanner (IDS)

218) What is the most secure type of authentication?

Version 1 74
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) something the user knows such as a user ID and password
B) something the user has such as a smart card or token
C) something that is part of the user such as a fingerprint or voice signature
D) All of the answers are correct.

219) What is a device that is around the same size as a credit card and contains embedded
technologies that can store information and small amounts of software to perform some limited
processing?

A) token
B) password
C) smart card
D) biometrics

220) What is the identification of a user based on a physical characteristic, such as a
fingerprint, iris, face, voice, or handwriting?

A) smart card
B) token
C) biometrics
D) content filtering

221) Which of the following is considered a type of biometrics?

Version 1 75
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) voice
B) face
C) iris
D) All of the answers are correct.

222) What is a set of measurable characteristics of a human voice that uniquely identifies an
individual?

A) voiceprint
B) face
C) iris
D) All of the answers are correct.

223) What is single-factor authentication?

A) the traditional security process, which requires a username and password
B) requires the user to provide two means of authentication: what the user knows
(password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows
(password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris,
face, voice or handwriting

224) What is multifactor authentication?

Version 1 76
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) the traditional security process, which requires a username and password
B) requires the user to provide two means of authentication: what the user knows
(password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows
(password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris,
face, voice or handwriting

225) What is two-factor authentication?

A) the traditional security process, which requires a username and password
B) requires the user to provide two means of authentication: what the user knows
(password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows
(password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris,
face, voice or handwriting

226) What gathers an organization’s computer network traffic patterns to identify unusual or
suspicious operations?

A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage

Version 1 77
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

227) What includes individuals who seek notoriety or want to make a social or political point
such as WikiLeaks?

A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage

228) What includes governments that are after some form of information about other
governments?

A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage

229) What is the use of computer and networking technologies against persons or property to
intimidate or coerce governments, individuals, or any segment of society to attain political,
religious, or ideological goals?

A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage

230) What is the traditional security process that requires a username and password?

Version 1 78
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) single-factor authentication
B) two-factor authentication
C) multifactor authentication
D) counter measures

231) What requires more than two means of authentication such as what the user knows
(password), what the user has (security token), and what the user is (biometric verification)?

A) single-factor authentication
B) two-factor authentication
C) multifactor authentication
D) counter measures

232) What requires the user to provide two means of authentication: what the user knows
(password) and what the user has (security token)?

A) single-factor authentication
B) two-factor authentication
C) multifactor authentication
D) counter measures

233) What are actions, processes, devices, or systems that can prevent, or mitigate the effects
of, threats to a computer, server, or network?

Version 1 79
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) single-factor authentication
B) two-factor authentication
C) multifactor authentication
D) counter measures

234) What are biometrics?

A) the traditional security process, which requires a username and password
B) requires the user to provide two means of authentication: what the user knows
(password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows
(password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris,
face, voice or handwriting

235) Which of the following authentication methods is 100 percent accurate?

A) smart card
B) fingerprint authentication
C) user ID
D) No authentication method is 100 percent accurate.

236) Where do organizations typically place firewalls?

Version 1 80
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) between a personal computer and the server
B) between a personal computer and a printer
C) between the server and the content filtering software
D) between the server and the Internet

237) What is the category of computer security that addresses the protection of data from
unauthorized disclosure and confirmation of data source authenticity?

A) information secrecy
B) phishing
C) phishing expedition
D) spear phishing

238) What is a technique to gain personal information for the purpose of identity theft, usually
by means of fraudulent emails that look as though they came from legitimate businesses?

A) pharming
B) phishing
C) phishing expedition
D) spear phishing

239) What is a masquerading attack that combines spam with spoofing?

Version 1 81
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) pharming
B) phishing
C) phishing expedition
D) spear phishing

240) What is a phone scam that attempts to defraud people by asking them to call a bogus
telephone number to “confirm” their account information?

A) pharming
B) phishing
C) phishing expedition
D) vishing

241) What reroutes requests for legitimate websites to false websites?

A) pharming
B) phishing
C) phishing expedition
D) spear phishing

242) What is information secrecy?

Version 1 82
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) the category of computer security that addresses the protection of data from
unauthorized disclosure and confirmation of data source authenticity
B) a technique to gain personal information for the purpose of identity theft, usually by
means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular
person or organization

243) What is phishing?

A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by
means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular
person or organization

244) What is a phishing expedition?

A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by
means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular
person or organization

Version 1 83
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

245) What is spear phishing?

A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by
means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular
person or organization

246) What is vishing?

A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by
means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phone scam that attempts to defraud people by asking them to call a bogus telephone
number to “confirm” their account information

247) What is pharming?

A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by
means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phone scam that attempts to defraud people by asking them to call a bogus telephone
number to “confirm” their account information

Version 1 84
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

248) What reroutes requests for legitimate websites to false websites?

A) zombie
B) zombie farm
C) pharming attack
D) pharming

249) What is a program that secretly takes over another computer for the purpose of launching
attacks on other computers?

A) zombie
B) zombie farm
C) pharming attack
D) time bomb

250) What is a group of computers on which a hacker has planted zombie programs?

A) zombie
B) zombie farm
C) pharming attack
D) time bomb

251) What uses a zombie farm, often by an organized crime association, to launch a massive
phishing attack?

Version 1 85
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) zombie
B) zombie farm
C) pharming attack
D) time bomb

252) What are computer viruses that wait for a specific date before executing their
instructions?

A) zombies
B) zombie farms
C) pharming attacks
D) time bombs

253) What is a data file that identifies individuals or organizations online and is comparable to
a digital signature?

A) digital certificate
B) encryption
C) decryption
D) cryptography

254) What scrambles information into an alternative form that requires a key or password to
decrypt?

Version 1 86
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) digital certificate
B) encryption
C) decryption
D) cryptography

255) What decodes information?

A) digital certificate
B) encryption
C) decryption
D) cryptography

256) What is the science that studies encryption, which is the hiding of messages so that only
the sender and receiver can read them?

A) digital certificate
B) encryption
C) decryption
D) cryptography

257) Ethics and security are two fundamental building blocks for all organizations.

true

X
⊚
⊚ false

Version 1 87
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

310) Troll farms are groups of many people whose job is to infiltrate message boards and
comments sections to advance national aims or seed discord and disharmony.

⊚ true
⊚ false
X
311) Botnets are groups of people whose job infiltrate message boards to advance national
aims or seed discord and disharmony.

X
⊚ true
⊚ false

312) Downtime refers to a period of time when a system is unavailable, and unplanned
downtime can strike at any time for various reasons.

⊚ true
⊚ false

313) Drive-by hacking is a computer attack where an attacker accesses a wireless computer
network, intercepts data, uses network services, and/or sends attack instructions without entering
the office or organization that owns the network.

Version 1 102
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

⊚ true
⊚ false

314) White-hat hackers break into other people’s computer systems and may just look around
or may steal and destroy information.

⊚ true
⊚ false

315) Black-hat hackers work at the request of the system owners to find system vulnerabilities
and plug the holes.

⊚ true
⊚ false

316) Ransomware is a form of malicious software that infects your computer and asks for
money.

⊚ true
⊚ false

Version 1 103
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

317) Simplelocker is a new ransomware program that encrypts your personal files and
demands payment for the files’ decryption keys.

⊚ true
⊚ false

318) A worm is a form of malicious software that infects your computer and asks for money.

⊚ true
⊚ false

319) A worm spreads itself not only from file to file but also from computer to computer.

⊚ true
⊚ false

320) Script-kiddies have criminal intent when hacking.

⊚ true
⊚ false

Version 1 104
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

321) Cyberterrorists seek to cause harm to people or to destroy critical systems or information
and use the Internet as a weapon of mass destruction.

⊚ true
⊚ false

322) White-hat hackers have philosophical and political reasons for breaking into systems and
will often deface the website as a protest.

⊚ true
⊚ false

323) Script-kiddies or script-bunnies find hacking code on the Internet and click-and-point
their way into systems to cause damage or spread viruses.

⊚ true
⊚ false

324) The primary difference between a virus and a worm is that a virus must attach to
something, such as an executable file, to spread. Worms do not need to attach to anything to
spread and can tunnel themselves into computers.

⊚ true
⊚ false

Version 1 105
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

325) Backdoor programs change their form as they propagate.

⊚ true
⊚ false

326) Backdoor programs open a way into the network for future attacks.

⊚ true
⊚ false

327) A denial-of-service attack (DoS) floods a website with so many requests for service that
it slows down or crashes the site.

⊚ true
⊚ false

328) Legitimate users who purposely or accidentally misuse their access to the environment
and cause some kind of business-affecting incident are called insiders.

⊚ true
⊚ false

Version 1 106
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

329) Insiders are illegitimate users who purposely or accidentally misuse their access to the
environment to do business.

⊚ true
⊚ false

330) Information security policies detail how an organization will implement the information
security plan.

⊚ true
⊚ false

331) Dumpster diving is another security breach for companies and is where people not
associated with the company jump into the company’s outside garbage bins and try to gather and
steal any valuable company products they can resell on eBay.

⊚ true
⊚ false

332) Organizations address security risks through two lines of defense: The first is people and
the second is technology.

Version 1 107
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

⊚ true
⊚ false

333) Pretexting is a form of social engineering in which one individual lies to obtain
confidential data about another individual.

⊚ true
⊚ false

334) Ransomware is a form of social engineering in which one individual lies to obtain
confidential data about another individual.

⊚ true
⊚ false

335) Through social engineering, hackers use their social skills to trick people into revealing
access credentials or other valuable information.

⊚ true
⊚ false

Version 1 108
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

336) Through pretexting, hackers use their social skills to trick people into revealing access
credentials or other valuable information.

⊚ true
⊚ false

337) The three primary information security areas are (1) authentication and authorization, (2)
policies and rewards, and (3) detection and response.

⊚ true
⊚ false

338) Tokens are small electronic devices that change user passwords automatically.

⊚ true
⊚ false

339) The technique to gain personal information for the purpose of identity theft, often through
fraudulent emails that look as though they came from legitimate businesses, is called phishing.

⊚ true
⊚ false

Version 1 109
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

340) A process of providing a user with permission including access levels and abilities such
as file access, hours of access, and amount of allocated storage space is called authentication.

⊚ true
⊚ false

341) One of the most ineffective ways to set up authentication techniques is by setting up user
IDs and passwords.

⊚ true
⊚ false

342) Biometrics is the identification of a user based on a physical characteristic, such as a
fingerprint, iris, face, voice, or handwriting.

⊚ true
⊚ false

343) A firewall scrambles information into an alternative form that requires a key or password
to decrypt.

⊚ true
⊚ false

Version 1 110
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

344) Identity theft is the forging of someone’s identity for the purpose of fraud.

⊚ true
⊚ false

345) Identity theft is the category of computer security that addresses the protection of data
from unauthorized disclosure and confirmation of data source authenticity.

⊚ true
⊚ false

346) A phishing expedition is a masquerading attack that combines spam with spoofing. The
perpetrator sends millions of spam emails that appear to be from a respectable company. The
emails contain a link to a website that is designed to look exactly like the company’s website.
The victim is encouraged to enter his or her username, password, and sometimes credit card
information.

⊚ true
⊚ false

Version 1 111
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

347) Spear phishing is a phishing expedition in which the emails are carefully designed to
target a particular person or organization.

⊚ true
⊚ false

348) Spear phishing is a phone scam that attempts to defraud people by asking them to call a
bogus telephone number to “confirm” their account information.

⊚ true
⊚ false

349) Phishing reroutes requests for legitimate websites to false websites.

⊚ true
⊚ false

350) A zombie is a program that secretly takes over another computer for the purpose of
launching attacks on other computers. Zombie attacks are almost impossible to trace back to the
attacker.

⊚ true
⊚ false

Version 1 112
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

351) A zombie farm is a group of computers on which a hacker has planted zombie programs.

⊚ true
⊚ false

352) A pharming attack uses of a zombie farm, often by an organized crime association, to
launch a massive phishing attack.

⊚ true
⊚ false

353) Worms are computer viruses that wait for a specific date before executing their
instructions.

⊚ true
⊚ false

354) Time bombs are computer viruses that wait for a specific date before executing their
instructions.

⊚ true
⊚ false

Version 1 113
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

355) Decrypting information is to decode it and is the opposite of encrypting.

⊚ true
⊚ false

356) Cryptography is the science that studies encryption, which is the hiding of messages so
that only the sender and receiver can read them.

⊚ true
⊚ false

357) A certificate authority is a trusted third party, such as VeriSign, that validates user
identities by means of digital certificates.

⊚ true
⊚ false

358) A certificate authority is a data file that identifies individuals or organizations online and
is comparable to a digital signature.

⊚ true
⊚ false

Version 1 114
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

359) A voiceprint is a data file that identifies individuals or organizations online and is
comparable to a digital signature.

⊚ true
⊚ false

360) A voiceprint is a set of measurable characteristics of a human voice that uniquely
identifies an individual. These characteristics, which are based on the physical configuration of a
speaker’s mouth and throat, can be expressed as a mathematical formula. Unfortunately,
biometric authentication such as voiceprints can be costly and intrusive.

⊚ true
⊚ false

361) Single-factor authentication is the traditional security process, which requires a username
and password.

⊚ true
⊚ false

Version 1 115
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

362) Two-factor authentication requires the user to provide two means of authentication: what
the user knows (password) and what the user has (security token).

⊚ true
⊚ false

363) Multifactor authentication requires more than two means of authentication such as what
the user knows (password), what the user has (security token), and what the user is (biometric
verification).

⊚ true
⊚ false

364) Multifactor authentication is the traditional security process, which requires a username
and password.

⊚ true
⊚ false

365) Single-factor authentication requires more than two means of authentication such as what
the user knows (password), what the user has (security token), and what the user is (biometric
verification).

⊚ true
⊚ false

Version 1 116
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

366) Single-factor authentication requires the user to provide two means of authentication:
what the user knows (password) and what the user has (security token).

⊚ true
⊚ false

367) The goal of multifactor authentication is to make it difficult for an unauthorized person to
gain access to a system because if one security level is broken, the attacker will still have to
break through additional levels.

⊚ true
⊚ false

Version 1 117
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

5) Explain the three components of a sustainable MIS infrastructure along with their
business benefits.

6) What is an information MIS infrastructure?

A) identifies where and how important information, such as customer records, is
maintained and secured
B) includes the hardware, software, and telecommunications equipment that, when
combined, provides the underlying foundation to support the organization’s goals
C) identifies ways that a company can grow in terms of computing resources while
simultaneously becoming less dependent on hardware and energy consumption
D) includes the plans for how a firm will build, deploy, use, and share its data, processes
and MIS assets

Version 1 2
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

7) What is an agile MIS infrastructure?

A) identifies where and how important information, such as customer records, is
maintained and secured
B) includes the hardware, software, and telecommunications equipment that, when
combined, provides the underlying foundation to support the organization’s goals
C) identifies ways that a company can grow in terms of computing resources while
simultaneously becoming less dependent on hardware and energy consumption
D) includes the plans for how a firm will build, deploy, use, and share its data, processes
and MIS assets

8) What is a sustainable MIS infrastructure?

A) identifies where and how important information, such as customer records, is
maintained and secured
B) includes the hardware, software, and telecommunications equipment that, when
combined, provides the underlying foundation to support the organization’s goals
C) identifies ways that a company can grow in terms of computing resources while
simultaneously becoming less dependent on hardware and energy consumption
D) includes the plans for how a firm will build, deploy, use, and share its data, processes
and MIS assets

9) What is an MIS infrastructure?

Version 1 3
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) identifies where and how important information, such as customer records, is
maintained and secured
B) includes the hardware, software, and telecommunications equipment that, when
combined, provides the underlying foundation to support the organization’s goals
C) infrastructure identifies ways that a company can grow in terms of computing
resources while simultaneously becoming less dependent on hardware and energy consumption
D) includes the plans for how a firm will build, deploy, use, and share its data, processes
and MIS assets

10) Who is a person who is grounded in technology, fluent in business, and able to provide
the important bridge between MIS and the business?

A) MIS Infrastructure manager
B) MIS specialist
C) enterprise architect
D) enterprise manager

11) Which of the following is a benefit of a solid MIS infrastructure?

A) reduces costs
B) improves productivity
C) optimizes business operations
D) All of the answers are correct.

12) What is the difference between hardware and software?

Version 1 4
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) Hardware is the physical devices associated with a computer system, whereas
software is the instructions the hardware executes to carry out tasks.
B) They are both specific forms of clients.
C) Hardware executes the instructions to carry out tasks, whereas software is the physical
devices associated with a computer system.
D) All of the answers are correct.

13) What consists of the physical devices associated with a computer system?

A) hardware
B) software
C) client
D) server

14) What is the set of instructions the hardware executes to carry out specific tasks?

A) hardware
B) software
C) client
D) server

15) What is a communications system created by linking two or more devices and
establishing a standard methodology in which they can communicate?

Version 1 5
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) network
B) software
C) client
D) server

16) What is a computer designed to request information from a server?

A) hardware
B) software
C) client
D) server

17) What is a computer dedicated to providing information in response to requests?

A) hardware
B) software
C) client
D) server

18) What is hardware?

Version 1 6
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) consists of the physical devices associated with a computer system
B) the set of instructions the hardware executes to carry out specific tasks
C) a computer designed to request information from a server
D) a computer dedicated to providing information in response to requests

19) What is software?

A) consists of the physical devices associated with a computer system
B) the set of instructions the hardware executes to carry out specific tasks
C) a computer designed to request information from a server
D) a computer dedicated to providing information in response to requests

20) What is a network?

A) consists of the physical devices associated with a computer system
B) the set of instructions the hardware executes to carry out specific tasks
C) a computer designed to request information from a server
D) a communications system created by linking two or more devices and establishing a
standard methodology in which they can communicate

21) What is a client?

Version 1 7
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) consists of the physical devices associated with a computer system
B) the set of instructions the hardware executes to carry out specific tasks
C) a computer designed to request information from a server
D) a computer dedicated to providing information in response to requests

22) What is a server?

A) consists of the physical devices associated with a computer system
B) the set of instructions the hardware executes to carry out specific tasks
C) a computer designed to request information from a server
D) a computer dedicated to providing information in response to requests

23) John works for Internal Computer Specialists, which focuses on helping small business
owners resolve MIS infrastructure issues. John’s tasks include cleaning and replacing
motherboards, cables, and internal components such as hard drives. What does John’s role at
Internal Computer Specialists focus on fixing?

A) hardware
B) clients
C) backup
D) recovery

Version 1 8
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

24) Jessica started her own online company that specializes in selling items for bachelorette
parties, wedding parties, and baby showers. Due to the fact that she only operates online, her
MIS infrastructure needs to be fast, efficient, and accurate to ensure the best possible experience
for her customers. Which of the following is a critical component in Jessica’s MIS infrastructure?

A) hardware and software
B) clients
C) server
D) All of the answers are correct.

25) What are the three business functions an MIS infrastructure supports?

A) operations, change, and the environment/sustainability
B) operations, customers, and ewaste
C) information, clients, and viruses
D) information, change, and business continuity planning

26) Which of the following include the three components of an MIS infrastructure?

A) information, aggregated, and sustainable MIS infrastructures
B) information, operational, and changing MIS infrastructures
C) information, agile, and sustainable MIS infrastructures
D) varies depending on the industry

27) Which characteristics support an agile MIS infrastructure?

Version 1 9
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) accessibility, availability, maintainability, portability, reliability, scalability, and
usability
B) backup and recovery plan, disaster recovery plan, and business continuity planning
C) grid computing, cloud computing, and virtualization
D) storage, network, and server virtualization

28) Which characteristics support a sustainable MIS infrastructure?

A) accessibility, availability, maintainability, portability, reliability, scalability, and
usability
B) backup and recovery plan, disaster recovery plan, and business continuity planning
C) grid computing, cloud computing, and virtualization
D) storage, network, and server virtualization

29) Which characteristics support an information MIS infrastructure?

A) accessibility, availability, maintainability, portability, reliability, scalability, and
usability
B) backup and recovery plan, disaster recovery plan, and business continuity planning
C) grid computing, cloud computing, and virtualization
D) storage, network, and server virtualization

30) Grid computing, cloud computing, and virtualization are all elements of a(n) ________
Blank MIS infrastructure.

Version 1 10
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) agile
B) sustainable
C) information
D) virtualized

31) Accessibility, availability, maintainability, portability, reliability, scalability, and
usability are all elements of a(n)________ MIS infrastructure.

A) agile
B) sustainable
C) information
D) virtualized

32) Backup and recovery plan, disaster recovery plan, and business continuity planning are
all elements of a(n) ________ Blank MIS infrastructure.

A) agile
B) sustainable
C) information
D) virtualized

33) A(n) ________ Blank MIS infrastructure identifies ways that a company can grow in
terms of computing resources while simultaneously becoming less dependent on hardware and
energy consumption.

Version 1 11
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) sustainable
B) information
C) virtualized
D) agile

34) What type of MIS infrastructure identifies where and how important information, such as
customer records, is maintained and secured?

A) sustainable
B) information
C) virtualized
D) agile

35) What type of MIS infrastructure includes the hardware, software, and
telecommunications equipment that, when combined, provides the underlying foundation?

A) information
B) virtualized
C) agile
D) sustainable

36) Francis works in the human resources division of a large oil and gas company in Texas.
Francis’s tasks include maintaining payroll and vacation records, employment histories, and
benefit information along with ensuring the security of all sensitive employee information.
Which MIS infrastructure is most important to Francis?

Version 1 12
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) information MIS infrastructure
B) agile MIS infrastructure
C) sustainable MIS infrastructure
D) virtualized MIS infrastructure

37) The information MIS infrastructure supports the day-to-day business operations and plans
for

A) security breaches and theft.
B) floods and earthquakes.
C) malicious Internet attacks.
D) All of the answers are correct.

38) Each year, businesses lose time and money because of system crashes and failures.
Which of the following offers the best way to protect a system from crashes and failures?

A) backup and recovery plan
B) fault tolerance
C) failover
D) All of the answers are correct.

39) Which of the following describes the difference between a backup plan and a recovery
plan?

Version 1 13
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) Recovery is an exact copy of a system’s information, whereas backup is the ability to
get a system up and running in the event of a system crash or failure.
B) Backup is mandatory, whereas recovery is optional.
C) Backup is an exact copy of a system’s information, whereas recovery is the ability to
get a system up and running in the event of a system crash or failure.
D) Recovery is mandatory, whereas backup is optional.

40) What occurs when a redundant storage server offers an exact replica of the real-time data
and, if the primary server crashes, the users are automatically directed to a secondary server?

A) failover
B) disaster recovery cost curve
C) reliability
D) maintainability

41) What occurs when a primary machine recovers and resumes operations, taking over from
a secondary server?

A) failback
B) disrupted communications
C) warm site
D) hot site

42) What has the ability to recover information or systems in the event of catastrophic
disasters?

Version 1 14
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) recovery
B) disaster recovery
C) backup
D) failback

43) Shawn works at the local electrical company in Nampa, ID, which provides electricity to
the entire city of Boise. This area is prone to floods, high winds, and tornados. As the lead
enterprise architect on the night shift, Shawn has been asked to suggest ways the company can
protect its information MIS infrastructure. Shawn notices that the company does not have the
ability for its systems to respond to unexpected failures or crashes and lacks a backup system that
can automatically take over without a loss of service to Boise residents. What should Shawn
recommend his company implement?

A) accessibility
B) Moore’s law
C) antivirus software
D) fault tolerance

44) What creates a way for a company to recover and restore partially or completely
interrupted critical functions within a predetermined time after a disaster or extended disruption?

A) disaster recovery plan
B) disaster recovery cost curve
C) business continuity planning
D) emergency notification system

Version 1 15
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

45) What is the ability to get a system up and running in the event of a system crash or failure
that includes restoring the information backup?

A) failure tolerance
B) recovery
C) reliability
D) capacity planning

46) What type of backup method does a thumb drive offer?

A) low cost, high speed
B) low cost, low speed
C) high cost, high speed
D) All of the answers are correct.

47) What question below would a company need to answer when first establishing a backup
and recovery plan?

A) What types of storage mechanism will meet the needs of the company?
B) How often does the company need to backup its information?
C) What types of recovery systems does the company infrastructure need?
D) All of the answers are correct.

48) Which of the following is an effect a company could experience because of a disaster
such as a fire, flood, or hurricane?

Version 1 16
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) disrupted communications
B) damaged physical infrastructures
C) halted transportation
D) All of the answers are correct.

49) To combat disasters, a company can create a ________ that details the process for
recovering information or a system in the event of a catastrophic disaster.

A) disaster recovery plan
B) database lookup initiative
C) management recovery plan
D) tornado threat plan

50) Among the sites that support disaster recovery, a ________ is a separate facility that does
not have any computer equipment but is a place where employees can move after a disaster.

A) hot site
B) cold site
C) warm site
D) All of the answers are correct.

51) Among the sites that support disaster recovery, a ________ is a separate and fully
equipped facility where the company can move immediately after a disaster and resume business.

Version 1 17
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) hot site
B) cold site
C) warm site
D) disaster site

52) Among the sites that support disaster recovery, a ________ is a separate facility with
computer equipment that requires installation and configuration.

A) hot site
B) cold site
C) warm site
D) disaster site

53) What is a hot site?

A) a separate and fully equipped facility where the company can move immediately after
a disaster and resume business
B) a separate facility that does not have any computer equipment but is a place where
employees can move after a disaster
C) a separate facility with computer equipment that requires installation and
configuration
D) a detailed process for recovering information or a system in the event of a catastrophic
disaster

54) What is a cold site?

Version 1 18
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a separate and fully equipped facility where the company can move immediately after
a disaster and resume business
B) a separate facility that does not have any computer equipment but is a place where
employees can move after a disaster
C) a separate facility with computer equipment that requires installation and
configuration
D) a detailed process for recovering information or a system in the event of a catastrophic
disaster

55) What is a warm site?

A) a separate and fully equipped facility where the company can move immediately after
a disaster and resume business
B) a separate facility that does not have any computer equipment but is a place where
employees can move after a disaster
C) a separate facility with computer equipment that requires installation and
configuration
D) a detailed process for recovering information or a system in the event of a catastrophic
disaster

56) What is a disaster recovery plan?

Version 1 19
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) a separate and fully equipped facility where the company can move immediately after
a disaster and resume business
B) a separate facility that does not have any computer equipment but is a place where
employees can move after a disaster
C) a separate facility with computer equipment that requires installation and
configuration
D) a detailed process for recovering information or a system in the event of a catastrophic
disaster

57) What charts the cost to the company of the unavailability of information and technology
and the cost to the company of recovering from a disaster over time?

A) disaster organizational cost analysis
B) disaster recovery improvements
C) disaster financial costs
D) disaster recovery cost curve

58) What is a more comprehensive and all-encompassing plan that details how a company
recovers and restores critical business operations and systems after a disaster or extended
disruption?

A) business continuity plan
B) database management plan
C) incident recovery plan
D) emergency recovery plan

Version 1 20
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

59) What is an infrastructure built for notifying people in the event of an emergency?

A) business operational plan
B) business continuity plan
C) emergency notification service
D) emergency continuity plan

60) What are the different options for how an emergency notification service can be
deployed?

A) through the firm’s own infrastructure
B) by an outside service provider on company premises
C) by an outside service provider hosted remotely
D) All of the answers are correct.

61) Which of the following is an example of an emergency notification system?

A) radio stations’ occasional tests of the national alert system
B) wireless alerts for promotional discounts
C) text messages from your local grocery store
D) All of the answers are correct.

62) What is a sudden, unexpected event requiring immediate action due to potential threat to
health and safety, the environment, or property?

Version 1 21
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) emergency
B) preparedness
C) impact analysis
D) technology failure

63) What ensures a company is ready to respond to an emergency in an organized, timely,
and effective manner?

A) technology success
B) emergency preparedness
C) business impact analysis
D) technology failure

64) What identifies all critical business functions and the effect that a specific disaster may
have upon them?

A) emergence
B) emergency preparedness
C) business impact analysis
D) technology failure

65) What occurs when the ability of a company to operate is impaired because of a hardware,
software, or data outage?

Version 1 22
Sara Notes 36825484 ‫يحرم على اي شخص بيع او تداول النوتات بعد الشراء‬

A) technology success
B) technology preparedness
C) business impact analysis
D) technology failure

66) What contains all of the details of an incident?

A) technology failure
B) incident record
C) incident management
D) technology recovery strategy

67) What occurs when the ability of a company to operate is impaired because of