Chapter 1 Quiz Question Bank - CIST1601 - Information Security Fund
Of the two approaches to information security implementation, the top-down approach has a higher probability of success. A) True B) False
A) True
Recently, many states have implemented legislation making certain computer-related activities illegal. A) True B) False
A) True
Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but the confidence of the consumer in their product. A) security B) reliability C) accessability D) availability
A) security
____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. A) Physical B) Personal C) Object D) Standard
A) Physical
A methodology increases the probability of success. A) True B) False
A) True
Confidentiality ensures that only those with the rights and privileges to access information are able to do so. A) True B) False
A) True
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a bottom-up approach. A) True B) False
A) True
____ of information is the quality or state of being genuine or original. A) Authenticity B) Spoofing C) Confidentiality D) Authorization
A) Authenticity
A famous study entitled "Protection Analysis: Final Report" was published in ____. A) 1868 B) 1978 C) 1988 D) 1998
B) 1978
____ is the origin of today's Internet. A) NIST B) ARPANET C) FIPS D) DES
B) ARPANET
____ is the predecessor to the Internet. A) NIST B) ARPANET C) FIPS D) DES
B) ARPANET
A champion is a project manager, who may be a departmental line manager or staff unit manager, and understands project management, personnel management, and information security technical requirements. A) True B) False
B) False
Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction. A) True B) False
B) False
Direct attacks originate from a system or resource that itself has been attacked, and is malfunctioning or working under the control of a threat. A) True B) False
B) False
Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. A) True B) False
B) False
Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects. A) True B) False
B) False
MULTICS stands for Multiple Information and Computing Service. A) True B) False
B) False
Network security focuses on the protection of the details of a particular operation or series of activities. A) True B) False
B) False
Policies are written instructions for accomplishing a specific task. A) True B) False
B) False
The Analysis phase of the SecSDLC begins with a directive from upper management. A) True B) False
B) False
The Security Development Life Cycle (SDLC) is a methodology for the design and implementation of an information system. A) True B) False
B) False
The bottom-up approach to information security has a higher probability of success than the top-down approach. A) True B) False
B) False
The concept of the security artesan is based on the way individuals have perceived systems technologists since computers became commonplace. A) True B) False
B) False
The physical design is the blueprint for the desired solution. A) True B) False
B) False
The possession of information is the quality or state of having value for some purpose or end. A) True B) False
B) False
When a computer is the subject of an attack, it is the entity being attacked. A) True B) False
B) False
Part of the Logical Design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs. A) Continuity planning B) Incident response C) Disaster recovery D) Security response
B) Incident response
The ____ is a methodology for the design and implementation of an information system in an organization. A) DSLC B) SDLC C) LCSD D) CLSD
B) SDLC
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. A) ISO B) CIO C) CISO D) CTO
C) CISO
____ was the first and only operating system created with security as its primary goal. A) UNIX B) DOS C) MULTICS D) ARPANET
C) MULTICS
____ was the first operating system to integrate security as its core functions. A) UNIX B) DOS C) MULTICS D) ARPANET
C) MULTICS
The ____ model consists of 6 general phases. A) pitfall B) 5SA&D C) waterfall D) SysSP
C) waterfall
An Information System is the entire set of ____, people, procedures, and networks necessary to use information as a resource in the organization. A) software B) hardware C) data D) All of the above
D) All of the above
Which of the following is a valid type of data ownership? A) Data owners B) Data custodians C) Data users D) All of the above
D) All of the above