MIS

Which of the following is not a purpose of data classification?

Back-up and recovery

Which of the following is not a COBIT 5 principle?

Combining governance and management

"Erroneous actions taken by individuals in the course of executing their everyday responsibilities." is an adversarial threat source.

False

0.5 points Identity and Access Management is to enable the right people to access all resources.

False

All identifiable/detectable risks to a system can be removed.

False

All organizations categorize the data sensitivity levels into 3 levels: High, Medium, and low.

False

COBIT framework is designed to provide detailed-level of information security guidelines.

False

Errors and Omissions is an adversarial threat source.

False

Identity and Access Management concerns only authentication and does not concern authorization.

False

Information assurance does not include the authenticity of the data.

False

Information assurance means that the security measures will work absolutely as intended.

False

Logic Bomb is another name for Trojan Horse.

False

Natural disaster is an adversarial threat source.

False

Per NIST, CIO (Chief Information Officer) should participate in information security management, but, CEO (Chief Executive Officer) should not.

False

Risk analysis is a business related operation and does not concern information security.

False

Single sign-on is one of the authorization techniques.

False

Structured data raise more security risks than unstructured data, because structured data are more useful.

False

The key purpose for evaluating risks is to protect the business's profits and does not concern information security.

False

Unstructured data are generally considered as useless data.

False

Worm is another name for Ransomware.

False

Which of the following is a true statement

In a nutshell, authentication is dividing access into levels.

Which of the following is a correct statement?

Information itself does not have ethics

Which of the following is not considered as a malicious hacker?

Inside threat

Which of the following is a correct statement? 3

Integrating software assurance in the software development cycle is one of the recommended methods in improving the application security.

In a business that handles sensitive information, which authorization technique is recommended?

Mandatory access control

Which of the following is not a recommended secure application design principle?

Most common mechanism

Which of the following is an example of structured data?

Relational database

The key issue associated with the unstructured data is

Security

Which of the following is a true statement? 2

Social engineering relies on the human interaction to influence an individual to divulge confidential information.

Which of the following is an example of unstructured data?

Text message

Which of the following is a true statement?

To comply with data privacy regulations is one of reasons for data classification.

Information Security has the largest share of the data classification market.

True

Information security management includes risk management.

True

Information security's primary focus is the protection of the confidentiality, integrity and availability of data.

True

Loss of the physical support is a non-adversarial threat source.

True

Per NIST, one of the information security elements is to assess and monitor information security regularly.

True

Risk to a system can never be completely eliminated.

True

The two categories of access controls are physical access control and information access control.

True

There are two categories of threat sources: adversarial and non-adversarial

True