Question: Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well.
Answer Options:
Answer: True
Question: Many organizations outsource their network security operations to a company that monitors, manages, and maintains computer and network security for them. This type of company is known as which of the following?
Answer Options:
Answer: managed security service provider
Question: A network attack in which an intruder gains access to a network and stays there, undetected, with the intention of stealing data over a long period of time is known as which of the following?
Answer Options:
Answer: APT
Question: Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.
Answer Options:
Answer: True
Question: The focus of the 2002 Homeland Security Act is to provide financial incentives to software companies to improve their security measures.
Answer Options:
Answer: False
Question: Which of the following should be the first step in developing a security policy for a company?
Answer Options:
Answer: Identifying the company’s information assets
Question: The Sarbanes-Oxley Act requires that all publicly traded companies implement information systems to ensure that their financial data is accurate and secure.
Answer Options:
Answer: True
Question: Which of the following is an example of a technical control used to secure information systems?
Answer Options:
Answer: Firewalls
Question: Which of the following statements about firewalls is not true?
Answer Options:
Answer: Firewalls are an effective means of protecting a network from all types of attacks.
Question: Social engineering attacks involve manipulating people into performing actions or divulging confidential information.
Answer Options:
Answer: True
Question: Which of the following is a key advantage of using cloud computing for IT services?
Answer Options:
Answer: Reduced operational costs
Question: Which of the following types of encryption uses the same key for both encryption and decryption?
Answer Options:
Answer: Symmetric encryption
Question: Which of the following best describes a Denial of Service (DoS) attack?
Answer Options:
Answer: Disruption of access to or operation of a service or network
Question: Which of the following is the primary goal of an intrusion detection system (IDS)?
Answer Options:
Answer: To detect and alert on potential security breaches
Question: Which of the following is a legal requirement for organizations to protect the privacy and security of personal information?
Answer Options:
Answer: GDPR
Question: Which term is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been able to repair it?
Answer Options:
Answer: zero-day attack
Question: Computer forensics is such a new field that there is little training or certification processes available to practitioners.
Answer Options:
Answer: False
Question: Which of the following concepts recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved?
Answer Options:
Answer: reasonable assurance