1. What are the goals of an information security program?
A. Authorization, integrity, and confidentiality
B. Availability, authorization, and integrity
C. Availability, integrity, and confidentiality
D. Availability, integrity, and safeguards
E. Access control, confidentiality, and safeguards
2. An employee can add other employees to the payroll database. The same person also can change all employee salaries and print payroll checks for all employees. What safeguard should you implement to make sure that this employee does not engage in wrongdoing?
A. Need to know
B. Access control lists
C. Technical safeguards
D. Mandatory vacation
E. Separation of duties
3. An organization obtains an insurance policy against cybercrime. What type of risk response is this?
A. Risk mitigation
B. Residual risk
C. Risk elimination
D. Risk transfer
E. Risk management
4. Which of the following is an accidental threat?
A. A backdoor into a computer system
B. A hacker
C. A well-meaning employee who inadvertently deletes a file
D. An improperly redacted document
E. A poorly written policy
5. What is the window of vulnerability?
A. The period between the discovery of a vulnerability and mitigation of the vulnerability
B. The period between the discovery of a vulnerability and exploiting the vulnerability
C. The period between exploiting a vulnerability and mitigating the vulnerability
D. The period between exploiting a vulnerability and eliminating the vulnerability
E. A broken window
6. A technical safeguard is also known as a ________.
7. Which of the following is not a threat classification?
A. Human
B. Natural
C. Process
D. Technology and operational
E. Physical and environmental
8. What information security goal does a DoS attack harm?
A. Confidentiality
B. Integrity
C. Authentication
D. Availability
E. Privacy
9. Which of the following is an example of a model for implementing safeguards?
A. ISO/IEC 27002
B. NIST SP 80-553
C. NIST SP 800-3
D. ISO/IEC 20072
E. ISO/IEC 70022
10. Which of the following is not a type of security safeguard?
A. Corrective
B. Preventive
C. Detective
D. Physical
E. Defective
11. It is hard to safeguard against which of the following types of vulnerabilities?
A. Information leakage
B. Flooding
C. Buffer overflow
D. Zero-day
E. Hardware failure
12. What are the classification levels for the U.S. national security information?
A. Public, sensitive, restricted
B. Confidential, secret, top secret
C. Confidential, restricted, top secret
D. Public, secret, top secret
E. Public, sensitive, secret
13. Which safeguard is most likely violated if a system administrator logs into an administrator user account in order to surf the internet and download music files?
A. Need to know
B. Access control
C. Least privilege principle
D. Using best available path
E. Separation of duties
14. Which of the following are vulnerability classifications?
A. People
B. Process
C. Technology
D. Facility
E. All of these are correct.
15. What is a mantrap?
A. A method to control access to a secure area
B. A removable cover that allows access to underground utilities
C. A logical access control mechanism
D. An administrative safeguard
E. None of these is correct.