11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Home / My courses / UGRD-IT6206A-2333T / MIDTERM EXAM / MIDTERM EXAM

Started on Thursday, 20 June 2024, 12:07 PM

State Finished
Completed on Thursday, 20 June 2024, 2:07 PM
Time taken 2 hours
Marks 35.00/50.00
Grade 70.00 out of 100.00

Question 1
Correct

Mark 1.00 out of 1.00

Email spoofing typically uses an email address that mimics a trusted party, such as a manager, executive or co-worker, and can be
difficult to recognize (especially on mobile devices).

Answer: Business Email Compromise 

Question 2
Incorrect

Mark 0.00 out of 1.00

It supports accountability and therefore are valuable to management and to internal or external auditors.

Answer: internal audit 

Question 3
Correct

Mark 1.00 out of 1.00

They are assigned to the overall responsibility for information security and should include specific organizational roles.

Answer: Executive Management 

about:blank 1/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 4
Correct

Mark 1.00 out of 1.00

It may even affect applications that do not involve communication at all: the risks of interconnection are borne not only by the
applications they benefit, but also by other applications that share the same equipment.

Answer: System interconnection 

Question 5
Correct

Mark 1.00 out of 1.00

It includes environmental controls such as guards, locks, doors, and fences as well as protection against and recovery from fire, flood,
and other natural hazards.

Answer: Physical protection 

Question 6
Correct

Mark 1.00 out of 1.00

Such mechanisms are called discretionary a  by the DOD, and user-directed, identity-based access controls by the
International Organization for Standards.

Question 7
Incorrect

Mark 0.00 out of 1.00

Proper cyber defense training should cover the following: Phishing Aware  , __________, ________, and _________.

about:blank 2/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 8
Correct

Mark 1.00 out of 1.00

It may prevent people from doing unauthorized things but cannot prevent them from doing things that their job functions entitle
them to do.

Answer: Technical measures 

Question 9
Incorrect

Mark 0.00 out of 1.00

A multi-factor authentication (MFA) solution that allows you to use a second factor that you have or have access to when you log in
to your account.

Answer: Authenticator 

Question 10
Correct

Mark 1.00 out of 1.00

An international network of computer systems that has evolved over the last decade, provides electronic mail, file transfer, and
remote log-in capabilities.

Answer: Internet 

Question 11
Incorrect

Mark 0.00 out of 1.00

In these systems (e.g., Bitnet) messages travel lengthy paths through computers in the control of numerous organizations of which
the communicants are largely unaware, and for which message handling is not a central business concern.

Answer: Internet Worm 

about:blank 3/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 12
Correct

Mark 1.00 out of 1.00

The Internet was attacked by a self-replicating program called a worm  .

Question 13
Incorrect

Mark 0.00 out of 1.00

They consolidate various preparing subjects and instructing procedures to help ensure worker readiness and improve their guarded
reactions.

Answer: Security Training 

Question 14
Incorrect

Mark 0.00 out of 1.00

Who developed and launched Internet worm?

Answer: Robert Morris 

Question 15
Correct

Mark 1.00 out of 1.00

It is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system
unavailable.

Answer: Contingency planning 

Question 16
Incorrect

Mark 0.00 out of 1.00

They provide independent assurance to management on the appropriateness of the security objectives.

Answer: Internal audit 

about:blank 4/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 17
Correct

Mark 1.00 out of 1.00

The year when the Internet was attacked by a self-replicating program called a worm that spread within hours to somewhere
between 2,000 and 6,000 computer systems—the precise number remains uncertain. Only systems (VAX and Sun 3) running certain
types of Unix (variants of BSD 4) were affected.

Answer: November 2, 1988 

Question 18
Correct

Mark 1.00 out of 1.00

Ensuring information is disclosed to, and reviewed exclusively by intended recipients/authorized individuals.

Answer: Confidentiality 

Question 19
Correct

Mark 1.00 out of 1.00

The email will normally impersonate a genuine company or person.

Answer: phishing 

Question 20
Correct

Mark 1.00 out of 1.00

It has much in common with a failure that results from faulty equipment, software, or operations.

Answer: security breach 

Question 21
Incorrect

Mark 0.00 out of 1.00

Identity information, financial records, healthcare records, etc. are examples of personally id  .

about:blank 5/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 22
Correct

Mark 1.00 out of 1.00

It is an interdependent collection of components that can be considered as a unified whole.

Answer: system 

Question 23
Correct

Mark 1.00 out of 1.00

A function that has custody of the system/databases, not necessarily belonging to them, for any period of time.

Answer: Data Custodians 

Question 24
Incorrect

Mark 0.00 out of 1.00

They determine access privileges and some security policies.

Answer: User Access Security 

Question 25
Incorrect

Mark 0.00 out of 1.00

The basic principles in preventing breaches of security: confidentiality  , __________, and _______.

about:blank 6/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 26
Incorrect

Mark 0.00 out of 1.00

It might be expected to provide confidentiality if it serves diverse clientele, integrity if it is used as a development environment for
software or engineering designs, and availability to the extent that no one user can monopolize the service and that lost files will be
retrievable.

Answer: time-sharing system 

Question 27
Correct

Mark 1.00 out of 1.00

A system's audit records, often called an audit trail  , have other potential uses besides establishing accountability.

Question 28
Correct

Mark 1.00 out of 1.00

Ensuring the accuracy and completeness of information and processing methods.

Answer: Integrity 

Question 29
Incorrect

Mark 0.00 out of 1.00

Organizations and people that use computers can describe their needs for information security and trust in systems in terms of three
major requirements: confidentiality  , __________, and _________.

Question 30
Correct

Mark 1.00 out of 1.00

Responsible for using resources and preserving availability, integrity, and confidentiality of assets and responsible for adhering to
security policy.

Answer: Users 

about:blank 7/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 31
Correct

Mark 1.00 out of 1.00

It is offered by few computer systems today, although a legal need for it can be foreseen as computer-mediated transactions
become more common in business.

Answer: Nonrepudiation 

Question 32
Correct

Mark 1.00 out of 1.00

The attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for
malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Answer: Phishing 

Question 33
Correct

Mark 1.00 out of 1.00

It determines whether a particular user, who has been authenticated as the source of a request to do something, is trusted for that
operation.

Answer: Authorization 

Question 34
Correct

Mark 1.00 out of 1.00

One of the biggest cyberattacks occur last 2017 .

Answer: WannaCry 

about:blank 8/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 35
Correct

Mark 1.00 out of 1.00

It may check that software has not changed, that file access controls are properly set, that obsolete user accounts have been turned
off, that incoming and outgoing communications lines are correctly enabled, that passwords are hard to guess, and so on.

Answer: Static audit services 

Question 36
Correct

Mark 1.00 out of 1.00

It specifies that important operations cannot be performed by a single person but instead require the agreement of (at least) two
different people.

Answer: separation of duty 

Question 37
Incorrect

Mark 0.00 out of 1.00

It can be fortified by workers being sent fake phishing and malware messages to perceive how they respond, and afterward gave
focused on preparing to the individuals who neglect to react in a safe way.

Answer: phishing test 

Question 38
Correct

Mark 1.00 out of 1.00

It can install keyloggers to capture everything you type, control your webcam/microphone, or send all your data to remote servers
that the criminal controls.

Answer: Malware 

about:blank 9/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

Question 39
Correct

Mark 1.00 out of 1.00

It is an example of a broader class of controls that attempt to specify who is trusted for a given purpose.

Answer: Separation of duty 

Question 40
Incorrect

Mark 0.00 out of 1.00

Planning a security program is somewhat like buying insurance. An organization must consider the following: Threats  ,
_________, _________, _________, and __________.

Question 41
Correct

Mark 1.00 out of 1.00

To ensure availability usually includes responses only to acts of God (e.g., earthquakes) or accidental anthropogenic events (e.g., a
toxic gas leak preventing entry to a facility).

Answer: Traditional contingency planning 

Question 42
Correct

Mark 1.00 out of 1.00

These is the mechanisms and techniques—administrative, procedural, and technical—that are instituted to implement a security
policy.

Answer: Management controls 

about:blank 10/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

about:blank 11/12
11/4/24, 3:26 PM Information Assurance and Security 2 (source 2)

about:blank 12/12