Name: Class: Date:

Chapter 01: Introduction to Information Security

/

1. During the early years of computing, the primary threats to security were physical theft of equipment, espionage against
the products of the systems, and sabotage.
a.
b.
ANSWER: T

2. Network security focuses on the protection of the details of a particular operation or series of activities.
a.
b.
ANSWER: F

3. The value of information comes from the characteristics it possesses.

a.
b.
ANSWER: T

4. When a computer is the subject of an attack, it is the entity being attacked.

a.
b.
ANSWER: F

5. An e-mail virus involves sending an e-mail message with a modified field.

a.
b.
ANSWER: F

6. The possession of information is the quality or state of having value for some purpose or end.
a.
b.
ANSWER: F

7. A breach of possession always results in a breach of confidentiality.

a.
b.
ANSWER: F

8. Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.
a.
b.
ANSWER: F

9. Information security can be an absolute.

a.

Cengage Learning Testing, Powered by Cognero Page 1

Name: Class: Date:

Chapter 01: Introduction to Information Security

b.
ANSWER: F

10. To achieve balance — that is, to operate an information system that satisfies the user and the security professional —
the security level must allow reasonable access, yet protect against threats.
a.
b.
ANSWER: T

11. The bottom-up approach to information security has a higher probability of success than the top-down approach.
a.
b.
ANSWER: F

12. Using a methodology increases the probability of success.

a.
b.
ANSWER: T

13. The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
a.
b.
ANSWER: ....

14. The investigation phase of the SecSDLC begins with a directive from upper management.
a.
b.
ANSWER:

15. The physical design is the blueprint for the desired solution.
a.
b.
ANSWER:

16. Many states have implemented legislation making certain computer-related activities illegal.
a.
b.
ANSWER:

17. Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software
attack that requires some degree of application reconstruction.
a.
b.
ANSWER:

Cengage Learning Testing, Powered by Cognero Page 2

Name: Class: Date:

Chapter 01: Introduction to Information Security

18. A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise
in project management and information security technical requirements.
a.
b.
ANSWER: T

19. A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection
of the information.
a.
b.
ANSWER: T

20. The roles of information security professionals are almost always aligned with the goals and mission of
the information security community of interest.
a.
b.
ANSWER: T

Modified /

21. MULTICS stands for Multiple Information and Computing Service.

ANSWER: - F multiplexed information and computing standard

22. According to the CNSS, networking is “the protection of information and its critical elements.”

ANSWER: - F, it is information security

23. Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of
a threat.
ANSWER: -F

24. Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects.

ANSWER: - F it is accuracy

25. When unauthorized individuals or systems can view information, confidentiality is breached.

ANSWER: T

26. Confidentiality ensures that only those with the rights and privileges to access information are able to do so.

ANSWER: F , a v a l i b i l i t y

27. Hardware is the physical technology that houses and executes the software, stores and transports the data, and
provides interfaces for the entry and removal of information from the system.
ANSWER:
T

Cengage Learning Testing, Powered by Cognero Page 3

Name: Class: Date:

Chapter 01: Introduction to Information Security

28. Policies are detailed written instructions for accomplishing a specific task.
ANSWER: - F Procedures

29. Information security can begin as a grassroots effort in which systems administrators attempt to improve the security
of their systems, often referred to as the bottom-up approach.
ANSWER: T

30. Key end users should be assigned to a developmental team, known as the united application development team.

ANSWER: - F

31. Of the two approaches to information security implementation, the top-down approach has a higher probability of
success.
ANSWER: T

32. The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an
information system.
ANSWER: - T

33. The Analysis phase of the SecSDLC begins the methodology initiated by a directive from upper management.

ANSWER: -

34. Risk evaluation is the process of identifying, assessing, and evaluating the levels of risk facing the organization,
specifically the threats to the organization’s security and to the information stored and processed by the organization.

ANSWER: - F- management
35. A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the
technical and nontechnical areas.
ANSWER: T

Multiple Choice

36. is a network project that preceded the Internet.

a. NIST b. ARPANET
c. FIPS d. DES
ANSWER:

37. The famous study entitled “Protection Analysis: Final Report” focused on a project undertaken by ARPA to
understand and detect in operating systems security.
a. Bugs b. Vulnerabilities
c. Malware d. Maintenance hooks
ANSWER:

38. was the first operating system to integrate security as its core functions.
a. UNIX b. DOS

Cengage Learning Testing, Powered by Cognero Page 4

Name: Class: Date:

Chapter 01: Introduction to Information Security

c. MULTICS d. ARPANET
ANSWER:

39. security addresses the issues necessary to protect the tangible items, objects, or areas of an organization
from unauthorized access and misuse.
a. Physical b. Personal
c. Object d. Standard
ANSWER:

40. A server would experience a attack when a hacker compromises it to acquire information from it from a
remote location using a network connection.
a. indirect b. direct
c. software d. hardware
ANSWER:

41. A computer is the of an attack when it is used to conduct an attack against another computer.
a. subject b. object
c. target d. facilitator
ANSWER:

42. of information is the quality or state of being genuine or original.

a. Authenticity b. Spoofing
c. Confidentiality d. Authorization
ANSWER:

43. In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single
number called the value.
a. result b. smashing
c. hash d. code
ANSWER:

44. has become a widely accepted evaluation standard for training and education related to the security of
information systems.
a. NIST SP 800-12 b. NSTISSI No. 4011
c. IEEE 802.11(g) d. ISO 17788
ANSWER:

45. An information system is the entire set of , people, procedures, and networks that make possible the use
of information resources in the organization.
a. software b. hardware
c. data d. All of the above
ANSWER:

46. A methodology for the design and implementation of an information system that is a formal development strategy
is referred to as a .
a. systems design b. development life project
Cengage Learning Testing, Powered by Cognero Page 5
Name: Class: Date:

Chapter 01: Introduction to Information Security

c. systems development life cycle d. systems schema

ANSWER:

47. A variation of n SDLC that can be used to implement information security solutions in an organizations with little
or no formal security in place is the .
a. SecDSLC b. SecSDLC
c. LCSecD d. CLSecD
ANSWER:

48. A type of SDLC where each phase has results that flow into the next phase is called the model.
a. pitfall b. SA&D
c. waterfall d. Method 7
ANSWER:

49. During the phase, specific technologies are selected to support the alternatives identified and evaluated in
the prior phases.
a. investigation b. implementation
c. analysis d. physical design
ANSWER:

50. Which of the following phases is often considered the longest and most expensive phase of the systems development
life cycle?
a. investigation b. logical design
c. implementation d. maintenance and change
ANSWER:

51. Organizations are moving toward more -focused development approaches, seeking to improve not only
the functionality of the systems they have in place, but consumer confidence in their product.
a. security b. reliability
c. accessibility d. availability
ANSWER:

52. Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. dictates what
immediate steps are taken when an attack occurs.
a. Continuity planning b. Incident response
c. Disaster recovery d. Security response
ANSWER:

53. The is the individual primarily responsible for the assessment, management, and implementation of information
security in the organization.
a. ISO b. CIO
c. CISO d. CTO
ANSWER:

54. Which of the following is a valid type of role when it comes to data ownership?
a. Data owners b. Data custodians
Cengage Learning Testing, Powered by Cognero Page 6
Name: Class: Date:

Chapter 01: Introduction to Information Security

c. Data users d. All of the above

ANSWER:

55. People with the primary responsibility for administering the systems that house the information used by the
organization perform the role.
a. Security policy developers b. Security professionals
c. System administrators d. End users
ANSWER:

Completion

56. The history of information security begins with the concept of security.
ANSWER: c o m p u t e r

57. During the early years, information security was a straightforward process composed predominantly of
security and simple document classification schemes.
ANSWER: p h s y s i c a l

58. During the War, many mainframes were brought online to accomplish more complex and
sophisticated tasks so it became necessary to enable the mainframes to communicate via a less cumbersome process than
mailing magnetic tapes between computer centers.
ANSWER: C o l d

59. The Internet brought to virtually all computers that could reach a phone line or an Internet-
connected local area network.
ANSWER:connectivity

60. The CNSS model of information security evolved from a concept developed by the computer security industry known
as the triangle.
ANSWER: CIA
C.I.A.
Confidentiality, Integrity, and Availability

61. A computer is the of an attack when it is the entity being targeted.

ANSWER: o b j e c t

62. enables authorized users — persons or computer systems — to access information without
interference or obstruction and to receive it in the required format.
ANSWER: a v a i l a b i l i t y

63. of information is the quality or state of being genuine or original, rather than a reproduction
or fabrication.
ANSWER: a u t h e n t i c i t y

64. Information has when it is whole, complete, and uncorrupted.

ANSWER: i n t e g r i t y

65. In an organization, the value of of information is especially high when it involves personal
Cengage Learning Testing, Powered by Cognero Page 7
Name: Class: Date:

Chapter 01: Introduction to Information Security

information about employees, customers, or patients.
......
66. ANSWER: The of information is the quality or state of ownership or control of some object or item.
ANSWER: p o s s e s s i o n

67. The component of the IS comprises applications, operating systems, and assorted command
utilities.
ANSWER: s o f t w a r e

68. Software is often created under the constraints of management, placing limits on time, cost,
and manpower.
ANSWER: p r o j e c t

69. A frequently overlooked component of an information system, are the written instructions
for accomplishing a specific task.
ANSWER: p r o c e d u r e s

70. In the approach, the project is initiated by upper-level managers who issue policy,
procedures and processes, dictate the goals and expected outcomes, and determine accountability for each required action.
ANSWER: t o p - d o w n

71. A(n) is a formal approach to solving a problem by means of a structured sequence of

procedures.
ANSWER: t o p - d o w n

72. The phase consists primarily of assessments of the organization, its current systems, and its
capability to support the proposed systems.
73. ANSWER: A(n) information security policy outlines the implementation of a security program within
the organization.
ANSWER: . . . .

74. The senior technology officer is typically the chief officer.

ANSWER: i n f o r m a t i o n

75. A(n) is a group of individuals who are united by similar interests or values within an
organization and who share a common goal of helping the organization to meet its objectives.
ANSWER: c o m m u n i t y o f

interest

Essay

Cengage Learning Testing, Powered by Cognero Page 8