ITN 267 MIDTERM 1-7 AND FINAL 1-10
1. 1. The main goal of information security is to protect:
A. non-public personally identifiable information
B. confidentiality, integrity, and availability
C. personal health data and biometrics
D. financial data of public entities:
AnswerB Reference: p 4
2. 2. All of the following are true with respect to cryptography except:
A. hides information so unauthorized persons can't access it
B. preserves confidentiality
C. only used today by health care providers to protect health care data
D. were used by the military to protect confidential communications:
AnswerC Reference: p 5
,3. 3. is the process of reviewing known vulnerabilities and
threats.
A. Risk avoidance
B. Risk mitigation
C. Risk analysis
D. Risk engineering:
AnswerC Reference: p 16
4. 4. What is the process of applying safeguards to avoid a negative impact?
A. risk mitigation
B. risk transfer
C. risk analysis
D. risk avoidance:
AnswerD Reference: p 16
5. 5. refers to applying safeguards designed to lower risks to a
,level deemed acceptable but without eliminating such risks.
A. Residual risk
B. Risk avoidance
C. Risk mitigation
D. Risk transfer:
AnswerC Reference: p 16
, 6. 6. means that only people with the right permission can access and
use information.
A. Authorized agent
B. Confidentiality
C. Integrity
D. Encryption:
AnswerB Reference: p 5
7. 7. All of the following are ways to protect confidentiality except:
A. encryption
B. access controls
C. passwords
D. shoulder surfing:
AnswerD Reference: p 6
1. 1. The main goal of information security is to protect:
A. non-public personally identifiable information
B. confidentiality, integrity, and availability
C. personal health data and biometrics
D. financial data of public entities:
AnswerB Reference: p 4
2. 2. All of the following are true with respect to cryptography except:
A. hides information so unauthorized persons can't access it
B. preserves confidentiality
C. only used today by health care providers to protect health care data
D. were used by the military to protect confidential communications:
AnswerC Reference: p 5
,3. 3. is the process of reviewing known vulnerabilities and
threats.
A. Risk avoidance
B. Risk mitigation
C. Risk analysis
D. Risk engineering:
AnswerC Reference: p 16
4. 4. What is the process of applying safeguards to avoid a negative impact?
A. risk mitigation
B. risk transfer
C. risk analysis
D. risk avoidance:
AnswerD Reference: p 16
5. 5. refers to applying safeguards designed to lower risks to a
,level deemed acceptable but without eliminating such risks.
A. Residual risk
B. Risk avoidance
C. Risk mitigation
D. Risk transfer:
AnswerC Reference: p 16
, 6. 6. means that only people with the right permission can access and
use information.
A. Authorized agent
B. Confidentiality
C. Integrity
D. Encryption:
AnswerB Reference: p 5
7. 7. All of the following are ways to protect confidentiality except:
A. encryption
B. access controls
C. passwords
D. shoulder surfing:
AnswerD Reference: p 6
