ISA 3100 Exam 1 Prep Questions With
Complete Answers
The ____ is the individual primarily responsible for the assessment,
management, and implementation of information security in the organization. -
ANSWER CISO
Which of the following phases of the SDLC is often considered the longest and
most expensive phase of the systems development life cycle? - ANSWER
maintenance and change
__________ of information is the quality or state of being genuine or original. -
ANSWER Authenticity
__________ security addresses the issues necessary to protect the tangible
items, objects, or areas of an organization from unauthorized access and
misuse. - ANSWER Physical
Computer hardware is seldom the most valuable asset possessed by an
organization.
TRUE
FALSE - ANSWER TRUE
Information has redundancy when it is free from mistakes or errors and it has
the value that the end user expects.
TRUE
FALSE - ANSWER FALSE
The value of information comes from the characteristics it possesses.
FALSE
TRUE - ANSWER TRUE
An organizational resource that is being protected is sometimes logical, such as
a Web site, software information, or data; or is sometimes physical, such as a
person, computer system, hardware, or other tangible object. Collectively all of
these things are known as a(n) ___________. - ANSWER asset
When dealing with computerized information, a breach of possession will result
in a breach of confidentiality.
, TRUE
FALSE - ANSWER FALSE
Indirect attacks originate from a compromised system or resource that is
malfunctioning or working under the control of a threat.
FALSE
TRUE - ANSWER TRUE
____ is any technology that aids in gathering information about a person or
organization without their knowledge. - ANSWER Spyware
The ____________________ hijacking attack uses IP spoofing to enable an attacker
to impersonate another entity on the network. - ANSWER TCP
In a ____________________ attack, the attacker sends a large number of
connection or information requests to disrupt a target from many locations at
the same time. - ANSWER distributed denial-of-service
"4-1-9" fraud is an example of a ____________________ attack. - ANSWER social
engineering
A worm requires that another program is running before it can begin
functioning.
FALSE
TRUE - ANSWER FALSE
When voltage levels lag (experience a momentary increase), the extra voltage
can severely damage or destroy equipment. _________________________
FALSE
TRUE - ANSWER FALSE
A worm may be able to deposit copies of itself onto all Web servers that the
infected system can reach, so that users who subsequently visit those sites
become infected.
FALSE
TRUE - ANSWER TRUE
____________________ is the premeditated, politically motivated attacks against
information, computer systems, computer programs, and data which result in
violence against noncombatant targets by subnational groups or clandestine
agents. - ANSWER cyberterrorism
Complete Answers
The ____ is the individual primarily responsible for the assessment,
management, and implementation of information security in the organization. -
ANSWER CISO
Which of the following phases of the SDLC is often considered the longest and
most expensive phase of the systems development life cycle? - ANSWER
maintenance and change
__________ of information is the quality or state of being genuine or original. -
ANSWER Authenticity
__________ security addresses the issues necessary to protect the tangible
items, objects, or areas of an organization from unauthorized access and
misuse. - ANSWER Physical
Computer hardware is seldom the most valuable asset possessed by an
organization.
TRUE
FALSE - ANSWER TRUE
Information has redundancy when it is free from mistakes or errors and it has
the value that the end user expects.
TRUE
FALSE - ANSWER FALSE
The value of information comes from the characteristics it possesses.
FALSE
TRUE - ANSWER TRUE
An organizational resource that is being protected is sometimes logical, such as
a Web site, software information, or data; or is sometimes physical, such as a
person, computer system, hardware, or other tangible object. Collectively all of
these things are known as a(n) ___________. - ANSWER asset
When dealing with computerized information, a breach of possession will result
in a breach of confidentiality.
, TRUE
FALSE - ANSWER FALSE
Indirect attacks originate from a compromised system or resource that is
malfunctioning or working under the control of a threat.
FALSE
TRUE - ANSWER TRUE
____ is any technology that aids in gathering information about a person or
organization without their knowledge. - ANSWER Spyware
The ____________________ hijacking attack uses IP spoofing to enable an attacker
to impersonate another entity on the network. - ANSWER TCP
In a ____________________ attack, the attacker sends a large number of
connection or information requests to disrupt a target from many locations at
the same time. - ANSWER distributed denial-of-service
"4-1-9" fraud is an example of a ____________________ attack. - ANSWER social
engineering
A worm requires that another program is running before it can begin
functioning.
FALSE
TRUE - ANSWER FALSE
When voltage levels lag (experience a momentary increase), the extra voltage
can severely damage or destroy equipment. _________________________
FALSE
TRUE - ANSWER FALSE
A worm may be able to deposit copies of itself onto all Web servers that the
infected system can reach, so that users who subsequently visit those sites
become infected.
FALSE
TRUE - ANSWER TRUE
____________________ is the premeditated, politically motivated attacks against
information, computer systems, computer programs, and data which result in
violence against noncombatant targets by subnational groups or clandestine
agents. - ANSWER cyberterrorism
