ISM 4220 EXAM 2 QUESTIONS AND ANSWERS
Any use of IT resources that exceeds the authorization granted by the owner is known
as? - Answers - hacking
Which is the only valid reason for attacking your own production network? - Answers -
proactive penetration testing
All use of computational resources in excess of authorization is known as? - Answers -
hacking
The key in analysis of defense products is to focus on finding _______. - Answers -
weakest link
Balancing cost of protection with cost of breach / data is known as? - Answers - risk
analysis
One of the lessons from the Target breach is that security is a _____ not a product. -
Answers - process
What was the first step in the target hack? - Answers - spear phishing
Do most IT security measures still work if physical security is compromised? (yes or no)
- Answers - no
In proper network segmentation practices, what is the common name for the area used
for servers that have public facing services? - Answers - demilitarized zones (dmz)
In the "Plan-Protect-______ cycle", the most resources should be spent on the
protection phase. - Answers - respond
Fraudulent emails sent to users in an attempt to get information or compromise their
system is known as ______. - Answers - phishing
The practice of using mathematics to hide, protect, or jumble information in a way that it
can be recovered again in the right conditions? - Answers - cryptography
Any software with evil intentions is known as: - Answers - malware
Compliance regulations are starting to mandate comprehensive visibility and control
over individual employee access to and permissions on all resources. These policies,
controls and systems are all part of ______. - Answers - access control
What style of permissions is recommended that users are granted when access is
needed? - Answers - least permissions
Any use of IT resources that exceeds the authorization granted by the owner is known
as? - Answers - hacking
Which is the only valid reason for attacking your own production network? - Answers -
proactive penetration testing
All use of computational resources in excess of authorization is known as? - Answers -
hacking
The key in analysis of defense products is to focus on finding _______. - Answers -
weakest link
Balancing cost of protection with cost of breach / data is known as? - Answers - risk
analysis
One of the lessons from the Target breach is that security is a _____ not a product. -
Answers - process
What was the first step in the target hack? - Answers - spear phishing
Do most IT security measures still work if physical security is compromised? (yes or no)
- Answers - no
In proper network segmentation practices, what is the common name for the area used
for servers that have public facing services? - Answers - demilitarized zones (dmz)
In the "Plan-Protect-______ cycle", the most resources should be spent on the
protection phase. - Answers - respond
Fraudulent emails sent to users in an attempt to get information or compromise their
system is known as ______. - Answers - phishing
The practice of using mathematics to hide, protect, or jumble information in a way that it
can be recovered again in the right conditions? - Answers - cryptography
Any software with evil intentions is known as: - Answers - malware
Compliance regulations are starting to mandate comprehensive visibility and control
over individual employee access to and permissions on all resources. These policies,
controls and systems are all part of ______. - Answers - access control
What style of permissions is recommended that users are granted when access is
needed? - Answers - least permissions
