ISA 3100 EXAM 1 PREP QUESTIONS AND ANSWERS
The ____ is the individual primarily responsible for the assessment, management, and implementation
of information security in the organization. - CORRECT ANSWER✅✅CISO
Which of the following phases of the SDLC is often considered the longest and most expensive phase of
the systems development life cycle? - CORRECT ANSWER✅✅maintenance and change
__________ of information is the quality or state of being genuine or original. - CORRECT
ANSWER✅✅Authenticity
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an
organization from unauthorized access and misuse. - CORRECT ANSWER✅✅Physical
Computer hardware is seldom the most valuable asset possessed by an organization.
TRUE
FALSE - CORRECT ANSWER✅✅TRUE
Information has redundancy when it is free from mistakes or errors and it has the value that the end
user expects.
TRUE
FALSE - CORRECT ANSWER✅✅FALSE
The value of information comes from the characteristics it possesses.
FALSE
TRUE - CORRECT ANSWER✅✅TRUE
, An organizational resource that is being protected is sometimes logical, such as a Web site, software
information, or data; or is sometimes physical, such as a person, computer system, hardware, or other
tangible object. Collectively all of these things are known as a(n) ___________. - CORRECT
ANSWER✅✅asset
When dealing with computerized information, a breach of possession will result in a breach of
confidentiality.
TRUE
FALSE - CORRECT ANSWER✅✅FALSE
Indirect attacks originate from a compromised system or resource that is malfunctioning or working
under the control of a threat.
FALSE
TRUE - CORRECT ANSWER✅✅TRUE
____ is any technology that aids in gathering information about a person or organization without their
knowledge. - CORRECT ANSWER✅✅Spyware
The ____________________ hijacking attack uses IP spoofing to enable an attacker to impersonate
another entity on the network. - CORRECT ANSWER✅✅TCP
In a ____________________ attack, the attacker sends a large number of connection or information
requests to disrupt a target from many locations at the same time. - CORRECT ANSWER✅✅distributed
denial-of-service
"4-1-9" fraud is an example of a ____________________ attack. - CORRECT ANSWER✅✅social
engineering
A worm requires that another program is running before it can begin functioning.
The ____ is the individual primarily responsible for the assessment, management, and implementation
of information security in the organization. - CORRECT ANSWER✅✅CISO
Which of the following phases of the SDLC is often considered the longest and most expensive phase of
the systems development life cycle? - CORRECT ANSWER✅✅maintenance and change
__________ of information is the quality or state of being genuine or original. - CORRECT
ANSWER✅✅Authenticity
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an
organization from unauthorized access and misuse. - CORRECT ANSWER✅✅Physical
Computer hardware is seldom the most valuable asset possessed by an organization.
TRUE
FALSE - CORRECT ANSWER✅✅TRUE
Information has redundancy when it is free from mistakes or errors and it has the value that the end
user expects.
TRUE
FALSE - CORRECT ANSWER✅✅FALSE
The value of information comes from the characteristics it possesses.
FALSE
TRUE - CORRECT ANSWER✅✅TRUE
, An organizational resource that is being protected is sometimes logical, such as a Web site, software
information, or data; or is sometimes physical, such as a person, computer system, hardware, or other
tangible object. Collectively all of these things are known as a(n) ___________. - CORRECT
ANSWER✅✅asset
When dealing with computerized information, a breach of possession will result in a breach of
confidentiality.
TRUE
FALSE - CORRECT ANSWER✅✅FALSE
Indirect attacks originate from a compromised system or resource that is malfunctioning or working
under the control of a threat.
FALSE
TRUE - CORRECT ANSWER✅✅TRUE
____ is any technology that aids in gathering information about a person or organization without their
knowledge. - CORRECT ANSWER✅✅Spyware
The ____________________ hijacking attack uses IP spoofing to enable an attacker to impersonate
another entity on the network. - CORRECT ANSWER✅✅TCP
In a ____________________ attack, the attacker sends a large number of connection or information
requests to disrupt a target from many locations at the same time. - CORRECT ANSWER✅✅distributed
denial-of-service
"4-1-9" fraud is an example of a ____________________ attack. - CORRECT ANSWER✅✅social
engineering
A worm requires that another program is running before it can begin functioning.
