WGU C724 : Unit 7 - Module 11 (Quiz Review)2021/2022

What is the primary goal of information security? Correct answer- Reduce losses related to losses in confidentiality, availability and integrity. There are many different kinds of malware, which could be a spyware, worm, virus, or Trojan horse. In general, any _______________________________________ that is downloaded and stored on a computer hard drive can cause undesirable damage to the computer or network system. Correct answer- Virus There are several low-tech attacks that criminals can use to steal sensitive information from individuals in public places. One of the most common methods is ____________________________, in which individuals are offered a gift for completing an application for a credit card. Correct answer- Quid Pro Quo The U.S. government enacted legislation and regulations to protect privacy and do what else? Correct answer- Enact and enforce security, and manage and retain documentation - Such laws and regulations include the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Financial Services Modernization Act (aka Gramm-Leach-Bliley Act) of 1999, and the Public Company Accounting Reform and Investor Act (aka Sarbanes-Oxley Act) of 2002. What can be used to counter the risks, vulnerabilities, and threats experienced by managers in organizations? Correct answer- Security Measures Which of the following is NOT a component of an organization's framework for security and control? Correct answer- Cost-Benefit Analysis [True/False] To gain entry to secured location at airports or the building of some government agencies, a photo identification (which is classified as a knowledge authentication method) is all you need to have. Correct answer- False - Photo identification is an identity method, not knowledge method. Computer-based actions are actions that involved the use of a computer. Which of the following is NOT a computer-based action? Correct answer- Randomizing your online behavior - a behavioral action that can help to deter cyber attack. The disaster recovery plan (DRP) addresses several issues when an emergency occurs. What item below would NOT be addressed in a DRP? Correct answer- Businesses perform regular backups for operational databases. Which of the following networks is the easiest for someone to gain access to? Correct answer- Wireless Networks - not all wireless routers are secure and protected, so access is open. (Select all that apply). People access the Internet all the time. What is considered acceptable online conduct? Correct answer- Be careful with the sites you visit. Check content before you download it. Identity theft can be very devastating to innocent victims. What is the first step that people can take to help lessen the severity of risk and to help mitigate or eliminate other risks if their identities are stolen in the future? Correct answer- Understand which assets are irreplaceable and how they are vulnerable. The purpose of information security is to protect the information from illegal use and unauthorized access. Which of the following is NOT part of the triad encompassing the three categories of threats to information assets? Correct answer- Security - the three goals of information security are Confidentiality, Integrity, and Availability. All cyber threats or attacks are associated with computers; therefore, all computer risks are limited to ________________________. Correct answer- Both high-tech and low- tech attacks. Criminals use low-tech attacks to steal sensitive information from individuals in public places. One method is called _____________________________________, which is leaving a jump drive unattended in a parking lot and waiting for someone else to pick it up and connect it to their home computer. Correct answer- Baiting Businesses encounter losses as a direct result of exposure to security threats or risks. Which choice would NOT be a direct loss? Correct answer- Employee Turnover [True/False] Environmental risks alone can be easily addressed. However, the human factor increases the challenge of mitigating environmental risks. Correct answer- True What kind of controls manages the restrictions that employees may have to the corporate data resources? Correct answer- Application - Application controls is a type of configured restrictions within a specific software application, such as restrictions on the employees who might request supplier payments, authorize payment for goods, or send checks to suppliers. There are two primary concepts within information security. The ____________ concept, otherwise known informally as need-to-know, indicates that access should only be provided to those who need it to complete tasks in their job. Correct answer- Principle of Least Privilege When a piece of data is in one of three states (at rest, in motion, or in use), people can employ_______________to counter-measure threats or vulnerabilities to that particular data. Correct answer- Numerous Methods - including: Authentication, Identity Management, Authorization to protect data that's being used, or Encryption and Multi- Facor Authentication to protect stored data. A properly implemented disaster recovery plan (DRP) provides businesses with what kind of assurance? Correct answer- Business can be resumed quickly and effectively after a disaster. (Select all that apply). What can individuals do to protect their computer systems? Correct answer- Do not use abandoned jump drives. Create a computer system recovery point. [True/False] Personal conduct is often the weakest link in the chain of personal security. For instance, someone who is knowledgeable of the risks, threats, and vulnerabilities from the Internet will react differently towards technology compared to someone who is ignorant of such risks. Correct answer- True After people determine what kind of assets are irreplaceable and how vulnerable they are, what do people do next to protect against the risk of identity theft? Correct answer- Understand the methods that criminals use to steal personal information. Organizations have a responsibility to protect information assets and to control access. How do organizations ensure that only authorized personnel have access to the corporate data resources? Correct answer- Ensuring that employees are authenticated to prove their unique identity. In order to monitor web surfing activities, what might a retailer install onto their customer's computers? Correct answer- Spyware Organizations must be concerned with a low-tech attack that allows unauthorized personnel access to sensitive or restricted areas merely by overtly or covertly following an authorized employee through a controlled access entry point. What is the technical term for this low-tech method? Correct answer- Tailgating The Ford Pinto example illustrates that which analysis is the best way to make well- informed business decisions? Correct answer- Cost-Benefit Analysis - The cost-benefit analysis determines that it is more costly to recall and fix the faulty design. The problem with this case is that, contrary to the public, Ford had assigned a much lower value to human lives. Therefore, the risk-benefit analysis is a better way to evaluate the Ford Pinto case, although Ford must also be aware of the importance of public opinions. Several factors contribute to the increasing vulnerability of information systems. Which of the following risk factors play an important role in contributing to the increasing vulnerability of information systems? Correct answer- Risk of information loss caused by environmental events. Every organization, big or small, must establish policies and procedures to secure and control their information assets. Security policies are output from an organization's risk assessment process. What do security policies cover? Correct answer- An organization's need for various levels of security. There are two primary concepts within Information Security. The ____________________ concept stipulates that duties and access are to be disseminated among multiple people, so that the possibility of abuse and fraud are reduced or eliminated. Correct answer- Separation of Duties Encryption is the process of encoding useful information into a different format. Which of the following statements is NOT an accurate description of the encryption method? Correct answer- Encryption is an intrusive form of authentication - Biometrics is intrusive because it deals with personal characteristics of the user, but encryption involves scrambling data and requires a key to unscramble the message; it is not intrusive to the user. [True/False] A disaster recovery plan (DRP) must include measures that are preventive, detective, and corrective. Examples of preventive measures include network and physical security intrusion detection systems (IDS). Correct answer- False - Preventive measures include power conditioning systems, uninterruptable power supplies, redundant power feeds and network connections, generators, and service connections. You can protect your computer against risks and threats by making sure that you are always running the latest version of your software. Along the same line, you can also download and install which of the following applications to help protect your computer? Correct answer- The Latest Security Patches Which of the following is NOT a safe way to access a public Wi-Fi? Correct answer- Use Anonymous Browsing - helps to provide some protection, but it is still not very secure. Shoppers are strongly encouraged to use secure forms of payment for online purchases. A _____________ is a special credit card number that requires the use of special two-factor authentication code gained via secure communication from a sponsoring bank before a transaction is permitted. Correct answer- Virtual Credit Card