Course Introduction
Computer Security
Textbook Exam Questions
Computer Security is a foundational course that explores the principles, techniques, and tools used to safeguard computer systems and data from unauthorized access, attacks, and threats. Students will learn about key concepts such as cryptography, authentication, access control, network security, malware, vulnerabilities, and risk management. The course also examines real-world case studies and legal, ethical, and policy issues surrounding security. Through practical exercises and projects, students will develop the skills to identify potential security risks and implement effective measures to protect information and systems in a variety of computing environments.
Recommended Textbook Management of Information Security 5th Edition by Michael
Available Study Resources on Quizplus
12 Chapters
706 Verified Questions
706 Flashcards
Source URL: https://quizplus.com/study-set/2555
Page 2
E. Whitman
Chapter 1: Introduction to the Management of Information Security
Available Study Resources on Quizplus for this Chatper
63 Verified Questions
63 Flashcards
Source URL: https://quizplus.com/quiz/50835
Sample Questions
Q1) Which of the following is the first step in the problem-solving process?
A) Analyze and compare the possible solutions
B) Develop possible solutions
C) Recognize and define the problem
D) Select, implement and evaluate a solution
Answer: C
Q2) A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach,so that users who subsequently visit those sites become infected.
A)True
B)False
Answer: True
Q3) Which of the following is NOT a primary function of Information Security Management?
A) planning
B) protection
C) projects
D) performance
Answer: D
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Compliance: Law and Ethics
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/50836
Sample Questions
Q1) Any court can impose its authority over an individual or organization if it can establish which of the following?
A) jurisprudence
B) jurisdiction
C) liability
D) sovereignty
Answer: B
Q2) Which subset of civil law regulates the relationships among individuals and among individualsand organizations?
A) tort
B) criminal
C) private
D) public
Answer: C
Q3) An organization increases its _____________ if it refuses to take measures-due care-to make sure that every employee knows what is acceptable and what is not,and the consequences of illegal or unethical actions.
Answer: liability
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Governance and Strategic Planning for Security
Available Study Resources on Quizplus for this Chatper
52 Verified Questions
52 Flashcards
Source URL: https://quizplus.com/quiz/50837
Sample Questions
Q1) What is the role of planning in InfoSec management? What are the factors that affect planning?
Answer: Planning usually involves many interrelated groups and organizational processes.The groups involved in planning represent the three communities of interest; they may be internal or external to the organization and can include employees,management,stockholders,and other outside stakeholder. Among the factors that affect planning are the physical environment,the political and legal environment,the competitive environment,and the technological environment.
Q2) The individual responsible for the assessment,management,and implementation of information-protection activities in the organization is known as a(n)____________.
A) chief information security officer
B) security technician
C) security manager
D) chief technology officer
Answer: A
Q3) The ______________________ phase is the last phase of SecSDLC,but perhaps the most important.
Answer: maintenance and change
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Information Security Policy
Available Study Resources on Quizplus for this Chatper
56 Verified Questions
56 Flashcards
Source URL: https://quizplus.com/quiz/50838
Sample Questions
Q1) What are the four elements that an EISP document should include?
Q2) The responsibilities of both the users and the systems administrators with regard to specific systems administration duties should be specified in the ____________________ section of the ISSP.
Q3) A risk assessment is performed during which phase of the SecSDLC?
A) implementation
B) analysis
C) design
D) investigation
Q4) The champion and manager of the information security policy is called the ____________________.
Q5) Which of the following are instructional codes that guide the execution of the system when information is passing through it?
A) access control lists
B) user profiles
C) configuration rules
D) capability tables
Q6) What are configuration rules? Provide examples.
Q7) How should a policy administrator facilitate policy reviews?
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Developing the Security Program
Available Study Resources on Quizplus for this Chatper
65 Verified Questions
65 Flashcards
Source URL: https://quizplus.com/quiz/50839
Sample Questions
Q1) The security education,training,and awareness (SETA)program is designed to reduce the occurence of external security attacks.
A)True
B)False
Q2) A) InfoSec program
B) SETA
C) scope creep
D) security watchstander
E) security manager
F) CISO
G) projectitis
H) critical path method
I) security technicians
J) security awareness program
Q3) On-the-job training can result in substandard work performance while the trainee gets up to speed.
A)True
B)False
Q4) Explain the conflict between the goals and objectives of the CIO and the CISO.
Q5) What minimum attributes for project tasks does the WBS document?
Page 7
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Risk Management: Identifying and Assessing Risk
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50840
Sample Questions
Q1) What strategic role do the InfoSec and IT communities play in risk management? Explain.
Q2) An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures is known as numberless assessment.
A)True
B)False
Q3) Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?
A) Part number
B) Serial number
C) MAC address
D) IP address
Q4) Classification categories must be mutually exclusive and which of the following?
A) Repeatable
B) Unique
C) Comprehensive
D) Selective
Q5) Classification categories must be ____________________ and mutually exclusive.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Risk Management: Controlling Risk
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50841
Sample Questions
Q1) The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR,DR and BC plans is ____________________ .
Q2) Unlike other risk management frameworks,FAIR relies on the qualitative assessment of many risk components using scales with value ranges.
A)True
B)False
Q3) A benchmark is derived by comparing measured actual performance against established standards for the measured category.
A)True
B)False
Q4) Explain two practical guidelines to follow in risk control strategy selection.
Q5) Which of the following describes an organization's efforts to reduce damage caused by a realized incident or disaster?
A) acceptance
B) avoidance
C) transference
D) mitigation
Q6) What are the four phases of the Microsoft risk management strategy?
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Security Management Models
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50842
Sample Questions
Q1) Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?
A) need-to-know
B) eyes only
C) least privilege
D) separation of duties
Q2) Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec,and was created by ISACA and the IT Governance Institute?
A) COBIT
B) COSO
C) NIST
D) ISO
Q3) The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them is called isolation of duties.
A)True
B)False
Q4) Access controls are build on three key principles. List and briefly define them.
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Security Management Practices
Available Study Resources on Quizplus for this Chatper
59 Verified Questions
59 Flashcards
Source URL: https://quizplus.com/quiz/50843
Sample Questions
Q1) Which of the following is NOT a factor critical to the success of an information security performance program?
A) Strong upper level management support
B) High level of employee buy-in
C) Quantifiable performance measurements
D) Results oriented measurement analysis
Q2) A standard of due process is a legal standard that requires an organization and its employees to act as a "reasonable and prudent" individual or organization would under similar circumstances.
A)True
B)False
Q3) Attaining certification in security management is a long and difficult process,but once attained,an organization remains certified for the life of the organization.
A)True
B)False
Q4) Describe the three tier approach of the RMF as defined by NIST SP 800-37.
Q5) Compare and contrast accreditation and certification.
Q6) Why it measurement prioritization and selection important? How can it be achieved?
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Planning for Contingencies
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50844
Sample Questions
Q1) A(n)____________________ is an agency that provides,in the case of DR/BC planning,physical facilities for a fee.
Q2) In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?
A) Desk check
B) Simulation
C) Structured walk-through
D) Parallel testing
Q3) When undertaking the BIA,what should the organization consider?
Q4) Which of the following is a possible indicator of an actual incident?
A) Unusual consumption of computing resources
B) Activities at unexpected times
C) Presence of hacker tools
D) Reported attacks
Q5) When dealing with an incident,the incident response team must conduct a(n)____________________,which entails a detailed examination of the events that occurred from first detection to final recovery.
Q6) Describe the methodology an organization should follow in an investigation.
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Personnel and Security
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50845
Sample Questions
Q1) Most hiring organizations are aware of the precise value of information security certifications because these programs have been in existence for a long time.
A)True
B)False
Q2) It is the responsibility of a _______________________ to develop appropriate InfoSec policies,standards,guidelines,and procedures.
Q3) Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?
A) Task rotation
B) Mandatory vacations
C) Separation of duties
D) Job rotation
Q4) List the six key principles that should shape the career of a CISO.
Q5) Which of the following is NOT a CISSP concentration?
A) ISSAP
B) ISSTP
C) ISSMP
D) ISSEP
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Protection Mechanisms
Available Study Resources on Quizplus for this Chatper
61 Verified Questions
61 Flashcards
Source URL: https://quizplus.com/quiz/50846
Sample Questions
Q1) In which cipher method are values rearranged within a block to create the ciphertext?
A) Permutation
B) Vernam
C) Substitution
D) Monoalphabetic
Q2) Briefly describe how biometric technologies are generally evaluated.
Q3) Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?
A) Ticket Granting Service
B) Authentication Server
C) Authentication Client
D) Key Distribution Center
Q4) Which of the following is a commonly used criteria used to compare and evaluate biometric technologies?
A) False accept rate
B) Crossover error rate
C) False reject rate
D) Valid accept rate
Q5) List the most common firewall implementation architectures.
To view all questions and flashcards with answers, click on the resource link above. Page 14