Information Assurance Exam Bank
Course Introduction
Information Assurance is a critical field focused on protecting and managing risks to information systems by ensuring the confidentiality, integrity, availability, authenticity, and non-repudiation of data. This course explores the principles, strategies, and best practices for securing digital assets against threats and vulnerabilities. Students learn about risk assessment methodologies, security policies, compliance frameworks, and incident response planning. Emphasis is placed on both the technical and managerial aspects of safeguarding information, preparing students to address challenges in cybersecurity, data protection, and governance within organizational environments.
Recommended Textbook Management of Information Security 3rd Edition by Michael E. Whitman
Available Study Resources on Quizplus
12 Chapters
1438 Verified Questions
1438 Flashcards
Source URL: https://quizplus.com/study-set/2354
Page 2
Chapter 1: Introduction to the Management of Information Security
Available Study Resources on Quizplus for this Chatper
139 Verified Questions
139 Flashcards
Source URL: https://quizplus.com/quiz/46799
Sample Questions
Q1) The first step in the WBS is to identify the work to be accomplished in the task or task area; that is,the activities and ____________________.
Answer: deliverables
Q2) The ____ diagramming technique uses simple bar charts that are simple to read and thus easy to present to management.
A) PERT
B) GANTT
C) CPM
D) WBS
Answer: B
Q3) The ____________________ community articulates and communicates organizational policy and objectives.
Answer: general business
Q4) The process of achieving objectives using a given set of resources is called \(\text {\underline{ management } }\)
A)True
B)False
Answer: True
Page 3
To view all questions and flashcards with answers, click on the resource link above.
Chapter 2: Planning for Security
Available Study Resources on Quizplus for this Chatper
123 Verified Questions
123 Flashcards
Source URL: https://quizplus.com/quiz/46800
Sample Questions
Q1) Tactical planning usually has a focus of ____.
A) one to five days
B) one to three months
C) one to three years
D) five or more years
Answer: C
Q2) Boards of directors should supervise strategic information security objectives by verifying that management's investment in information security is properly aligned with organizational strategies and the organization's\(\text {\underline{competitive } }\)
environment._________________________
A)True
B)False
Answer: False
Q3) An act or event that exploits a vulnerability is known as a(n)____________________.
Answer: attack
Q4) Tactical plans are used to develop ____________________ plans. Answer: operational
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Planning for Contingencies
Available Study Resources on Quizplus for this Chatper
114 Verified Questions
114 Flashcards
Source URL: https://quizplus.com/quiz/46801
Sample Questions
Q1) A(n)____________________ occurs when an attack affects information resources and/or assets,causing actual damage or other disruptions.
Answer: incident
Q2) The ____ team collects information about information systems and the threats they face,and creates the contingency plans for incident response,disaster recovery,and business continuity.
A) incident response
B) CP
C) disaster recovery
D) business continuity
Answer: B
Q3) \(\text {\underline{Rapid-onset } }\)
disasters occur suddenly,and may take the lives of people and destroy the means of production._________________________
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Information Security Policy
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46802
Sample Questions
Q1) List the significant guidelines used in the formulation of effective information security policy.
Q2) Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.
A) access control lists
B) user profiles
C) configuration rules
D) capability table
Q3) Which of the following is true about information security policy?
A) It should be written after a company has encountered an incident
B) It may conflict with the law
C) End users should not be involved in the creation of the policy
D) It must be able to stand up in court, if challenged
Q4) During the ____ phase of the SecSDLC,the information security policy is monitored,maintained,and modified as needed.
A) implementation
B) maintenance
C) analysis
D) investigation
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Developing the Security Program
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46803
Sample Questions
Q1) The purpose of the <u>CAEIAE</u> program is to enhance security by building in-depth knowledge,by developing security-related skills and knowledge,by improving awareness of the need to protect system resources._________________________
A)True
B)False
Q2) ____________________ personnel are the front line of incident response,as they may be able to diagnose and recognize an attack while handling calls from users having problems with their computers,the network,or Internet connections.
Q3) Which of the following functions needed to implement the information security program implements and oversees the use of controls to reduce risk?
A) Risk assessment
B) Incident response
C) Risk management
D) Network security administration
Q4) An organization's ____________________ program refers to the structure and organization of the effort that strives to contain the risks to the information assets of the organization.
Q5) List the steps of the seven-step methodology for implementing training.
To view all questions and flashcards with answers, click on the resource link above.
Page 7
Chapter 6: Security Management Models
Available Study Resources on Quizplus for this Chatper
120 Verified Questions
120 Flashcards
Source URL: https://quizplus.com/quiz/46804
Sample Questions
Q1) Which of the following is not an element of the Clark-Wilson model?
A) Constrained data items
B) Unconstrained data items
C) Integrity verification procedures
D) Internal consistency validation items
Q2) Under the Biba model,the ____ property permits a subject to have write access to an object only if the security level of the subject is equal to or higher than that of the object.
A) star (*)
B) simple security
C) integrity star (*)
D) simple integrity
Q3) The Clark-Wilson model,designed for commercial environments is a(n)____ model.
A) confidentiality
B) integrity
C) availability
D) None of these
Q4) Access controls are build on three key principles.List and briefly define them.
Q5) ____________________ controls restore operating conditions back to normal.
Page 8
Q6) The COBIT model categorizes control objectives into four domains.List them.
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Security Management Practices
Available Study Resources on Quizplus for this Chatper
114 Verified Questions
114 Flashcards
Source URL: https://quizplus.com/quiz/46805
Sample Questions
Q1) In most cases,simply listing the measurements collected does not adequately convey their ____.
A) meaning
B) cost
C) value
D) importance
Q2) Which of the following is NOT a factor critical to the success of an information security performance program?
A) Strong upper level management support
B) Practical InfoSec budgets and resources for the program
C) Quantifiable performance measures
D) Results oriented measures analysis
Q3) Security efforts that seek to provide a superior level of performance in the protection of information are referred to as ____________________.
Q4) "Good security now is better than perfect security never."
A)True
B)False
Q5) Performance ____________________ make it possible to define success in the security program.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Risk Management: Identifying and Assessing Risk
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/46806
Sample Questions
Q1) The relative value of an information asset depends on how much ____ it generates-or,in the case of a nonprofit organization,how critical it is to service delivery.
A) risk
B) margin
C) revenue
D) data
Q2) A ranked vulnerability risk worksheet assigns a ranked value or impact weight to each information asset.
A)True
B)False
Q3) Classification categories must be ____________________ and mutually exclusive.
Q4) ____________________ is the overall rating-a numerical value on a defined scale-of the probability that a specific vulnerability will be exploited.
Q5) A community of management and users that is well trained and informed about threats facing the organization can be crucial in the early detection and response process.
A)True B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Risk Management: Controlling Risk
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/46807
Sample Questions
Q1) When you establish one control,you<u> increase </u> the risk associated with all subsequent control evaluations._________________________
A)True
B)False
Q2) One of the most common methods of obtaining user acceptance and support is via
A) cost-benefit analysis
B) user involvement
C) user acceptance
D) behavioral feasibility
Q3) ____ is usually determined by valuing the information asset or assets exposed by the vulnerability and then determining how much of that value is at risk,and how much risk exists for the asset.
A) Risk
B) Asset value
C) Cost
D) Benefit
Q4) The ____________________ technique is process in which a group ranks a set of information.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Protection Mechanisms
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46808
Sample Questions
Q1) <u>Cryptology</u> is the process of deciphering the original message also known as plaintext from an encrypted message._________________________
A)True
B)False
Q2) "Something you are" and "something you ____________________" are considered to be biometric.
Q3) The<u> Vernam</u> cipher rearranges values within a block to create the ciphertext._________________________
A)True
B)False
Q4) Second generation of firewalls (stateful inspection firewalls)keeps track of each network connection established between internal and external systems using a state table.
A)True
B)False
Q5) ____________________ or genetic authentication is not yet a cost-effective and socially accepted technology that can be included in the "something you are" category.
Q6) Bastion host is also referred to as a(n)____________________ host.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Personnel and Security
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46809
Sample Questions
Q1) Before extending an offer of employment,it is necessary to conduct a background check on any potential candidate,regardless of job level.
A)True
B)False
Q2) Organizations should conduct periodic <u>security awareness and training</u> activities to keep security at the forefront of employees' minds and minimize employee mistakes._________________________
A)True
B)False
Q3) The ____________________ covers seven domains of information security knowledge and is considered by some to be a scaled down version of the CISSP.
Q4) The ____ is considered the most prestigious certification for security managers and CISOs.
A) CISSP
B) GIAC
C) SSCP
D) SCP
Q5) The GIAC ____________________ is the pinnacle of the GIAC certification program.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Law and Ethics
Available Study Resources on Quizplus for this Chatper
113 Verified Questions
113 Flashcards
Source URL: https://quizplus.com/quiz/46810
Sample Questions
Q1) The Computer Security Act charges the National Bureau of Standards (now NIST)with the development of all but which of the following?
A) Standards, guidelines, and associated methods and techniques for computer systems
B) Uniform standards and guidelines for most federal computer systems
C) Mandatory periodic training in computer security awareness and accepted computer security practice for all employees involved with federal computer systems
D) Technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in federal computer systems
Q2) Enacted in 1999,the Gramm-Leach-Bliley Act addresses ____ issues.
A) financial
B) trade secrets
C) cryptography
D) identity theft
Q3) Due ____________________ requires that an organization make sufficient and ongoing efforts to protect others.
Q4) Briefly describe five different types of laws.
To view all questions and flashcards with answers, click on the resource link above.
Page 14