Information Assurance
Textbook Exam Questions
Course Introduction
Information Assurance explores the processes and methodologies used to protect information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This course covers foundational areas such as risk management, security policies, compliance frameworks, incidence response, and technical controls. Students will examine how organizations assess vulnerabilities, implement safeguards, and adhere to legal and ethical standards to secure data and information infrastructure. Practical exercises and case studies will help learners understand strategies to mitigate threats and maintain the trustworthiness of critical information in dynamic technological environments.
Recommended Textbook Management of Information Security 3rd Edition by Michael
Available Study Resources on Quizplus 12 Chapters
Verified Questions
Flashcards
Source URL: https://quizplus.com/study-set/2354
Page 2
E. Whitman
Chapter 1: Introduction to the Management of Information Security
Available Study Resources on Quizplus for this Chatper
139 Verified Questions
139 Flashcards
Source URL: https://quizplus.com/quiz/46799
Sample Questions
Q1) List and explain the four principles of management under the contemporary or popular management theory.Briefly define each.
Answer: Popular management theory,which categorizes the principles of management into planning,organizing,leading,and controlling (POLC).
The process that develops,creates,and implements strategies for the accomplishment of objectives is called planning.
The management function dedicated to the structuring of resources to support the accomplishment of objectives is called organization.
Leadership includes supervising employee behavior,performance,attendance,and attitude.Leadership generally addresses the direction and motivation of the human resource.
Monitoring progress toward completion,and making necessary adjustments to achieve desired objectives,requires the exercise of control.
Q2) Corruption of information can occur only while information is being stored. A)True B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Planning for Security
Available Study Resources on Quizplus for this Chatper
123 Verified Questions
123 Flashcards
Source URL: https://quizplus.com/quiz/46800
Sample Questions
Q1) According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization do the work according to the plan?
A) Initiating
B) Establishing
C) Acting
D) Learning
Answer: C
Q2) ____ work with the information to perform their daily jobs supporting the mission of the organization..
A) Data owners
B) Data users
C) Data custodians
D) Security managers
Answer: B
Q3) A clearly directed strategy flows from top to bottom.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Planning for Contingencies
Available Study Resources on Quizplus for this Chatper
114 Verified Questions
114 Flashcards
Source URL: https://quizplus.com/quiz/46801
Sample Questions
Q1) To perform parallel testing,the operations of the business must be halted.
A)True
B)False
Answer: False
Q2) The immediate determination of the scope of the breach of confidentiality,integrity,and availability of information and information assets is called
Answer: incident damage assessment
Q3) A ____ activation requires that the first person call designated people on the roster,who in turn call other designated people,and so on.
A) hierarchical
B) sequential
C) serial
D) random Answer: A
Q4) A(n)____________________ is a method of testing contingency plans in which all involved individuals walk through the steps they would take during an actual event. Answer: structured walk-through
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Information Security Policy
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46802
Sample Questions
Q1) If an organization wants to prohibit the criminal use of the organization's information systems,it should do so in the<u> Systems Management</u> section of the ISSP._________________________
A)True
B)False
Q2) Policies must also specify the penalties for unacceptable behavior and define a(n)____.
A) appeals process
B) legal recourse
C) responsible managers
D) requirements for revision
Q3) <u>Policy servers</u> code organization-specific policies in a special machine-readable language that then can be accessed by operating systems,access control packages,and network management systems._________________________
A)True
B)False
Q4) ____________________ are the specific configuration codes entered into security systems to guide the execution of the system when information is passing through it.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Developing the Security Program
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46803
Sample Questions
Q1) A study of information security positions found that positions can be classified into one of three types: ____________________ provide the policies,guidelines,and standards.They're the people who do the consulting and the risk assessment,who develop the product and technical architectures.
Q2) ____ shifts responsibility for training onto the trainee,with little formal support.
A) Self-study (noncomputerized)
B) One-on-one training
C) Distance learning/Web seminars
D) Computer-based training
Q3) A(n)<u>medium</u>-sized organization typically spends about 20 percent of the total IT budget on information security.________________________
A)True
B)False
Q4) Computer-based training (CBT)allows users to learn from each other.
A)True
B)False
Q5) The three elements of a SETA program are security education,security training,and
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Security Management Models
Available Study Resources on Quizplus for this Chatper
120 Verified Questions
120 Flashcards
Source URL: https://quizplus.com/quiz/46804
Sample Questions
Q1) ISO/IEC 17799 is designed to promote certification of information security management system.
A)True
B)False
Q2) Within lattice-based access controls,the row of attributes associated with a particular subject (such as a user)is referred to as a capabilities table.
A)True
B)False
Q3) Access to a specific set of information may be dependent on its subject matter is called ____.
A) content-dependent access controls
B) constrained user interfaces
C) temporal isolation
D) None of these
Q4) The COBIT model categorizes control objectives into four domains.List them.
Q5) One discretionary model is ____________________-based access controls,in which access is granted based on a set of mandates specified by the central authority.
Q6) Access controls are build on three key principles.List and briefly define them.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Security Management Practices
Available Study Resources on Quizplus for this Chatper
114 Verified Questions
114 Flashcards
Source URL: https://quizplus.com/quiz/46805
Sample Questions
Q1) By looking at the paths taken by organizations similar to the one whose plan you are developing,known as<u> benchmarking</u>,the organization can follow the recommended or existing practices of a similar organization or industry-developed standards._________________________
A)True
B)False
Q2) Which of the following is NOT a question a CISO should be prepared to answer,about a performance measures program,according to Kovacich?
A) Why should these statistics be collected?
B) How will these statistics be collected?
C) How much will the collection of statistics cost?
D) Who will collect these statistics?
Q3) The two categories of benchmarks that are used in information security are standards of due care/due diligence and ____________________.
Q4) Best security practices balance the need for information ____________________ with the need for adequate protection while simultaneously demonstrating fiscal responsibility.
To view all questions and flashcards with answers, click on the resource link above.
9
Chapter 8: Risk Management: Identifying and Assessing Risk
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/46806
Sample Questions
Q1) The last stage in the risk identification process is to document the organization's
Q2) ____ should be avoided when identifying people assets.
A) Position titles
B) Roles
C) Security clearance levels
D) Names
Q3) ____________________ are specific areas in which threat agents can attack an information asset.
Q4) The ultimate goal of risk identification is to assess the circumstances and setting of each information asset to reveal any<u> threats</u>._________________________
A)True
B)False
Q5) Having an established risk management program means that an organization's assets are completely protected.
A)True
B)False
Q6) List the stages in the risk identification process in order of occurrence.
Q7) A(n)____________________ number uniquely identifies a specific device. Page 10
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 9: Risk Management: Controlling Risk
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/46807
Sample Questions
Q1) The ____ technique,named for the Greek mythological oracle which predicted the future is a process whereby a group rates or ranks a set of information.
A) Euripides
B) Artemis
C) Aesop
D) Delphi
Q2) If the organization has information assets totaling 1 million dollars,how much should the organization spend to protect them?
A) $10,000
B) $100,000
C) 1 million dollars
D) an appropriate amount determined through an effective cost-benefit analysis
Q3) Which of the following is NOT an alternative to cost-benefit analyses?
A) Benchmarking
B) Due care/due diligence
C) Baselining
D) ISO 17799 based controls
Q4) The Single Loss Expectancy (SLE)is the result of the asset's value (AV)multiplied by the ____________________ factor.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 10: Protection Mechanisms
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46808
Sample Questions
Q1) <u>Footprinting</u> is the organized research of the Internet addresses owned or controlled by a target organization,using public Internet data._________________________
A)True
B)False
Q2) Trap and Trace applications collect and analyze copies of packets from the network.
A)True
B)False
Q3) ____ controls defend against threats from outside of the organization.
A) Security planning
B) Policy and law
C) Education and training
D) Firewall
Q4) ____________________ Ticket Granting Service (TGS)provides tickets to clients who request services.
Q5) Technical controls alone are adequately equipped to ensure a secure IT environment.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 11: Personnel and Security
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46809
Sample Questions
Q1) One of the job competencies for a(n)___________________________________ consists of developing appropriate security policies,standards,guidelines and procedures.
Q2) CompTIA's Security + certification tests for security knowledge mastery of an individual with no on-the-job network experience,and is focused on CompTIA's line of security equipment.
A)True
B)False
Q3) The ____ is considered the most prestigious certification for security managers and CISOs.
A) CISSP
B) GIAC
C) SSCP
D) SCP
Q4) Which of the following is a domain of the CompTIA Security+ exam?
A) General security concepts
B) Business risk management
C) IS audit process
D) Disaster recovery and business continuity
Q5) Briefly describe at least five types of background checks.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 12: Law and Ethics
Available Study Resources on Quizplus for this Chatper
113 Verified Questions
113 Flashcards
Source URL: https://quizplus.com/quiz/46810
Sample Questions
Q1) The current law regarding nationwide search warrants for e-mail does not require the government to use a search warrant to compel a provider to disclose unopened e-mail that is less than six months old.
A)True
B)False
Q2) The structure and administration of government agencies and their relationships with citizens,employees,and other governments is regulated by ____________________ law.
Q3) ____ law embodies a wide variety of laws pertaining to relationships between and among individuals and organizations.
A) Civil
B) Criminal
C) Ethical
D) Tort
Q4) ____________________ law addresses violations harmful to the society and is actively enforced and prosecuted by the state.
Q5) Briefly describe five different types of laws.
Q6) Gramm-Leach-Bliley Act addresses regulation of the ____________________ industry.
Page 15
To view all questions and flashcards with answers, click on the resource link above.