Information Systems Security Exam Review
Course Introduction
Information Systems Security provides a comprehensive overview of the principles and practices used to protect computer-based information resources. The course examines a variety of security threats, vulnerabilities, and attacks targeting information systems, along with countermeasures such as cryptography, access controls, network security protocols, and risk management strategies. Students will explore policies, ethical issues, legal considerations, and best practices for securing data and infrastructure in modern organizations. By the end of the course, learners will have foundational knowledge for identifying, assessing, and mitigating risks to information systems in diverse professional settings.
Recommended Textbook
Principles of Information Security 6th Edition by Michael E. Whitman
Available Study Resources on Quizplus
12 Chapters
1148 Verified Questions
1148 Flashcards
Source URL: https://quizplus.com/study-set/2123
Page 2
Chapter 1: Introduction to Information Security
Available Study Resources on Quizplus for this Chatper
87 Verified Questions
87 Flashcards
Source URL: https://quizplus.com/quiz/42300
Sample Questions
Q1) An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.
A) software
B) hardware
C) data
D) All of the above
Answer: D
Q2) The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security.
A) bugs
B) vulnerabilities
C) malware
D) maintenance hooks
Answer: B
Q3) In the ____________________ approach, the project is initiated by upper-level managers who issue policy, procedures, and processes, dictate the goals and expected outcomes, and determine accountability for each required action.
Answer: top-down
To view all questions and flashcards with answers, click on the resource link above.
Page 3
Chapter 2: The Need for Security
Available Study Resources on Quizplus for this Chatper
91 Verified Questions
91 Flashcards
Source URL: https://quizplus.com/quiz/42301
Sample Questions
Q1) ESD is the acronym for ____________________ discharge. Answer: electrostatic
Q2) An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.
A)True
B)False
Answer: False
Q3) In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
Answer: social engineering
Q4) The application of computing and network resources to try every possible combination of options of a password is called a <u>dictionary</u> attack.
A)True
B)False
Answer: False
Q5) A momentary low voltage is called a(n) ____________________. Answer: fault
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Legal, Ethical, and Professional Issues in Information Security
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/42302
Sample Questions
Q1) The <u>Graham-Leach-Bliley</u> Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms.
A)True
B)False
Answer: False
Q2) The Payment Card Industry Data Security Standards (PCI DSS) are designed to enhance the __________ of customers' account data.
Answer: security
Q3) __________ is the legal obligation of an entity that extends beyond criminal or contract law.
Answer: Liability
Q4) In a study on software license infringement, licenses from the United States were significantly <u>more </u>permissive than those from the Netherlands and other countries.
A)True
B)False
Answer: False
Page 5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: Planning for Security
Available Study Resources on Quizplus for this Chatper
109 Verified Questions
109 Flashcards
Source URL: https://quizplus.com/quiz/42303
Sample Questions
Q1) The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security <u>management</u>. _________________________
A)True
B)False
Q2) The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________."
A) implementation
B) certification
C) management
D) accreditation
Q3) __________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.
A) Firewalling
B) Hosting
C) Redundancy
D) Domaining
Q4) The transfer of live transactions in real time to an off-site facility is called
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Risk Management
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/42304
Sample Questions
Q1) ____________________ components account for the management of information in all its states: transmission, processing, and storage.
Q2) ____________________ is the process of assigning financial value or worth to each information asset.
Q3) Operational feasibility is an assessment of whether the organization can acquire the technology necessary to implement and support the proposed control.
A)True
B)False
Q4) Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets.
A)True
B)False
Q5) A security clearance is a component of a data classification scheme that assigns a status level to systems to designate the maximum level of classified data that may be stored on them.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Security Technology: Access Controls, Firewalls, and VPNS
Available Study Resources on Quizplus for this Chatper
106 Verified Questions
106 Flashcards
Source URL: https://quizplus.com/quiz/42305
Sample Questions
Q1) The __________ is an intermediate area between a trusted network and an untrusted network.
A) perimeter
B) DMZ
C) domain
D) firewall
Q2) The firewall device must never be accessible directly from the ____________________ network.
Q3) Using an application firewall means the associated Web server must be exposed to a higher level of risk by placing it in the DMZ.
A)True
B)False
Q4) The ____________________ Access Controller Access Control System contains a centralized database, and it validates the user's credentials at the TACACS server.
Q5) ____________________ is a firewall type that keeps track of each network connection between internal and external systems using a table and that expedites the processing of those communications.
Page 8
Q6) The application firewall is also known as a(n) ____________________ server.
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Security Technology: Intrusion Detection and
Prevention Systems, and Other Security Tools
Available Study Resources on Quizplus for this Chatper
107 Verified Questions
107 Flashcards
Source URL: https://quizplus.com/quiz/42306
Sample Questions
Q1) A(n)<u> log</u> file monitor is similar to an NIDPS.
A)True
B)False
Q2) A(n) ____________________-based IDPS resides on a particular computer or server and monitors activity only on that system.
Q3) In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.
A)True
B)False
Q4) Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.
A)True
B)False
Q5) Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Cryptography
Available Study Resources on Quizplus for this Chatper
109 Verified Questions
109 Flashcards
Source URL: https://quizplus.com/quiz/42307
Sample Questions
Q1) 3DES was created to offer the same strength as the DES algorithm but ran three times as fast, thus saving time.
A)True
B)False
Q2) __________ was developed by Phil Zimmermann and uses the IDEA cipher for message encoding.
A) PEM
B) PGP
C) S/MIME
D) SSL
Q3) A(n)<u> distinguished</u> name uniquely identifies a certificate entity to a user's public key. _________________________
A)True
B)False
Q4) Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms.
A)True
B)False
Q5) Describe how hash functions work and what they are used for.
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Physical Security
Available Study Resources on Quizplus for this Chatper
77 Verified Questions
77 Flashcards
Source URL: https://quizplus.com/quiz/42308
Sample Questions
Q1) Most guards have clear __________ that help them to act decisively in unfamiliar situations.
A) MACs
B) SOPs
C) POSs
D) OPSs
Q2) A(n) _________________________ security plan requires that every building have clearly marked fire exits and maps posted throughout the facility.
Q3) A _________________________ detector is a sensor that detects the infrared or ultraviolet light produced by an open flame.
Q4) Describe different types of sensors to detect intrusions.
Q5) _________________________ locks can be integrated into alarm systems and combined with other building management systems.
Q6) <u>Videoconferencing </u>is off-site computing that uses Internet connections, dial-up connections, connections over leased point-to-point links between offices, and other mechanisms. _________________________
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Implementing Information Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/42309
Sample Questions
Q1) Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.
A) wrap-up
B) governance
C) turnover
D) changeover
Q2) A(n) __________ is a simple project management planning tool.
A) RFP
B) WBS
C) ISO 17799
D) SDLC
Q3) All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.
A)True
B)False
Q4) A direct changeover is also known as going "<u>fast turnkey</u>."
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Security and Personnel
Available Study Resources on Quizplus for this Chatper
77 Verified Questions
77 Flashcards
Source URL: https://quizplus.com/quiz/42310
Sample Questions
Q1) To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.
A)True
B)False
Q2) To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a ____________________feasibility study before the program is implemented.
Q3) Describe the concept of separation of duties.
Q4) Security ____________________ are accountable for the day-to-day operation of the information security program.
Q5) Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney
A) Definer
B) User
C) Builder
D) Administrator
Q6) It is important to gather employee ____________________ early about the information security program and respond to it quickly.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Information Security Maintenance
Available Study Resources on Quizplus for this Chatper
116 Verified Questions
116 Flashcards
Source URL: https://quizplus.com/quiz/42311
Sample Questions
Q1) Each organization sets policy to choose one of two approaches when employing digital forensics. Select the statement that best identifies the options.
A) Protect and forget
B) Apprehend and prosecute
C) Neither of these is an approach to be chosen
D) Both of these are approaches that might be chosen
Q2) You can document the results of the verification of a vulnerability by saving the results in what is called a(n) <u>profile</u>. _________________________
A)True
B)False
Q3) Almost all aspects of a company's environment are ____________________, meaning threats that were originally assessed in the early stages of the project's systems development life cycle have probably changed and new priorities have emerged.
Q4) Digital forensics involves chemical and microscopic analysis of evidence using computerized laboratory instruments.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 14