IT Risk Management
Pre-Test Questions
Course Introduction
IT Risk Management focuses on identifying, assessing, and mitigating risks associated with information technology systems and processes within organizations. The course explores methodologies for evaluating threats, vulnerabilities, and potential impacts on IT assets, emphasizing both technical and organizational measures to safeguard data and ensure service continuity. Topics include risk assessment frameworks, legal and regulatory compliance, incident response planning, control implementation, and the ongoing monitoring of IT environments. Students will gain practical skills in developing comprehensive risk management plans and strategies to minimize the likelihood and impact of information security incidents.
Recommended Textbook
Information Security and IT Risk Management 1st Edition by Manish Agrawal
Available Study Resources on Quizplus
14 Chapters
349 Verified Questions
349 Flashcards
Source URL: https://quizplus.com/study-set/3541
Page 2
Chapter 1: Introduction
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70324
Sample Questions
Q1) Integrity is
A) Protecting information and information systems from unauthorized use
B) Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information Choices
C) Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity
D) Ensuring timely and reliable access to and use of information
Answer: C
Q2) Confidentiality is
A) Protecting information and information systems from unauthorized use
B) Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information Choices
C) Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity
D) Ensuring timely and reliable access to and use of information
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: System Administration
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70325
Sample Questions
Q1) The system administrator is the person responsible for
A) Day-to-day operation of a technology system
B) Writing , enforcing , and reviewing security-operating procedures
C) Developing new technology systems
D) Upgrading existing technology systems
Answer: A
Q2) Selecting one among many possible combinations of features of a system is called
A) User management
B) Access control
C) Installation
D) Configuration
Answer: D
Q3) A Linux distribution is
A) A collection of open source utilities and software packaged with the Linux OS
B) An older version of Linux
C) A specific version of Linux, focused on competing with Microsoft
D) The "official" version of Linux
Answer: A
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: System Administration 2
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70326
Sample Questions
Q1) To navigate to a specific folder, we can use the command
A) grep
B) ls
C) pwd
D) cd
Answer: D
Q2) The default shell prompt for a regular user in the bash shell is
A) /
B) .
C) ..
D) $
Answer: D
Q3) An example of a relative path is
A) /temp.txt
B) /usr/temp.txt
C) ~/temp.txt
D) /home/joe/temp.txt
Answer: C
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Basic Information Security Model
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70327
Sample Questions
Q1) A SQL injection vulnerability is an example of a
A) Unrestricted uploads vulnerability
B) Cross-site scripting vulnerability
C) Buffer overflow vulnerability
D) Lack of input validation vulnerability
Q2) Vulnerabilities are
A) Safeguards used to minimize the impact of threats
B) Capabilities, intentions and attack methods of adversaries to cause harm to assets
C) Resource or information that is to be protected
D) Weaknesses in an information system that can lead to a compromise of an asset
Q3) A buffer overflow vulnerability refers to a situation where
A) Files are accepted as input without verifying their specifications
B) Input from other users is supplied as output to other users
C) A program puts more data into a storage location than it can hold
D) User input is used without confirming its validity
Q4) Vulnerabilities in IT systems can be eliminated through secure coding practices
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above.
6
Chapter 5: Asset Identification and Characterization
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70328
Sample Questions
Q1) Asset sensitivity refers to
A) Data that cannot be disclosed to outsiders
B) Importance of an asset to the immediate survival of an organization
C) The damage caused to an organization from a breach of confidentiality or integrity of an asset
D) Data that is not classified as restricted
Q2) Based on criticality, assets are classified as
A) Restricted, unrestricted
B) Essential, required, deferrable
C) Information, personnel, hardware
D) Hardware, software, legal
Q3) In most organizations, the most important assets from the perspective of information security are
A) Hardware assets
B) Information assets
C) Software assets
D) Personnel assets
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Threats and Vulnerabilities
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70329
Sample Questions
Q1) External threat agents include
A) Partners and suppliers
B) Activist groups and competitors
C) Help desk and janitorial services
D) Auditors and hurricanes
Q2) In the information security context, Black Tuesday refers to
A) The day Google's stock fell by 50% immediately after its IPO
B) The day a company finally turns profitable for the year
C) The day the firm lost a bulk of its email
D) The typical day on which Microsoft releases patches
Q3) Internal auditors can be a threat agent by
A) Excessive adherence to compliance
B) Lack of attention to detail
C) Lack of training
D) Causing outages
Q4) Phishing is
A) An activity performed by agents to compromise assets
B) Convincing users to do something they would not ordinarily do
C) Using email to try and get a user to divulge confidential information
D) Malicious content entered by an end user on a web-based system
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Encryption Controls
Available Study Resources on Quizplus for this Chatper
24 Verified Questions
24 Flashcards
Source URL: https://quizplus.com/quiz/70330
Sample Questions
Q1) A cryptographic algorithm is
A) Symbols that controls encipherment and decipherment
B) A well-defined sequence of steps used to describe cryptographic processes
C) An encryption method that uses no keys
D) Text that is unintelligible to the reader
Q2) The current standard for secret key encryption is
A) DES Data Encryption Standard
B) AES Advanced Encryption Standard
C) IDEA International Data Encryption Algorithm
D) SHA Secure Hash Algorithm
Q3) Secret key cryptography refers to
A) The use of the same key for both encryption and decryption
B) The use of a secret algorithm for encryption and decryption
C) The use of a secret key only for decryption
D) The use of a secret key for encryption
Q4) Hash functions are used primarily for
A) Sharing a secret key prior to network transmission
B) Storing data on hard drives
C) Encrypting data during transmission over a network
D) Saving passwords
9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Identity and Access Management
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70331
Sample Questions
Q1) Kerberos has been very useful in securing web applications
A)True
B)False
Q2) An individual's affiliation with the organization is called their
A) Access
B) Role
C) Account
D) Password
Q3) For use as a biomarker, a physical trait must be
A) Searchable
B) Universal
C) Attractive
D) Inexpensive
Q4) Identity discovery involves
A) Locating all new and updated identities in the organization
B) Comparing each discovered identity to a master record of all individuals in the organization
C) Collecting data about each individual's relationship to the organization
D) Making decisions about granting users access to resources
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Hardware and Software Controls
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70332
Sample Questions
Q1) Examining byte sequences in incoming and outgoing data is called
A) Reputation based end-point protection
B) Protocol-based end-point protection
C) Anomaly-based end-point protection
D) Signature-based end-point protection
Q2) Password capturing is
A) Passwords on the system known to unauthorized users
B) Acquiring passwords from storage, network transmission or user knowledge
C) Repeated attempts to authenticate using possible passwords
D) Generating character strings to match existing passwords
Q3) Password guessing is
A) Passwords on the system known to unauthorized users
B) Acquiring passwords from storage, network transmission or user knowledge
C) Repeated attempts to authenticate using possible passwords
D) Generating character strings to match existing passwords
Q4) A PIN is
A) A short numerical password
B) A sequences of words used as a password
C) An alpha-numeric phrase used for authentication
D) None of the above
11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Shell Scripting
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70333
Sample Questions
Q1) File users.csv contains lines as: Christine:Riggs:christine.riggs@sunshine.edu. The command to extract emails from the file is
A) cut -d: -f3 users.csv
B) cut -d, -f3 users.csv
C) cut -d: -f1,2,3 users.csv
D) cut -d, -f1,2,3 users.csv
Q2) Consider the following script. The output will be newlines replaced by spaces for brevity): #! /bin/bash counter=1 while [ \$counter -le 5] do
\(\quad\) echo $counter
\(\quad\) counter=$counter \(+ 1 )\) ) done
A) 5 .. 1
B) 5 4 3 2 1
C) 1 2 3 4 5
D) 5 3 1
To view all questions and flashcards with answers, click on the resource link above.
12
Chapter 11: Incident Handling
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70334
Sample Questions
Q1) The scope of an incident response policy is
A) A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices
B) The act of following applicable laws, regulations, rules, industry codes and contractual obligations
C) Staff designated to respond to incidents
D) The part of the incident response policy that specifies the targets of the policy
Q2) Since the incident response policy is developed following strict procedures including top management approval, its existence generally is an assurance that the organization will respond satisfactorily to an information security incident
A)True
B)False
Q3) Files appropriate to monitor using file integrity monitoring tools include
A) End user data
B) Configuration files
C) Operating system files
D) Database contents
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Incident Analysis
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70335
Sample Questions
Q1) During incident response, volatile data refers to
A) Data that will be lost during reboot
B) Data that is changing rapidly
C) Data generated by end users during normal use of the system
D) Data generated by a temperamental user
Q2) Syslog priorities include all of the following except
A) debug
B) error
C) audit
D) panic
Q3) Windows logs are also known as
A) Microsoft logs
B) Application logs
C) Operating system logs
D) Event logs
Q4) File timestamps can be useful for all of the following except
A) Identifying files manipulated by the hacker
B) Determine how the hacker compromised the system
C) Identifying the attacker
D) Preventing similar attacks on other similar systems
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Policies, Standards and Guidelines
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70336
Sample Questions
Q1) From the perspective of information security, the Family Educational Rights and Privacy FERPA act defines
A) Requirements for financial institutions to protect the privacy of their customers' non-public, personal information
B) Protections for the privacy of student education records
C) The responsibilities of top executives of publicly traded companies for the accuracy and timeliness of financial data
D) Safeguards that covered entities must use to protect the confidentiality, integrity and availability of electronic protected health information
Q2) To minimize ambiguity, it is a good idea to specify the technologies to be used in a policy
A)True
B)False
Q3) Who or what is covered by the policy is specified in the
A) Overview
B) Statement
C) Enforcement
D) Scope
To view all questions and flashcards with answers, click on the resource link above.
15
Chapter 14: It Risk Analysis and Risk Management
Available Study Resources on Quizplus for this Chatper
25 Verified Questions
25 Flashcards
Source URL: https://quizplus.com/quiz/70337
Sample Questions
Q1) Internal controls over financial reporting involve all of the following except
A) A process
B) Supervision of the company's principal executives
C) Profit guidance
D) Maintenance of records
Q2) Section 302 of the Sarbanes-Oxley act of 2002 specifies that
A) Penalties for non-compliance with the law
B) Attestations are made in accordance with PCAOB standards
C) Signing officers take personal responsibility for the reported financial statements
D) Privacy requirements for healthcare records
Q3) As described in the text, a statement of a risk includes
A) Agent, threat, asset, damage
B) Agent, action, damage, threat
C) Agent, action, asset, damage
D) Threat, asset, action, damage
Q4) If assessed using the NIST 800-39 framework, the risk estimate is an accurate measure of the IT risk facing the organization
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 16