IT Risk Management Test Bank
Course Introduction
IT Risk Management provides students with a comprehensive understanding of the principles and practices used to identify, assess, and mitigate risks within information technology environments. The course explores the risk management lifecycle, including risk identification, analysis, evaluation, and treatment methods tailored to IT systems and infrastructures. Students examine legal, regulatory, and organizational contexts for IT risk, and learn to apply risk assessment tools and frameworks such as NIST, ISO 27005, and COBIT. Through case studies and practical exercises, students develop skills in creating risk management plans, implementing controls, and ensuring the resilience and security of IT assets in dynamic organizational settings.
Recommended Textbook
Principles of Computer Security CompTIA Security+ and Beyond 3rd Edition by Wm. Arthur Conklin
Available Study Resources on Quizplus
25 Chapters
1136 Verified Questions
1136 Flashcards
Source URL: https://quizplus.com/study-set/2933 Page 2
Chapter 1: Introduction and Security Trends
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58443
Sample Questions
Q1) The biggest change that has occurred in security over the last 30 years has been the change in the computing environment from small,tightly contained mainframes to a highly widespread network of much larger systems.
A)True
B)False
Answer: False
Q2) There are three general reasons a particular computer system is attacked: It is specifically targeted by the attacker,it is a target of opportunity,or it is a target that was specified to be attacked by a larger criminal organization.
A)True
B)False
Answer: False
Q3) In April 2009,Homeland Security Secretary Janet Napolitano told reporters
A)Organized crime made attempts to break into the US electric power grid
B)Hacktivists made attempts to break into the US electric power grid
C)Terrorists made attempts to break into the US electric power grid
D)China and Russia made attempts to break into the US electric power grid
Answer: D
To view all questions and flashcards with answers, click on the resource link above.
Chapter 2: General Security Concepts
Available Study Resources on Quizplus for this Chatper
65 Verified Questions
65 Flashcards
Source URL: https://quizplus.com/quiz/58442
Sample Questions
Q1) All applications,scripts,and batch files run in the same security context of the user who is logged in at the time.
A)True
B)False
Answer: True
Q2) Ensuring that and individual is who they claim to be is the function of _________.
A)confidentiality
B)integrity
C)availability
D)authentication
E)nonrepudiation
Answer: D
Q3) Which of the following is not one of the three general methods used in authentication?
A)Something you have
B)Something you do
C)Something you are
D)Something you know
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Operational-Organizational Security
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58441
Sample Questions
Q1) _______________ are mandatory elements regarding the implementation of a policy.
Answer: Standards
Q2) UPS is short for keeping UP Services.
A)True
B)False
Answer: False
Q3) Bluetooth is an wireless networking technology that is good for ranges up to 1000 meters.
A)True
B)False
Answer: False
Q4) _______________ are recommendations relating to a policy.
Answer: Guidelines
Q5) Bluetooth is a wireless technology that is used for A)Underwater communications
B)Long-range communications
C)Short-range communications
D)Space communications
Answer: C
Page 5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: The Role of People in Security
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58440
Sample Questions
Q1) Installing unauthorized hardware such as a communication software and modem
A)Is a common practice and does not affect the organization
B)May cause a security breach and allow an intruder to have access to an organization's system by opening up a backdoor
C)Boosts the system so downloading from the Internet will be faster
D)Saves the company from buying a license by using other software
Q2) A good security practice is to choose one good password and use it for all of your various accounts.
A)True
B)False
Q3) Dumpster diving is when a hacker gains access to a computer and tries to recover files from the recycle bin in the hopes of finding privileged information.
A)True
B)False
Q4) _______________ is when an e-mail trying to get sensitive information is sent to a group that has something in common,making the attack seem more personal.
Q5) What are the dangers of non-employees having physical access? Give examples.
Q6) Give an example of a hoax and how it might actually be destructive.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Cryptography
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58439
Sample Questions
Q1) Explain two ways encryption was done in ancient times without computers.
Q2) The encryption method base on the idea of two keys,one that is public and one that is private is
A)Hashing function
B)Symmetric encryption
C)Asymmetric encryption
D)Elliptical curve encryption
Q3) A _______________ is when a hash algorithm is compromised by an attacker finding two different messages that hash to the same value.
Q4) Cryptographic algorithms are used for all of the following EXCEPT:
A)Confidentiality
B)Integrity
C)Availability
D)Authentication
Q5) Cryptography is the process of attempting to return an encrypted message to its original form.
A)True
B)False
Q6) What is key management and why is it important?
Page 7
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Public Key Infrastructure
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58438
Sample Questions
Q1) The term used to describe a centralized directory that can be accessed by a subset of individuals is _______________
Q2) What is a certificate repository?
A)A directory that calculates a message digest for the certificate
B)An entity that generates electronic credentials
C)A directory that requires a centralized infrastructure
D)A centralized directory in which the registered certificate is stored
Q3) _______________ is the standard used for creating and formatting certificates.
Q4) A(n)_______________ binds a user's identity to a public key,and contains all the information the receiver needs to be assured of the identity of the public key owner.
Q5) Which of the following is a critical concept common to all PKIs?
A)Cryptographic hardware is required for PKI construction.
B)The server that centrally stores the keys should not be available.
C)The private key must be computer generated and centrally stored.
D)Private keys must remain private.
Q6) PKI can be used as a measure to trust individuals we do not know.
A)True
B)False
Q7) What are the three types of trust models?
Page 8
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Standards and Protocols
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/58437
Sample Questions
Q1) What is Internet Security Association and Key Management ISAKMP?
A)A method for implementing a key exchange protocol and for negotiating a security policy
B)The name of the a organization that creates the encryption keys
C)A protocol to encrypt e-mail
D)A program that creates random numbers used in encryption keys
Q2) The Certificate Authority is responsible for issuing,storing,and revoking certificates.
A)True
B)False
Q3) HTTPS uses port
A)80
B)8080
C)443
D)433
Q4) _______________ defines standards for interactions and operations for four component types: the user,certificate authority,registration authority,and the repository for certificates.
Q5) PKI stands for _______________
Q6) _______________ is used to encrypt web traffic and uses port 443.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Physical Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58436
Sample Questions
Q1) What is multiple-factor authentication?
Q2) Physical security policies and procedures relate to which two distinct areas?
A)Internal and external
B)Equipment and data
C)Computers and users
D)Countermeasures and response
Q3) An access token is an example of "something you know," in relation to authentication.
A)True
B)False
Q4) Which of the following are examples of the concept of layered access in physical security?
A)Firewall,IDS,CCTV
B)Fences,gates,mantrap,doors
C)CCTV,walls,antivirus
D)RFID,biometrics,personal firewalls
Q5) Besides physically securing your computers,there is little you can do to prevent drive imaging.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Network Fundamentals
Available Study Resources on Quizplus for this Chatper
55 Verified Questions
55 Flashcards
Source URL: https://quizplus.com/quiz/58435
Sample Questions
Q1) The network that is an extension of a selected portion of a company's intranet to external partners is referred to as the
A)DMZ
B)Intranet
C)Extranet
D)Internet
Q2) _______________ describes network components that are connected to the same cable,often called "the backbone."
Q3) List three kinds of information contained in an IP packet header.
Q4) Which protocol is responsible for resolving an IP address to a MAC address?
A)DNS
B)ARP
C)RARP
D)ICMP
Q5) List and describe three types of network topologies.
Q6) A network can logically appear as one topology,but physically match a different topology.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Infrastructure Security
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58434
Sample Questions
Q1) The following are steps in securing a workstation EXCEPT:
A)Install NetBIOS and IPX
B)Install antivirus
C)Remove unnecessary software
D)Disable unnecessary user accounts
Q2) _______ are characterized by the use of a laser to read data stored on a physical device.
A)Authentication rules
B)FTP sites
C)Modems
D)Optical media
Q3) Centralized monitoring of the health of the network is the function of a
A)File server
B)SNMP
C)NOC
D)TOC
Q4) Worms are software that attaches itself to a file and then executes on a machine.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Authentication and Remote Access
Available Study Resources on Quizplus for this Chatper
46 Verified Questions
46 Flashcards
Source URL: https://quizplus.com/quiz/58433
Sample Questions
Q1) With IPsec,security associations are used to establish the logical set of security parameters designed to facilitate the sharing of information between entities.The security association protects
A)Confidentiality
B)Integrity and confidentiality
C)Confidentiality and availability
D)Integrity and availability
Q2) With mandatory access controls,the owner of an object determines who has access to it.
A)True
B)False
Q3) The 802.1x standard is for a protocol to support communications between a user and a(n)
A)Authorization device
B)Available device
C)Serial device
D)Another user
Q4) Telnet traffic is encrypted by default.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Wireless
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58432
Sample Questions
Q1) Security issues associated with WTLS include which of the following?
A)The specifications do not allow connections without high security.
B)WTLS cannot cope with small amounts of memory.
C)WTLS cannot cope with limited processor capacity.
D)Clients with low memory or CPU capabilities cannot support encryption.
Q2) What is WAP?
A)It is a protocol used by laptop computers for wireless communication.
B)It is used primarily to encrypt wired communications,but can be used for wireless as well.
C)It is another name for 802.11g.
D)It is a protocol used by cellular phones to deliver e-mail and lightweight web services.
Q3) What is WAP and what are its security implications?
Q4) WAP was designed to work on which of the following?
A)Devices with low computing power
B)Devices with high computing power
C)Devices with long range
D)Devices with short range
Q5) _______________ is a term used for the act of sending an unauthorized message to another Bluetooth device.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Intrusion Detection Systems and Network Security
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58431
Sample Questions
Q1) A sniffer must use a NIC in promiscuous mode;otherwise it will not see all the network traffic coming into the NIC.
A)True
B)False
Q2) Network-based IDS examines activity on a system such,as a mail server or web server.
A)True
B)False
Q3) A(n)_______________ is a network device with the purpose of enforcing a security policy across its connection,by allowing or denying traffic to pass into or out of the network.
Q4) Antispam does all of the following EXCEPT:
A)Blacklisting
B)Malicious code detection
C)Language filtering
D)Trapping
Q5) Deploying,maintaining,and upgrading host-based IDSs in a large network is cheaper than NIDSs.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: Baselines
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58430
Sample Questions
Q1) The process of planning,deploying,and testing patches in a controlled manner is called _______________.
Q2) Selecting a good password for each user account is critical to protecting information systems.How should you select a good password?
A)Use letters in your first name and letters in your last name.
B)Select a password that is still relatively easy to remember,but still difficult to "guess."
C)Unfortunately,there is way to keep a password safe,so it really doesn't matter what you use.
D)Create a password that would be hard to remember,and then write it down so you won't forget it.
Q3) Securing an application against local-and internet-based attacks is called
Q4) In Mac OS X,what does library randomization do?
A)It defeats buffer overflows.
B)It is used for encryption.
C)It restricts network access.
D)It increases the ease of code writing.
Q5) List three of the new capabilities of Windows Server 2008.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: Types of Attacks and Malicious Software
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58429
Sample Questions
Q1) What should be included in a security audit?
Q2) A term used to refer to the process of taking control of an already existing session between a client and a server is
A)TCP/IP hijacking
B)Replay attacking
C)Denial-of-service attack
D)Password guessing
Q3) An attacker will do reconnaissance by going to public sites like SEC.gov and whois.net to get important information that can be used in an attack.
A)True
B)False
Q4) _______________ is an economic attack against the terms of using a new DNS entry.
Q5) A(n)_______________ is a connection to a Windows interprocess communications share (IPC$).
Q6) Targeted attacks are easier and take less time and effort than attacks on targets of opportunity.
A)True
B)False
17
To view all questions and flashcards with answers, click on the resource link above.
Chapter 16: E-Mail and Instant Messaging
Available Study Resources on Quizplus for this Chatper
47 Verified Questions
47 Flashcards
Source URL: https://quizplus.com/quiz/58428
Sample Questions
Q1) SubSeven and Back Orifice are examples of what kinds of malicious code?
A)Virus
B)Hoax
C)Worm
D)Trojan
Q2) Define spam.
Q3) One of the ways spam is able to propagate is by taking advantage of servers that will accept e-mail from anyone;these are known as ___________.
A)open servers
B)server relays
C)open relays
D)relay servers
Q4) Which of the following is NOT one of the three primary e-mail protocols?
A)SMTP
B)SNMP
C)P3OP
D)IMAP
Q5) SMTP uses TCP port 110.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 18
Chapter 17: Web Components
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58427
Sample Questions
Q1) Buffer overflows,while a dangerous form of code vulnerability,are the least common.
A)True
B)False
Q2) The Open Vulnerability and Assessment Language (OVAL)___________.
A)Is an XML framework for describing vulnerabilities
B)Is a framework for UDDI data structures to be passed between applications in a language-neutral and platform-independent fashion
C)Is used by web browsers to block harmful java scripts from executing on a system
D)Is used by a web browser to clean cookies and spy ware off the system hard drive
Q3) Inlining is using an embedded control from another site,with or without the other site's permission.
A)True
B)False
Q4) FTP encrypts traffic by default.
A)True
B)False
Q5) What are some security issues related to web-based applications?
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 18: Secure Software Development
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58426
Sample Questions
Q1) Which type of error occurs when a program executes the error checking routine,prior to manipulating strings to a base form?
A)Canonicalization error
B)Improper output handling
C)Injection
D)Buffer overflow
Q2) The _______________ is the first step in a software development process model.
Q3) Which type of attack is used especially against databases?
A)DB manipulation
B)DB injection
C)SQL injection
D)SQL rejection
Q4) Which is related to a code injection error?
A)VB.NET
B)SQL
C)JavaScript
D)C#
Q5) Generating true random numbers is a fairly trivial task.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 20
Chapter 19: Disaster Recovery, Business Continuity, and Organizational Policies
Available Study Resources on Quizplus for this Chatper
53 Verified Questions
53 Flashcards
Source URL: https://quizplus.com/quiz/58425
Sample Questions
Q1) Which type of alternative site has the basic environmental controls necessary to operate,but has few of the computing components necessary for processing?
A)Hot site
B)Warm site
C)Cold site
D)Temporary site
Q2) Which type of backup is the simplest to do,but takes the most storage space?
A)Full
B)Differential
C)Incremental
D)Delta
Q3) Which policy dictates the action that should be taken when a significant modification to the software or hardware takes place?
A)Acceptable use policy
B)Due care policy
C)Change management policy
D)Disposal and destruction policy
Q4) List at least five types of disasters that can damage or destroy the information of an organization.
21
To view all questions and flashcards with answers, click on the resource link above.
Chapter 20: Risk Management
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58424
Sample Questions
Q1) _______________ refers to the loss that results when a threat exploits a vulnerability.
Q2) Which of the following describes the process of asset identification during a risk assessment?
A)Collecting data on the value of bank accounts and other financial notes controlled by the organization
B)Identifying and classifying the assets,systems,and processes that need protection because they are vulnerable to threats
C)Collecting data on the property plant and equipment to be prepared to file an insurance claim
D)Hiring an outside auditing firm to assess the total net worth of the company
Q3) Which management tool is used for identifying relationships between a risk and the factors that can cause it?
A)Affinity grouping
B)Cause and effect analysis
C)Interrelationship digraphs
D)Risk management plan
Q4) A(n)_______________ is any characteristic of an asset that can be exploited by a threat to cause harm.
To view all questions and flashcards with answers, click on the resource link above. Page 22
Chapter 21: Change Management
Available Study Resources on Quizplus for this Chatper
35 Verified Questions
35 Flashcards
Source URL: https://quizplus.com/quiz/58423
Sample Questions
Q1) What is configuration control?
A)Ensures that configuration items are built and maintained according to the requirements,standards,or contractual agreements
B)Ensures that only approved changes to a baseline are allowed to be implemented
C)Ensures all changes made separate from the baseline are well documented and controlled
D)Identifies which assets need to be controlled.
Q2) Change management and configuration management are two very different processes.
A)True
B)False
Q3) What is the key concept in change management?
A)Least privilege
B)Separation of duties
C)Defense in depth
D)Redundancy
Q4) Change control prevents inadvertent overwriting of critical reference data.
A)True
B)False
Q5) Upon manager approval,the _______________ moves the executable to the production system.
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 22: Privilege Management
Available Study Resources on Quizplus for this Chatper
39 Verified Questions
39 Flashcards
Source URL: https://quizplus.com/quiz/58422
Sample Questions
Q1) The access control model that most closely resembles an organization's structure.
A)MAC
B)DAC
C)RBAC
D)RBOC
Q2) Groups are used to
A)Create a collection of users to simplify privilege management
B)Circumvent an overly restrictive ACL ruleset
C)Create a collection of programs simplifying ACL implementation
D)Separate computers into logical groups that perform similar functions
Q3) A file or resource owner has the ability to change the permissions on that file or resource.
A)MAC
B)DAC
C)RBAC
D)RBOC
Q4) What are password and domain password policies?
Q5) The process of restricting a user's ability to interact with the computer system is called __________.
To view all questions and flashcards with answers, click on the resource link above. Page 24
Chapter 23: Computer Forensics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58421
Sample Questions
Q1) Generally speaking,you should back up the computer using DOS instead of Windows.
A)True
B)False
Q2) Evidence that is material to the case or has bearing on the matter at hand is what standard of evidence?
A)Sufficient evidence
B)Competent evidence
C)Relevant evidence
D)Real evidence
Q3) What is the primary difference between free space and slack space?
Q4) When analyzing computer storage components,the original system should be analyzed.
A)True
B)False
Q5) Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution?
A)Best evidence rule
B)Exclusionary rule
C)Hearsay rule
D)Evidentiary rule
To view all questions and flashcards with answers, click on the resource link above. Page 25
Chapter 24: Legal Issues and Ethics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58420
Sample Questions
Q1) _______________ involves a piece of malware that defrauds the advertising revenue counter engine through fraudulent user clicks.
Q2) Which law makes it a crime to knowingly access a computer that is either considered a government computer or used in interstate commerce,or to use a computer in a crime that is interstate in nature?
A)Computer Fraud and Abuse Act
B)Stored Communications Act
C)CAN-SPAM Act
D)Sarbanes-Oxley Act
Q3) _____________ is the unauthorized entry into a computer system via any means.
A)Computer trespass
B)Computer entry
C)Computer hacking
D)Cyber crime
Q4) _______________ have the same legal status as written signatures.
Q5) What are the laws that govern computer access and trespass?
Q6) Describe the laws that govern digital signatures.
Q7) What are some ethical issues associated with information security?
Q8) What are the laws that govern encryption and digital rights management?
To view all questions and flashcards with answers, click on the resource link above. Page 26
Chapter 25: Privacy
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58419
Sample Questions
Q1) FACTA mandates that information that is no longer needed must be properly disposed of.
A)True
B)False
Q2) Privacy laws as they relate to education are very recent phenomena.
A)True
B)False
Q3) Which act requires credit agencies to perform timely investigations on inaccuracies reported by consumers?
A)FCRA
B)PCI DSS
C)FACTA
D)GBLA
Q4) A structured approach to determining the gap between desired privacy performance and actual privacy performance is called
A)Personal impact assessment
B)Privacy information assessment
C)Personal privacy assessment
D)Privacy impact assessment
Q5) Define privacy.
Page 27
To view all questions and flashcards with answers, click on the resource link above.