When the firm's purpose for their information infrastructure is to make

1 its data and information available to those who are authorized to use it,
the firm is seeking the objective of:
confidentiality.

availability.

authorization.

integrity.

2
What is the activity of keeping the firm and its information resources
functioning after a catastrophe?
Corporate information assurance

Corporate information systems security

Business continuity management

Information security management

3
Which statement based on a survey by the Computer Security Institute
is false?
Twenty-three percent of the respondents faced security incidents brought on by
actions of legitimate users.
Employees commit 81% of computer crimes.

Internal threats are considered to present potentially more serious damage than
do external threats.
Controls that are put in place to address external threats typically go into action
when an effort to breach security is detected.

4
When changes are made to the firm's data, information, and software,
the type of information security risk is:
unauthorized disclosure and theft.

unauthorized use.

unauthorized destruction and denial of service.

 unauthorized modification.

Which type of threat cannot replicate itself within a system, but can
5 transmit its copies by means of e-mail?
Malware

Virus

Worm

Trojan horse

6
Which of the following is not an expected security-related practice for
retailers that Visa has established?
Destroy data when it is no longer needed.

Regularly test the security system.

Do not use vendor-supplied password defaults.

Track data access with the unique ID.

Which of the following is not a general practice that retailers should

7 follow as identified by Visa?
Screen employees who have access to data.

Restrict data access to those with a need to know.

Do not leave data or computers unsecured.

Destroy data when it is no longer needed.

For which of the following is an information security policy not

8 developed?
Information systems security

System access control

 Hardware and software control

Information classification

9
Which type of control protects stored and transmitted data and
information against unauthorized disclosure?
Technical control
Access control

Cryptographic control

Physical control

Which organization offers the Certification Information System

10 Security Professional (CISSP) certification?
Information Systems Audit and Control Association

International Standards Organization

International Information System Security Certification Consortium

SANS Institute

11. Involving the protection of individual or group of individuals who are authorized to access
the organization and its operation

Physical Security
Personal Security
Operation Security
Information Security
12. Computer A has data and it is available to only to authorized users this category is
described as
 Authenticity
Confidentiality
Accuracy
Availability

13. File hashing is introduced to read a value as bits and computer a single hash value

Utility
Possession
Integrity
Information Security

14. Selecting the Technology need to support security blueprint is performed at which step in
Security SDLC.

Analysis
Logical Design
Physical Design
Implementation

15. Exposure is a state (or) control in which

A technique used to compromise a system

A condition or state of being exposed
A single instance of an information asset suffering damage
None of the above.

16. Among the components Listed which is not addressed in CNSS Security Model

Availability
Transmission
Policy
Authenticity

17. A technique used to compromise a system

Exposure
Exploit
Risk
Threat

18. Breaches are an employee throwing away a document containing critical information without
shredding it
Authenticity
Confidentiality
 Accuracy
Availability

19. Under the Mentioned List which is not components of information security
Hardware
Software
Data
Information access

20. Order the Phases available in Software development life Cycle

a. Investigation
b.Logical design
c.Analysis
d.Physical design
e.Maintenance and change
f.Implementation

1.a-b-c-d-e-f
2.a-c-b-d-f-e
3.a-c-d-b-e-f
4.a-c-d-b-f-e

Unit-II

21. Information security performs important functions for an organization; Find the functionality
which is not covered by Information Security

Enabling the safe operation of applications running on the organizations IT systems

Protecting the data the organization collects and uses
Safeguarding the organizations technology assets
Protecting the Security parameters of an Organization

22. Unauthorized access and data collection is categorized as which type of attack

Deviations in quality of service

Espionage
Information extortion
Human error or failure

23. It is a malicious program that replicates itself constantly

Virus
Tapeworm
Trojan Horses
Back door

24. These viruses and worms actually evolve, changing their size and other external file
characteristics to elude detection by antivirus software programs.

Virus and Worm Hoaxes

Trap Door
Polymorphic Threats
Trojan Horses

25. In 1997, the core of the Internet suffered a disaster. Internet service providers lost
connectivity with other ISPs due to an error in a routine Internet routertable update process, The
resulting outage effectively shut down a major portion of the Internet for at least twenty minutes.
It Occurred due to

Information extortion
Missing, inadequate planning
Sabotage
Human Error

26. Selecting specific target accounts and using a list of commonly used passwords attack is
refereed as

Brute Force
Dictionary attack
Password Crack
Spoofing

27.It can be used both for legitimate network management functions and for stealing information

Mail bomb
Sniffer
Social engineering
Phishing

28. When a user executes the program, the users name and password are e-mailed to a remote
site. These messages can appear to be from a site administrator or root. In reality, they may have
been sent by an individual at a remote site, who is trying to gain access or additional access to
the local machine via the users account, this attack is termed as

Pharming
Timing attack
Social engineering
Phishing
29. A discipline within the area of computer security attempts to identify the activities involved
in creating secure systems

Software assurance
Vandalism
Technological obsolescence
Information extortion

30. Using vulnerabilities in file systems and the way many organizations configure them, the
infected machine copies the viral component to all locations it can reach.

Web browsing
IP scan and attack
Unprotected shares
Mass mail