IT409

‫ال تنسون من دعاكم‬

‫تم تجميعه‬

‫وتنسيقه‬
Abdulaziz
@SEU2023R

04-06-2023

Reviewed by:Maryam Gaber (2-12-2023)

Chapter8 Communications and Operations Security

Mid
1. _______are detailed explanations of how to perform a task.
A. Standard operating procedures
B. Access controls
C. Version controls
D. Malware Protection

Final
2. A document that provides clear instructions for performing a task is known
as A. A service level agreement
B. Standard Operating Procedures (SOPs)
C. A privacy policy
D. Guidelines
Final
3. Choosing an SOP’s format depends on the .
A. Number of decisions and steps
B. Number of steps only
C. Number of decisions only
D. Random decision

Final
4. Which of the following formats should be used when an SOP includes multiple decision-making
steps? A. Simple
B. Hierarchical
C. Graphic
D. Flowchart

Final
5. The change control process begin first with:
A. Implementing change
B. Developing a change control plan
C. Communicating change
D. Submitting a Request for Change (RFC)

Final
6. malicious code that attaches to become part of another program.
A. Viruses
B. Worm
C. Spyware/adware
D. Trojans

‫ جاء كذا مره‬Mid – Final

7. _______is a piece of code that spreads from one computer to another without requiring a host
file. A. Adware
B. Trojans
C. Viruses
D. Worm
‫ فاينل‬Final‫جاء مرت ي‍‍ن‬
8. _________ malicious code that masks itself as a legitimate kind
application A. Ransomware
B. Trojans
C. Rootkits
D. Spyware

Mid
9. _______is snippets of code designed to automate tasks and respond to
instructions. A. Spyware
B. Rootkits
C. Ransomware
D. Bots
Final
10. _________a type of malware that take computer or its data as hostage.
A. Ransomware
B. Spyware/adware
C. Worm
D. Rootkits

Final
11. general term describing software that tracks Internet activity and searches without user
knowledge
A. Spyware
B. Trojans
C. Viruses
D. Rootkits
Module 5
Chapter9 Access Control Management

Mid
1. The “locks” are an example of ____________ access controls.
A. physical
B. logical
C. technical
D. administrative

‫ن‬
‫ ي جاء مرت‬Final ‫فاينل‬
2. "Default deny" is also known as_____
A. "Default allow"
B. "Permit all"
C. "Deny all"
D. "Allow all"
Final
3. This security posture is built on “default deny”:
A. Closed
B. Secure
C. Open
D. Basic

Mid
4. means that there is no security in place by default
default allow

Final
5. What is the security principle that describe granting users the least amount of access required to
perform their job and no more?
Need-to-know security principle
Final
6. is the security principle that users should be granted access only to the data theyneed to perform
their job?
A. Due diligence
B. Separation of duties
C. Need to know
D. Due care

Final
7. The principle of________ indicates that the user has a legitimate reason to access
information. A. Need-to-know
B. least privilege
C. privilege escalation
D. Privileges
Mid
8. According to the principle, the user has a good cause for having to access the information
Need-to-know

‫مرت‬
‫ي‬ Final ‫فاينل‬
9. principle means granting users the least number of permissions that allows them to perform
whatever business tasks they have been assigned, and no more.
A. Need-to-know
B. Single-factor authentication.
C. Separation of Duties
D. Least privilege

Final
10. the process of verifying who a user is .
A. Authentication
B. Accountability
C. Assurance
D. Accounting

Final
11. In Saudi Health Information Exchange policies, remote access requires
____. A. single factor
B. No authentication
C. physical authentication
D. multi-factor authentication

Final
12. If a company decided to employ a password and retinal scan to confirm its users’ identities,
its security can be described as
A. Multilayer factors.
B. Multifactor.
C. Single factor.
D. No factor
Final
13. Which of the following types of authentications requires users to enter a password and a one-time
password sent to their phones?
A. Single-factor authentication
B. Out-of-band authentication
C. Mobile authentication
D. Multifactor authentication

Final
14. In Saudi Health Information Exchange policies, remote access requires . A.
One-factor authentication
B. Out-of-band authentication
C. Single-factor authentication
D. d. Multifactor authentication

Final
15. The authentication model where two or more of the same type of factors are presented is called
___. A. Multilayer authentication
B. Single-factor authentication
C. Multposture authentication
D. Multifactor authentication
Final - Mid
16. Password. Kerberos. token. and biometric are forms of .
A. Accountability
B. Authentication
C. Assurance
D. Accounting

Final
17. This is an example of “inherence” category of factors:
A. One Time Password
B. Password
C. Biometric Identification
D. Smart Cards

Mid
18. “Memory cards” is one of the ways for identity verification. It belongs to category of .
A. something you learn
B. something you are
C. something you know
D. something you have

Final
19. Which of the following terms best describes the process of verifying the identity of a subject?
a. Authentication
b. Authorization
c. Access model
d. Accountability
Final
20. Access Control Lists (ACLs) are used to determine access. Which of the following is a category of ACLs
where data is classified, and employees are granted access according to the sensitivity of information. A.
Role-based Access Control (RBAC)
B. Discretionary Access Control (DAC)
C. Rule-based access control.
D. Mandatory Access Control (MAC)

Final
21. Who is responsible for DAC (Discretionary Access Control) decisions?
A. Data owners
B. incident response team
C. Data users
D. Data custodians

Final
22. In this network segmentation, the internal network is accessible to authorized users but
external accessibility is restricted through the use of firewalls:
A. Guest Network
B. Semi-Trusted Network
C. Enclave Network
D. Trusted Network
Final
23. These are active devices that sit inline with traffic flow and can respond to identified threats by
disabling the connection:
A. Intrusion prevention systems (IPSs)
B. Content filtering
C. Firewall devices
D. Intrusion detection systems (IDSs)

Final
24. occurs when the IDS/IPS correctly identifies normal traffic.
A. True positive
B. True negative
C. False positive
D. False negative

Final
25. Sensitive authentication data includes which of the following?
A. Card account number
B. Cardholder name
C. Expiration date
D. PINs

Final
26. makes use of encryption and special protocols to provide a secure tunnel for transmitting data
over unsecure network
A. proxy
B. tasteful inspection firewall
C. UTM
D. VPN Virtual Private Network

Final
27. In network segmentation, the Internet is considered as a/an. network. A. DMZ
B. Guest network.
C. Untrusted network.
D. Enclave network.

Final
28. The is inserted between the premises network and the Internet to establish a controlled link and work
as an outer security wall or perimeter to protect the premises network from Internet-based attacks. A.
dual control
B. access control lists
C. anti-virus
D. firewall

Final
29. Access Control Lists (ACLs) are used to determine access. Which of the following is a category of ACLs
where access is based on positions within an organization?
A. Mandatory Access Control (MAC)
B. Role-based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. Rule-based access control,
Mid
30. is placed between the premise network and the Internet to provide a regulated
connection. Firewall

Mid
31. is based on particular position or function and access right
Role-based Access Control (RBAC)

Final
32. A access logs should be reviewed .
A. Only by law enforcement personnel
B. Regularly
C. Every 6 months
D. When there is a suspicion of malicious activity
Week8

Module-6
Chapter 10: Information Systems Acquisition, Development, and Maintenance
‫ن‬
Final
‫ي جاء مرت‬
1. Which phase of software release is the initial release of software for testing?
A. General availability
B. Release candidate
C. Alpha
D. Beta
Final
2. is a software release when the software has been made commercially available and is in general
distribution.
a. Beta
b. Release candidate
c. General availability
d. Alpha

Final
3. The process of limiting the characters that can be entered in a web form is known as .
Input validation

Final
4. A security control that is used to evaluate and validate the format of entered information is known as
A. SQL injection
B. Encryption
C. Output validation
D. Input validation

Final
5. occurs when untrusted data is sent to an interpreter as part of a command. a.
Input validation
b. Injection attack
c. Input testing
d. Output validation

Final
6. At which phase of the SDLC is the system accepted?
Implementation phase

‫ن‬
Final
‫ي جاء مرت‬
7. is a one-way process where a numeric value is created to represent the original text. A. Decryption
B. Hashing
C. Encryption
D. Security Patches
Final
8. According to NIST, the initiation phase in the systems development lifecycle is
where: A. The system is designed, purchased, programmed, or developed
B. The system is put into production
C. The system is tested and retested, and any modifications are applied untilit is
accepted. D. The need for a system is established and its purpose is documented
Final
9. In the systems development lifecycle, risk assessment is done in the:
A. Operational phase
B. Initiation phase
C. Development/acquisition phase
D. Disposal phase
Final
10. uses two different but mathematically related keys known as public and private keys. It is also
known as public key.
A. Asymmetric key
B. Update key
C. Symmetric key
D. Hashing key

Final
11. Which of the following is NOT true about Symmetric key:
A. It is also known as public key.
B. It uses a single secret key.
C. The secret key that must be shared in advance
D. The secret key must be kept private.

Final
12. Digital signature .
A. Ensures data confidentiality, but does not insure nonrepudiation
B. Ensures data confidentiality and data integrity, but does not insurenonrepudiation
C. Ensures data confidentiality, data integrity and nonrepudiation
D. Ensures nonrepudiation and data integrity, but does not insure dataconfidentiality

Final
13. A _______allows a recipient to prove the identity of the sender and integrity of the data
unit. A. Public key
B. Secret key
C. Plaintext
D. Digital signature

Final
14. is the process that takes plain text and turns it into ciphertext. a. Hashing
b. Decryption
c. Cryptography
d. Encryption
Final
15. is the scrambled message produced as the output of an encryption. a.
Cryptanalysis
b. Secret key
c. Plaintex
d. ciphertext

Final
16. ______ is the conversion/change of plaintext into what is known as ciphertext using an algorithm
called a cipher.
a. Plaintext
b. Validating
c. Encryption
d. Decryption
Final
17. The _________converts an encrypted message back to its original readable
format. a. encryption algorithm
b. plaintext
c. decryption algorithm
d. Ciphertext

Final
18. The original message or data that is fed into the algorithm is _____
a. encryption algorithm
b. secret key
c. decryption algorithm
d. plaintext
Week9

Module-7
Chapter 11: Information Security Incident Management

Final ‫ مرات‬4 ‫جاء‬

1. is the total length of time an essential business function can be unavailable without causing
significant harm to the business.
A. The maximum tolerable downtime (MTD)
B. The recovery time objective (RTO)
C. The recovery point objective (RPO)
D. The Business Continuity Time (BCT)

‫ن‬
Final ‫ي‬
4. The ________refers to the last point in time that a valid replication was made, and data can be
restored from.
A. total acceptable time (TAT)
B. recovery point objective (RPO)
C. maximum tolerable downtime (MTD)
D. recovery time objective (RTO)
Final ‫جاء ثالث مرات‬
5. The ______ occurs when authorized user performs actions that violate company policy,
agreement, law, or regulation.
A. passive attack
B. denial of service attack
C. inappropriate usage
D. masquerade

‫ن‬
Final
‫ي جاء مرت‬
6. The prevents or inhibits the normal use or management of organization's networks, systems,
or applications, or in some way c. overloads thecommunication channel. A. denial of service
attack
B. passive attack
C. masquerade
D. inappropriate usage

‫ن‬
Final

‫ي جاء مرت‬
7. Which of the following terms best describes the process of taking steps to prevent the incident from
spreading?
A. Detection
B. Recovery
C. Containment
D. Eradication

‫ن‬
Final

‫ي جاء مرت‬
8. Incident that could cause significant harm is a severity .
A. Level 3
B. Level 2
C. Level 4
D. Level 1

Final ‫ مرات‬3 ‫جاء‬

9. Which of the following terms best describes the eliminating of the components of the incident?
A. Containment
B. Recovery
C. Eradication
D. Detection

Final
10. is an adverse event that threatens business security and/or disrupts service. A. Denial
of service (DoS) attacks
B. Information Security Incident
C. Data Breach
D. Disaster
Final
11. is code that is covertly inserted into another program with the intent of gaining authorized access
or causing harm.
a. Disturbed denial of service (DDoS)
b. Malware
c. Denial of service (DoS) attacks
d. Inappropriate usage

Final
12. An information security incident is .
a. monitoring wireless network traffic and analyzes it to identify suspicious activity
b. an adverse event that threatens business security and/or disrupts service.
c. kept verifying that a given certificate has not been revoked.
d. used to create, distribute, manage, and revoke public keys
Final
13. Which of the following is an activity of an incident response plan (IRP) that includes defining
legal and regulatory requirements, training personnel, and testing plans and procedures. A.
Detection and investigation
B. Preparation
C. Initial response
D. Containments

Final
14. Which of the following phrases most accurately depicts a notice or warning that an incident might
happen in the future?
A. Asymmetric key
B. An indicator
C. A precursor
D. Symmetric key

Final
15. Consumers are most concerned about the compromise of their .
A. email address
B. contact information
C. password/PIN and SSN.
D. date of birth
Week10

Module-7
Chapter 12: Business Continuity Management

Final
1. Which of the following terms describes a potential danger that has the capacity tocause harm?
Threat
Final
2. The cause of a disaster can be operational, such as:
A. public health emergencies
B. severe weather
C. failures or misconfiguration of equipment
D. Civil disturbances

Final
3. The cause of a disaster can be accidental, such as:
A. Cybercrime
B. Hazardous chemical exposure
C. Degradation of power
D. Disruption of communication systems

Final
4. The cause of a disaster can be willful:
A. Fire
B. Severe weather
C. Tornados
D. Cybercrime

‫ن‬
Final

‫ي جاء مرت‬
5. addresses what should be done immediately following a significantincident. A.
Disaster Response Plan
B. Operational Contingency Plans
C. The Maintenance Plan
D. The Resumption Plan

Final
6. The phase of__________ in the Business Continuity Plan guides the organization back to
normalcy. A. Resumption plans
B. Contingency plans
C. Recovery plans
D. Response plans
Final
7. __________is a relocation strategy that provides a backup facility equipped with power and secure
access, without staged equipment.
A. Cold site
B. Warm site
C. Hot site
D. Mobile site
Final
8. Which type of alternate data-processing facility is fully equipped with all the resources
required to maintain operations?
A. Hot site
B. Off site
C. Warm site
D. Cold site

Final
9. _________is a relocation strategy that provides a self-contained unit, equipped with the required
hardware, software, and peripherals and data n. to be restored.
A. Mobile site
B. Cold site
C. Hot site
D. Warm site

Final
10. To simplify the daunting recovery process, the disaster recovery plan breaks down into
categories. The category of addresses the.repair, rebuild or relocate the physical place. A.
network recovery
B. facilities recovery
C. communications recovery
D. mainframe recovery
Week11

Module-8
Chapter 13: Regulatory Compliance for Financial Institutions

Final ‫ مرات‬3 ‫جاء‬

1. In , a governance structure should be established and endorsed by theboard of directors. A. Cyber
security roles and responsibilities
B. Cyber security policy
C. Cyber security strategy
D. Cyber security governance

Final
2. In , a policy should be defined, approved and communicated to allstakeholders. A.
Cyber security policy
B. Cyber security roles and responsibilities
C. Cyber Security Risk Management
D. Cyber Security in Project Management
Final
‫ي جاء مرت‬
3. Who regulates banking and financial services in Saudi Arabia?
A. The Prudential Regulation Authority and The Financial Conduct Authority
B. The Capital Market Authority and The Saudi Central Bank
C. The Banking Ombudsman
D. The Office of the Comptroller of the Currency

Final
4. Which of the following entities does the Saudi Arabian Monetary Agency (SAMA)—The SaudiCentral
Bank—regulate?
A. Educational institutions
B. Health institutions
C. Commercial banks
D. The stock market

Final
5. regulates conventional banks, insurance companies, and finance companies. A. СМА
B. GAZT
C. SAMA
D. Tadawul

Final
6. _____regulates financial institutions that conduct securities business.
A. SAMA
B. Tadawul
C. CMA
D. GAZT

Final
7. The art and science of writing secret information is called:
A. Cryptography
B. Modifications
C. Documentation
D. Production

Final
8. Which of the following is NOT part of the Third-Party Cyber Security Component of the cybersecurity
framework?
A. Contract and Vendor Management
B. Outsourcing
C. Cryptography
D. Cloud Computing
Final
9. Who of the following should be considered for the cyber security awarenessprogram?
A. Staff, third parties and customers of the Member Organization
B. Third parties only
C. Staff only
D. Staff and third parties
Week12

Module-8
Chapter 14: Regulatory Compliance for the Healthcare Sector

Final
1. According to HIE policy#7, the Purpose of Consent and Access Control Policy
is To define who and how individuals and systems can access HIE

‫ن‬
Final
‫ي جاء مرت‬
2. Saudi Health Information Exchange policies state that logs should be reviewed on a regular basis,at least
to detect improper use and document anomalies.
a. Quarterly
b. Monthly
c. Once a year
d. Twice a year

Final
3. In Saudi Health Information Exchange policies, remote access require . a. unlimited
access
b. permanent access
c. temporary access
d. remote access
Final
4. In Saudi Health Information Exchange policies, must be provided inemergency situations to
unauthorized users.
a. full access
b. temporary access
c. permanent access
d. unlimited access

Final
5. The Saudi Health Information Exchange (HIE) requires that health data be kept
A. for at least three months
B. temporarily
C. for a defined period
D. indefinitely
Final
6. If patients opt out of the Health Information Exchange (HIE),
A. access to their data should be restricted
B. no access restriction should be placed on their data
C. they will be banned from receiving future services
D. their data should be deleted
Final
7. In Saudi Health Information Exchange policies, which of the following is NOT one of thepurposes of the
Breach Notification Policy?
a. Investigation
b. Authentication
c. Notification
d. Identification

Final ‫ مرات‬3 ‫جاء‬

8. ________In Saudi Health Information Exchange policies, remote access requires
single factor
multi-factor authentication
no authentication
physical authentication

‫ن‬
Final

‫ي جاء مرت‬
9. In Saudi Health Information Exchange policies, inactive sessions should be logged off automatically in no
more than
minutes 40
minutes 60
minutes 30
minutes 50

Final
10. In Saudi Health Information Exchange (HIE) policies, documentation related to logs should be retained a
minimum of
years 5
years 3
years 10
years 20

Week13
Module-9
Chapter 15: : PCI Compliance for Merchants

Final
1. The following statement is true about Payment Card Industry Data SecurityStandard (PCI DSS):
A. The PCI DSS consists of five core principles, which are accompanied bythe 10 requirements B.
The PCI DSS consists of five core principles, which are accompanied bythe 12 requirements C.
The PCI DSS consists of six core principles, which are accompanied by the12 requirements D. The
PCI DSS consists of six core principles, which are accompanied by the10 requirements

Final ‫ مرات‬3 ‫جاء‬

2. The terms CAV2, CID, CVC2, and CVV2 all refer to:
A. Cardholder name
B. Security code
C. PAN
D. Authentication data

Final
3. This statement is NOT true about SAQ (Self-Assessment Questionnaire) as avalidation tool for
merchants: A. Questions reflect the anticipated scope of the cardholder environment
B. There are five SAQ categories
C. SAQ comprises of three parts
D. Number of questions in each category

Final
4. The level of access to cardholder data is controlled based
A. Request
B. Need to know
C. Importance
D. Job position

Final
5. Which of the following standards provides guidance for maintaining payment security?
A. HIPAA
B. GDPR
C. PCI-DSS
D. FISMA

Final
6. The penalty(ies) for PCI Noncompliance
A. Is a fine of one million dollars regardless of the circumstances
B. Don’t exist
C. Depend on the circumstances
D. Are fines imposed by the government

‫ن‬
Final
 ‫ي جاء مرت‬
7. Ais defined as any entity that accepts American Express, Discover, JCB,MasterCard, or Visa payment cards
as payment for goods and/or services.
a. Personnel
b. Firewall
c. Merchant
d. Network

Final
8. Which of the following is NOT a section of the Report on Compliance standard template for CardIndustry
Data Security Standard (PCI DSS)?
a. Executive summary
b. Findings and observations
c. Quarterly scan results
d. Details about cardholders

Final
9. This is NOT one of six PCI DSS core principles.
a. Implement strong access control measures
b. Develop separate protocols for each client
c. Maintain a vulnerability management program
d. Protect cardholder data

Final ‫ مرات‬3 ‫جاء‬

10. is a validation tool in Card Industry Data Security Standard (PCI DSS) for merchants that are NOT
required to submit to an onsite data security assessment?
A. Self-Assessment Questionnaire
B. Cyber security governance (CSG)
C. Social engineering
D. Report on Compliance