Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
17 Cards in this Set
- Front
- Back
|
What is “rogueware”? A. A synonym for malware B. A sophisticated software tool that facilitates cyber extortion C. Software that pretends to enhance security but compromises a computer D. Software that identifies the telltale digital tracks of cyber criminals |
C |
|
|
The cost of a theft of a trade secret by a cyberthief is best represented by which statement? A. The value of the trade secret to the thief B. The value of the trade secret to the victim C. The value of the trade secret as determined by a court of law D. The loss of a company’s market valuation after the theft of the trade secret |
B |
|
|
Which are critical success factors that an information systems security standard must meet? A. Information security policies, user awareness, adversary identification B. Periodic risk assessment, red team exercises, physical security C. Network intrusion detection, third-party information security assurance, information security policies D. Executive oversight, periodic risk assessment, physical and personnel security |
D. and Information policies, User awareness training, Third-party assurance, Computer and network security, Periodic risk assessment |
|
|
Which of the following terms is defined as “the integration, in a formal, collaborative, and strategic manner, of the cumulative security resources of the organization in order to deliver enterprise-wide benefits through enhanced risk mitigation, increased operational effectiveness and efficiency, and cost savings”? A. Convergence B. Risk management C. Enterprise security risk management D. OPSEC |
A |
|
|
Which type of information security threats are most difficult to identify? A. Inadvertent threats B. Intentional threats C. Natural threats D. Criminal threats |
A |
|
|
Which type of information security threats are most difficult to identify? A. Inadvertent threats B. Intentional threats C. Natural threats D. Criminal threats |
A |
|
|
Which of the following is an example of a good process for information privacy? A. Limit marking of documents to “Private” or “Confidential” B. Use a matrixed approach to assign responsibility for implementing and managing the information privacy program C. Review privacy laws and guidelines exclusively where the document is created D. Provide a mechanism to investigate compromises of privacy information |
D |
|
|
Which security approach is defined as “viewing the big picture and identifying any protection gaps that remain despite current security measures”? A. Information asset protection B. Enterprise risk management C. Convergence D. OPSEC |
D |
|
|
Integration of custom code, third-party software, and servers that may create vulnerabilities involves what type of security? A. Application security B. Logical network access control C. Sanitizing D. Wireless security |
A |
|
|
Management, policies, standards, personnel screening, and guidelines are examples of what type of countermeasures? A. Physical controls B. Administrative controls C. Technical controls D. Management controls |
B |
|
|
Management, policies, standards, personnel screening, and guidelines are examples of what type of countermeasures? A. Physical controls B. Administrative controls C. Technical controls D. Management controls |
B |
|
|
Vulnerability and patch management, system monitoring and log review, and information systems security metrics are examples of what type of countermeasures? A. Community-based countermeasures B. Executive and senior management countermeasures C. Infrastructure countermeasures D. Information systems infrastructure management countermeasures |
D |
|
|
What is the IT Infrastructure Library? A. A public compilation of IT threats and threat vectors B. A list of components that comprise a fully networked system C. A standard that addresses service-level agreements D. A wiki of best practices in information security |
C |
|
|
Who developed the CISSP Common Body of Knowledge? A. (ISC)2 B. Information Systems Security Association C. ASIS International D. Cloud Security Alliance |
B |
|
|
Which statement best describes the management component of an ISS risk and vulnerability assessment? A. It must adhere to strict requirements and have the rigor of a formal audit B. It is less important than the technical component of the assessment C. It may consist of staff interviews and document review D. It represents a snapshot in time of an organization’s IT infrastructure security |
C |
|
|
Someone attacks a system by installing software on it, either with or without the user’s knowledge. This is the definition of what type of communications attack? A. Social engineering B. Direct hacking C. Malware D. Web attack |
C |
|
|
What is the first job of the person charged with responsibility for an organization’s information systems security? A. Conduct a risk assessment B. Draft and implement policies and procedures C. Assign or hire a chief information security officer D. Create an information security management system appropriate for the organization |
D |
