Fundamentals |Of Information Security – Qs/As
Controls that protect the systems, networks, and environments that process,
transmit, and store our data are called _______. ✔️Ans -Logical Controls
During what phase of the incident response process do we determine what
happened, why it happened, and what we can do to keep it from happening
again? ✔️Ans -Post-Incident Activity
Something that has the potential to cause harm to our assets is known as a(n)
________. ✔️Ans -Threat
What is the first and arguably one of the most important steps of the risk
management process? ✔️Ans -Identify assess
The Fabrication attack type most commonly affects which principle(s) of the
CIA triad? ✔️Ans -Integrity and Availability
The Interception attack type most commonly affects which principle(s) of the
CIA triad? ✔️Ans -Confidentiality
A badge or token is considered what type of authentication? ✔️Ans -
Something you have
A password or PIN is considered what type of authentication? ✔️Ans -
Something you know
The set of methods we use to establish a claim of identity as being true is
called ______. ✔️Ans -Authentication
A fingerprint is considered what type of authentication? ✔️Ans -Something
you are
What type of authentication can prevent a man-in-the-middle attack?
✔️Ans -Mutual
The biometric characteristic that measures how well a factor resists change
over time and with advancing age is called __________ ✔️Ans -Permanence
,What dictates that we should only allow the bare minimum of access, as
needed? ✔️Ans -Principle of least privilege
Access controls are policies or procedures used to control access to certain
items. ✔️Ans -True
What is implemented through the use of access controls? ✔️Ans -
Authorization
Which answer best describes the authorization component of access control?
✔️Ans -Authorization is the process of determining who is approved for
access and what resources they are approved for.
A client-side attack that involves the attacker placing an invisible layer over
something on a website that the user would normally click on, in order to
execute a command differing from what the user thinks they are performing,
is known as ___________. ✔️Ans -Clickjacking
What type of access control can prevent the confused deputy problem?
✔️Ans -Capability-based security
A user who creates a network share and sets permissions on that share is
employing which model of access control? ✔️Ans -Discretionary access
control
A VPN connection that is set to time out after 24 hours is demonstrating which
model of access control? ✔️Ans -Attribute-based access control
Confidential Services Inc. is a military-support branch consisting of 1,400
computers with Internet access and 250 servers. All employees are required
to have security clearances. From the options listed below, what access
control model would be most appropriate for this organization? ✔️Ans -
Mandatory access control
What is information security? ✔️Ans -Protecting information and
information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction.
, Using the concept of defense in depth we can protect ourselves against
someone using a USB flash drive to remove confidential data from an office
space within our building. ✔️Ans -True
Select the example(s) of identity verification. (Choose all that apply.) ✔️Ans
-SSN
Passport
Birth certificate
Multifactor authentication is the use of more than one authentication method
to access an information system. ✔️Ans -True
Which password below would meet complexity standards? ✔️Ans -!
Q@S#z6ge7Uks1lw3
What is accountability comprised of? ✔️Ans -Authorization
Authentication
Identification
Access
What document do courts require for admissibility of records? ✔️Ans -
Chain of custody
An employee is charged with fraud, and the company can prove in court that
there are email transactions showing that the employee completed these
using a digital signature. What term is being described? ✔️Ans -
Nonrepudiation
What is auditing? ✔️Ans -The primary means to ensure accountability
through technical means
What are the two common forms of assessments performed on networks?
(Choose all that apply.) ✔️Ans -Penetration test
Controls that protect the systems, networks, and environments that process,
transmit, and store our data are called _______. ✔️Ans -Logical Controls
During what phase of the incident response process do we determine what
happened, why it happened, and what we can do to keep it from happening
again? ✔️Ans -Post-Incident Activity
Something that has the potential to cause harm to our assets is known as a(n)
________. ✔️Ans -Threat
What is the first and arguably one of the most important steps of the risk
management process? ✔️Ans -Identify assess
The Fabrication attack type most commonly affects which principle(s) of the
CIA triad? ✔️Ans -Integrity and Availability
The Interception attack type most commonly affects which principle(s) of the
CIA triad? ✔️Ans -Confidentiality
A badge or token is considered what type of authentication? ✔️Ans -
Something you have
A password or PIN is considered what type of authentication? ✔️Ans -
Something you know
The set of methods we use to establish a claim of identity as being true is
called ______. ✔️Ans -Authentication
A fingerprint is considered what type of authentication? ✔️Ans -Something
you are
What type of authentication can prevent a man-in-the-middle attack?
✔️Ans -Mutual
The biometric characteristic that measures how well a factor resists change
over time and with advancing age is called __________ ✔️Ans -Permanence
,What dictates that we should only allow the bare minimum of access, as
needed? ✔️Ans -Principle of least privilege
Access controls are policies or procedures used to control access to certain
items. ✔️Ans -True
What is implemented through the use of access controls? ✔️Ans -
Authorization
Which answer best describes the authorization component of access control?
✔️Ans -Authorization is the process of determining who is approved for
access and what resources they are approved for.
A client-side attack that involves the attacker placing an invisible layer over
something on a website that the user would normally click on, in order to
execute a command differing from what the user thinks they are performing,
is known as ___________. ✔️Ans -Clickjacking
What type of access control can prevent the confused deputy problem?
✔️Ans -Capability-based security
A user who creates a network share and sets permissions on that share is
employing which model of access control? ✔️Ans -Discretionary access
control
A VPN connection that is set to time out after 24 hours is demonstrating which
model of access control? ✔️Ans -Attribute-based access control
Confidential Services Inc. is a military-support branch consisting of 1,400
computers with Internet access and 250 servers. All employees are required
to have security clearances. From the options listed below, what access
control model would be most appropriate for this organization? ✔️Ans -
Mandatory access control
What is information security? ✔️Ans -Protecting information and
information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction.
, Using the concept of defense in depth we can protect ourselves against
someone using a USB flash drive to remove confidential data from an office
space within our building. ✔️Ans -True
Select the example(s) of identity verification. (Choose all that apply.) ✔️Ans
-SSN
Passport
Birth certificate
Multifactor authentication is the use of more than one authentication method
to access an information system. ✔️Ans -True
Which password below would meet complexity standards? ✔️Ans -!
Q@S#z6ge7Uks1lw3
What is accountability comprised of? ✔️Ans -Authorization
Authentication
Identification
Access
What document do courts require for admissibility of records? ✔️Ans -
Chain of custody
An employee is charged with fraud, and the company can prove in court that
there are email transactions showing that the employee completed these
using a digital signature. What term is being described? ✔️Ans -
Nonrepudiation
What is auditing? ✔️Ans -The primary means to ensure accountability
through technical means
What are the two common forms of assessments performed on networks?
(Choose all that apply.) ✔️Ans -Penetration test
