Testmoz
Home
Features
Pricing
FAQs
Build a Test
Login/Sign Up

IAS Midterm Examination

Is this your test? Login to manage it. If not, you can generate an assessment just like it.

This is a non-interactive preview of the quiz content.

1.
2 points
Some argue that it is virtually impossible to determine the true value of information and information-bearing assets accurately.
2.
1 point
____ feasibility addresses user acceptance and support, management acceptance and support, and the overall requirements of the organization’s stakeholders.
3.
1 point
The concept of competitive ____ refers to the need to avoid falling behind the competition.
4.
2 points
Once the threats have been identified, an assets identification process is undertaken.
5.
2 points
Metrics-based measures are generally less focused on numbers and more strategic than process-based measures.
6.
1 point
The military uses a(n) _____-level classification scheme.
7.
1 point
In a(n) _____, each information asset is assigned a score for each critical factor.
8.
1 point
Risk ____ is the process of applying safeguards to reduce the risks to an organization’s data and information systems.
9.
2 points
The components of asset valuation include equipment critical to the success of the organization.
10.
1 point
A(n) ____ is an authorization issued by the equipment manufacturer for the repair, modification, or update of a piece of equipment that is already in service
11.
2 points
Risk control involves selecting an appropriate risk control strategy for each vulnerability.
12.
1 point
The ____ security policy is an executive-level document that outlines the organization’s approach and attitude towards information security and relates the strategic value of information security within the organization.
13.
2 points
One problem with benchmarking is that there are many organizations that are identical.
14.
1 point
____ is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
15.
2 points
Protocols are activities performed within the organization to improve security.
16.
2 points
The amount of money spent to protect an asset is often based in part on the value of the asset.
17.
1 point
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.
18.
2 points
Examples of exceptionally grave damage include 1) armed hostilities against the United States or its allies and 2) disruption of foreign relations vitally affecting the national security.
19.
1 point
The formal process used in decision making regarding the adoption of specific controls is called a(n) ____.
20.
1 point
When deciding which information assets to track, which of the following asset attributes should be considered?
21.
2 points
The CBA is solely based on the cost of the proposed control.
22.
1 point
Access controls can be ____.
23.
1 point
The actions an organization can and perhaps should take while the incident is in progress should be defined in a document referred to as the ____.
24.
1 point
____ are implemented at the discretion or option of the data user.
25.
2 points
You should adopt naming standards that do not convey information to potential system attackers.
26.
2 points
With lattice-based access control, the column of attributes associated with a particular object (such as a printer) are referred to as the access control table.
27.
2 points
Identifying human resources, documentation, and data information is less difficult than identifying hardware and software assets.
28.
1 point
The probability of a threat occurring is usually a loosely derived table indicating the probability of an attack from each threat type within a given time frame. This value is commonly referred to as the ____.
29.
2 points
Leaving unattended computers on is one of the top information security mistakes made by individuals.
30.
2 points
Discretionary controls are managed by a central authority in the organization.
31.
2 points
Best business practices are often called recommended practices.
32.
1 point
In a lattice-based access control structure, the row of attributes associated with a particular subject (such as a user) is referred to as a(n) ____.
33.
2 points
If every vulnerability identified in the organization is handled through mitigation, it may reflect an organization’s inability to conduct proactive security activities and an apathetic approach to security in general.
34.
2 points
The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment.
35.
1 point
The ____ security policy is a planning document that outlines the process of implementing security in the organization.
36.
2 points
A certificate authority would be categorized as a software security component.
37.
1 point
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
38.
2 points
The value of intellectual property influences asset valuation.
39.
1 point
Management of classified data includes its storage and ____.
40.
1 point
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
41.
2 points
You can use only qualitative measures to rank values.
42.
1 point
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.
43.
1 point
The first phase of risk management is ____.
44.
2 points
The general management of an organization must structure the IT and information security functions to lead a successful defense of the organization’s information assets.
45.
2 points
Organizations should communicate with system users throughout the development of the security program, letting them know that change is occurring.
46.
1 point
____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
47.
2 points
A best practice proposed for a small home office setting is always appropriate to help design control strategies for a multinational company.
48.
1 point
____ addresses are sometimes called electronic serial numbers or hardware addresses.
49.
2 points
“If you know the enemy and know yourself, you will succumb in every battle." (Sun Tzu)
50.
1 point
____ usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.
Home Features Pricing FAQs Legal Sample Tests Build a Test Login/Sign Up