In acceptable use of Information Assets, which is the best practice?
- A . Access to information and communication systems are provided for business purpose only
- B . Interfering with or denying service to any user other than the employee’s host
- C . Playing any computer games during office hours
- D . Accessing phone or network transmissions, including wireless or wifi transmissions
An employee caught with offense of abusing the internet, such as P2P file sharing or video/audio streaming, will not receive a warning for committing such act but will directly receive an IR.
- A . True
- B . False
Information or data that are classified as ______ do not require labeling.
- A . Public
- B . Internal
- C . Confidential
- D . Highly Confidential
Often, people do not pick up their prints from a shared printer .
How can this affect the confidentiality of information?
- A . Confidentiality cannot be guaranteed
- B . Integrity cannot be guaranteed
- C . Authenticity cannot be guaranteed
- D . Availability cannot be guaranteed
Which measure is a preventive measure?
- A . Installing a logging system that enables changes in a system to be recognized
- B . Shutting down all internet traffic after a hacker has gained access to the company systems
- C . Putting sensitive information in a safe
There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good.
What is an example of the indirect damage caused by this fire?
- A . Melted backup tapes
- B . Burned computer systems
- C . Burned documents
- D . Water damage due to the fire extinguishers
What is a definition of compliance?
- A . Laws, considered collectively or the process of making or enacting laws
- B . The state or fact of according with or meeting rules or standards
- C . An official or authoritative instruction
- D . A rule or directive made and maintained by an authority.
A member of staff denies sending a particular message.
Which reliability aspect of information is in danger here?
- A . availability
- B . correctness
- C . integrity
- D . confidentiality
What is the purpose of an Information Security policy?
- A . An information security policy makes the security plan concrete by providing the necessary details
- B . An information security policy provides insight into threats and the possible consequences
- C . An information security policy provides direction and support to the management regarding information security
- D . An information security policy documents the analysis of risks and the search for countermeasures
The following are purposes of Information Security, except:
- A . Ensure Business Continuity
- B . Minimize Business Risk
- C . Increase Business Assets
- D . Maximize Return on Investment
Which threat could occur if no physical measures are taken?
- A . Unauthorised persons viewing sensitive files
- B . Confidential prints being left on the printer
- C . A server shutting down because of overheating
- D . Hackers entering the corporate network
A fire breaks out in a branch office of a health insurance company. The personnel are transferred to neighboring branches to continue their work.
Where in the incident cycle is moving to a stand-by arrangements found?
- A . between threat and incident
- B . between recovery and threat
- C . between damage and recovery
- D . between incident and damage
Changes on project-managed applications or database should undergo the change control process as documented.
- A . True
- B . False
You see a blue color sticker on certain physical assets .
What does this signify?
- A . The asset is very high critical and its failure affects the entire organization
- B . The asset with blue stickers should be kept air conditioned at all times
- C . The asset is high critical and its failure will affect a group/s/project’s work in the organization
- D . The asset is critical and the impact is restricted to an employee only
Stages of Information
- A . creation, evolution, maintenance, use, disposition
- B . creation, use, disposition, maintenance, evolution
- C . creation, distribution, use, maintenance, disposition
- D . creation, distribution, maintenance, disposition, use
Below is Purpose of "Integrity", which is one of the Basic Components of Information Security
- A . the property that information is not made available or disclosed to unauthorized individuals
- B . the property of safeguarding the accuracy and completeness of assets.
- C . the property that information is not made available or disclosed to unauthorized individuals
- D . the property of being accessible and usable upon demand by an authorized entity.
You receive an E-mail from some unknown person claiming to be representative of your bank and asking for your account number and password so that they can fix your account. Such an attempt of social engineering is called
- A . Shoulder Surfing
- B . Mountaineering
- C . Phishing
- D . Spoofing
Which of the following is a preventive security measure?
- A . Installing logging and monitoring software
- B . Shutting down the Internet connection after an attack
- C . Storing sensitive information in a data save
Four types of Data Classification (Choose two)
- A . Restricted Data, Confidential Data
- B . Project Data, Highly Confidential Data
- C . Financial Data, Highly Confidential Data
- D . Unrestricted Data, Highly Confidential Data
What is the name of the system that guarantees the coherence of information security in the organization?
- A . Information Security Management System (ISMS)
- B . Rootkit
- C . Security regulations for special information for the government
- D . Information Technology Service Management (ITSM)
CEO sends a mail giving his views on the status of the company and the company’s future strategy and the CEO’s vision and the employee’s part in it. The mail should be classified as
- A . Internal Mail
- B . Public Mail
- C . Confidential Mail
- D . Restricted Mail
Which department maintain’s contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications service providers depending on the service required.
- A . COO
- B . CISO
- C . CSM
- D . MRO
Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.
Which of these examples is a threat to integrity?
- A . a loose cable
- B . accidental alteration of data
- C . private use of data
- D . System restart
The following are definitions of Information, except:
- A . accurate and timely data
- B . specific and organized data for a purpose
- C . mature and measurable data
- D . can lead to understanding and decrease in uncertainty
Which of the following does an Asset Register contain? (Choose two)
- A . Asset Type
- B . Asset Owner
- C . Asset Modifier
- D . Process ID
Why do we need to test a disaster recovery plan regularly, and keep it up to date?
- A . Otherwise the measures taken and the incident procedures planned may not be adequate
- B . Otherwise it is no longer up to date with the registration of daily occurring faults
- C . Otherwise remotely stored backups may no longer be available to the security team
Information Security is a matter of building and maintaining ________ .
- A . Confidentiality
- B . Trust
- C . Protection
- D . Firewalls
An employee caught temporarily storing an MP3 file in his workstation will not receive an IR.
- A . True
- B . False
What is the goal of classification of information?
- A . To create a manual about how to handle mobile devices
- B . Applying labels making the information easier to recognize
- C . Structuring information according to its sensitivity
In which order is an Information Security Management System set up?
- A . Implementation, operation, maintenance, establishment
- B . Implementation, operation, improvement, maintenance
- C . Establishment, implementation, operation, maintenance
- D . Establishment, operation, monitoring, improvement