Information Security Management Quiz

Among the three elements of information security, which describes confidentiality?

Answer:

Confidentiality means only authorized parties have access; integrity is accuracy and availability is usability.

Which event threatens integrity among the three security elements?

Answer:

Integrity means information is accurate and untampered; unauthorized alteration threatens it.

Which measure improves availability among the three security elements?

Answer:

Availability means usable when needed; redundancy and backups improve continuity during failures.

Which best describes risk assessment?

Answer:

Risk assessment comprises identification, analysis, and evaluation, forming the basis for prioritizing responses.

Which is an example of risk transfer among risk responses?

Answer:

Risk transfer shifts loss to a third party via insurance or outsourcing, distinct from avoidance, reduction, and acceptance.

Which term refers to a framework for continuously managing information security in an organization?

Answer:

An ISMS, based on ISO/IEC 27001, maintains and improves information security continuously using the PDCA cycle.

Which is the document hierarchy defining an organization basic policy and rules for information security?

Answer:

An information security policy comprises basic policy, standards, and procedures, forming the basis of the organization efforts.

Which are the three elements of the fraud triangle that make internal fraud more likely?

Answer:

The fraud triangle holds that fraud is likely when motive, opportunity, and rationalization are all present.

Which is a dedicated team set up in an organization to respond to security incidents?

Answer:

A CSIRT detects, responds to, and helps prevent incidents, aiming to minimize damage and recover.

Which practice involves clearing documents and locking the screen when leaving a desk?

Answer:

Clear desk and clear screen prevent information from being seen or taken when a desk is unattended.

Which malware encrypts files to make them unusable and demands payment for decryption?

Answer:

Ransomware encrypts data and demands a ransom for the decryption key; backups are an effective countermeasure.

Which malware self-replicates and spreads over a network without attaching to other programs?

Answer:

A worm self-replicates independently and spreads automatically across networks.

Which malware disguises itself as legitimate software and performs malicious actions covertly?

Answer:

A Trojan horse poses as useful software but steals information or installs backdoors once run.

Which attack targets a specific organization, using emails that impersonate business contacts to gain entry?

Answer:

A targeted attack focuses on a specific organization, using crafted business-like emails to intrude in stages.

Which technique extracts information by exploiting human psychology rather than technical means?

Answer:

Social engineering tricks people via phone calls, impersonation, or shoulder-surfing to obtain information.

Which attack exploits insufficient input validation to manipulate a database?

Answer:

SQL injection inserts malicious SQL through input fields to steal or alter data; input validation and placeholders prevent it.

Which attack tries every possible password to break authentication?

Answer:

A brute-force attack tries passwords exhaustively; account lockout and long, complex credentials mitigate it.

Which attack floods a service with requests to make it unavailable?

Answer:

DoS/DDoS overwhelms a service to deny availability; DDoS originates from many distributed devices.

Which is a challenge of symmetric-key cryptography?

Answer:

Symmetric-key cryptography is fast but faces the key-distribution problem of sharing keys securely per correspondent.

In public-key cryptography, which key encrypts a message intended for a recipient?

Answer:

With public-key encryption, the recipient public key encrypts and only the recipient private key can decrypt.

What can a digital signature confirm?

Answer:

A digital signature provides signer authenticity, content integrity, and non-repudiation.

Which framework uses certificates to guarantee that a public key truly belongs to its owner?

Answer:

In PKI, a certificate authority (CA) issues digital certificates that vouch for the rightful owner of a public key.

Which authentication uses multiple distinct factors such as knowledge, possession, and biometrics?

Answer:

Multi-factor authentication combines different factor types so a single leaked factor is not enough to break in.

Which principle grants users only the minimum permissions needed for their work?

Answer:

Least privilege grants only necessary permissions, limiting damage from leaks or mistakes.

Which network zone isolates publicly exposed servers from the internal network?

Answer:

A DMZ is a buffer zone separating public servers from the internal network, limiting damage spreading inward.

Which system detects signs of unauthorized intrusion into a network or host?

Answer:

An IDS detects and alerts on intrusion signs; an IPS additionally blocks the traffic.

Which encryption standard is currently recommended to protect wireless LAN communication?

Answer:

WPA2/WPA3 is recommended for wireless LAN; WEP is weak and easily cracked, so it should not be used.

Which law prohibits logging in using another person's ID and password without authorization?

Answer:

The unauthorized access law prohibits using others' credentials without permission and exploiting security holes to intrude.