0 of 20 Questions completed
Questions:
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
0 of 20 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Pos. | Name | Entered on | Points | Result |
---|---|---|---|---|
Table is loading | ||||
No data available | ||||
What should be included in an Organization’s Information Security Policy?
For which tasks is an Information Security Officer typically responsible?
What core criteria do you need to take into account when determining an IT system’s availability requirements?
What procedures should you follow to determine how well a group of clients are protected during an IT Audit review?
When should you assess a security requirement of a given IT Asset as Compliant ✅ during an IT Audit review?
What should you evaluate when assessing risk?
What are some of the ways risks can be transferred?
What reason(s) may justify accepting a high level of risk?
As an Information Security Officer, what should you do if your organization’s executives are not willing to provide the resources required to implement a given security control?
Why should you review your security controls on a regular basis?
What should always be established before a key control related to Information Security is introduced?
Drag and map the definitions to the appropriate description
An action or event that has the potential to cause harm, loss, or disruption to systems, assets or operations.
|
|
A weaknesses in a system, process, or control that could be exploited.
|
|
An auditor reviews a Web Server and discovers important security updates haven’t been installed. What has the Auditor identified?
The goals of Information Security and Data Privacy are the same?
Drag and map the definitions to their appropriate description
Multiple failed login attempts are discovered
|
|
Unauthorized access to sensitive data is discovered
|
|
A vulnerability is discovered that enables authentication bypass
|
|
A vulnerability is exploited to commit fraud
|
|
Drag and map the Business Continuity strategies to their most appropriate description
Fault Tolerant
|
|
High Availability
|
|
Map the security threats to their appropriate description
A type of malware that can replicate itself and infect data on your computer.
|
|
A type of malware that replicates itself to other computers within your network.
|
|
A type of malware that pretends to be a legitimate software.
|
|
A type of malware designed to gain full privileges on a computer.
|
|
Which phase within a Software Security Development Lifecycle (SDLC) is most effective to perform Threat Modeling?
A malicious user who may be able to impersonate the identity of a valid user for an application is an example of which STRIDE threat?
Drag and map the STRIDE threat properties to their appropriate description
Spoofing
|
|
Tampering
|
|
Repudiation
|
|
Information Disclosure
|
|
Denial of Service
|
|
Elevation of Privilege
|
|