Information Security Management MCQs – CISA

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on reddit
Share on whatsapp

SHARE THIS

The key components of an information systems security policy include Management support and commitment, Access Authorization and Security Awareness.
Information Security Management MCQs

Information Security Management MCQs

The key components of an information systems security policy include Management support and commitment, Access Authorization and Security Awareness. Here on MCQs.club we have written useful Multiple-Choice Questions on Information Security Management that fully cover MCQs on Cyber Security Multiple Choice Questions & Answers, Information Security Technologies Questions and Answers, Information Security mcq & quiz, Information Security Management System (ISMS) Quiz, network security quiz answers, application security mcq. These MCQs are useful for Competitive exams, Business management exams and Professional accountancy exams.

  1. To retain a competitive advantage and to meet basic business requirements organizations must:
    1. Ensure the integrity of the information stored on their computer systems
    2. Preserve the confidentiality pf sensitive data
    3. Ensure the continued availability of their information systems
    4. Ensure conformity to laws, regulations and standards
    5. All of the above
  1. The key components of an information systems security policy include:
    1. Management support and commitment
    2. Access Authorization
    3. Security Awareness
    4. All of the above
  1. A number of different mechanisms are available for raising security awareness including:
    1. Distribution of a written security policy
    2. Training on a regular basis of new employees, users
    3. Both A&B
    4. None
  1. Data classification as a control measure should define:
    1. Who has access rights
    2. Who is responsible for determining the access rights and access levels
    3. What approvals are needed for access
    4. Computer crime issues and exposures
    5. All of the above
  1. Threats to businesses include:
    1. Financial loss, Legal repercussions
    2. Loss or credibility or competitive edge
    3. Disclosure of confidential, sensitive or embarrassing information, Industrial espionage
    4. All of the above
  1. Logical access controls are one of the primary safeguards for securing software and data within an information processing facility.
    1. True
    2. False
  1. Technical exposures are the unauthorized implementation or modification of data and software at the network, platform, database or application level. They include:
    1. Data diddling involves changing data before or as they are entered into the computer.
    2. Trojan horses involve hiding malicious, fraudulent code in an authorized computer program.
    3. Wire-tapping involves eaves dropping on information being transmitted over telecommunications lines
    4. All of the above

  1. To protect an organization’s information resources, access control software has become even more critical in assuring the confidentially, integrity and availability of information resources.
    1. True
    2. False
  1. Operating systems access control functions include:
    1. Apply user identification and authentication mechanisms
    2. Restrict logon IDs to specific terminals/workstations and specific times
    3. Both A&B
    4. None
  1. Database and Application-level access control functions include:
    1. Create or change data files and data base profiles
    2. Verify user authorization at the application and transaction level
    3. Log database/ data communications access activities for monitoring access violation
    4. All of the above
  1. The password syntax rules include:
    1. Passwords should be five to eight characters in length.
    2. Passwords should allow for a combination of alpha, numeric, upper and lower case and special characters
    3. The system should not permit previous password(s) to be used after being changed
    4. All of the above
  1. Access restrictions at the file level include:
    1. Read, inquiry or copy only
    2. Write, create, update or delete only and Execute
    3. Both A&B
    4. None
  1. Biometrics –
    1. Biometric access controls are the best means of authenticating a user identify based on a unique, measurable attribute or trait fo4 verifying the identity of a human being.
    2. This restricts computer access, based on a physical or behavioral characteristic of the user.
    3. Both A&B
    4. None
  1. Which parts of the computer viruses generally attack?
    1. Executable program files
    2. The file directory system, which tracks the location of all computer’s files
    3. Boot and system areas, which are needed to start the computer
    4. Data files
    5. All of the above

  1. What management procedure controls should be in place to prevent viruses attack?
    1. Update virus software scanning definition frequently
    2. Write-protect all diskettes with .EXE or .COM extensions
    3. Build any system from original, clean master copies.
    4. All of the above
  1. Technical methods of preventing viruses can be implemented through hardware and software means. What are the hardware tactics that can reduce the risk of infection?
    1. Use workstations without floppy disks
    2. Use remote booting
    3. Use a hardware-based password
    4. All of the above
  1. Types of antivirus software are:
    1. Scanners
    2. Virus masks or signatures
    3. Heuristic scanners
    4. All of the above
  1. Media sanitization – is a process in which an organization’s data is removed from media irrevocably or else the media is destroyed permanently.
    1. True
    2. False
  1. Storage media may be sanitized using methods such as:
    1. Data overwriting applications
    2. Magnetic Degaussing
    3. CD Data Destroyer
    4. All of the above
  1. Access standards should be reviewed by the IS auditor to ensure that they meet organizational objectives for separating duties, that they prevent fraud or error and that they meet policy requirements for minimizing the risk of unauthorized access. Standards for security may be defined:
    1. At a generic level
    2. On a 30-day password change basis
    3. For specific application
    4. All of the above
  1. When evaluating logical access controls, the IS auditor should:
    1. Obtain a general understanding of the security risk facing information processing through a review of relevant documentation, inquiry, risk assessment
    2. Test controls over access paths to determine that they are functioning and effective by applying appropriate audit techniques
    3. Both A&B
    4. None

  1. There are various basic categories of controlling access to sensitive areas. These include:
    1. Security guards
    2. Physically lock able working areas
    3. Safes and lock able cabinets
    4. All of the above
  1. Security in the computer department itself is likely to be very tightly controlled. Some of the controls that may be operated are:
    1. The computer department being sited in a secure part of the building
    2. Access past a separate reception or security desk
    3. Access being via locked doors which may be opened in one of a number of different ways
    4. All of the above
  1. Risk that may eventuate if network infrastructure is not managed properly include:
    1. Loss of data confidentiality
    2. Loss of data integrity
    3. System compromise
    4. All of the above
  1. Encryption – is the process of encoding messages in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.
    1. True
    2. False
  1. Type of encryption include:
    1. Symmetric key
    2. Public key
    3. Both A&B
    4. None
  1. Symmetric key encryption –
    1. Encryption algorithms that use the same key for encrypting and for decrypting information. It is also called a secret key because it is kept as a shared secret between the sender and receiver of information.
    2. Encryption algorithms that use different keys for encrypting and decrypting information.
    3. Both A&B
    4. None
  1. Public key or Asymmetric key encryption –
    1. Encryption algorithms that use the same key for encrypting and for decrypting information. It is also called a secret key because it is kept as a shared secret between the sender and receiver of information.
    2. Encryption algorithms that use different keys for encrypting and decrypting information. It is also called asymmetric key algorithms.
    3. Both A&B
    4. None

  1. Which functions Public key encryption is commonly used to perform?
    1. Encrypt symmetric secret keys to protect the symmetric leys during exchange over the network
    2. Create digital signatures to provide authentication and no repudiation for online entities
    3. Create digital signatures to provide data integrity for electronic files and documents
    4. All of the above
  1. Honey pots and honey nets – is a network set up with intentional vulnerabilities, its purpose is to invite attack, so that an attacker’s activities and methods can be studied and that information used to increase network security.
    1. The above is correct
    2. The above is incorrect
  1. Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. The most common types of wireless security are:
    1. Wired Equivalent Privacy (WEP)
    2. Wi-Fi Protected Access (WPA)
    3. Both A&B
    4. None
  1. Wired Equivalent Privacy (WEP) –
    1. WEP is a notoriously weak security standard.
    2. The password WEP uses can often be cracked in a few minutes
    3. It is an old IEEE 802 11 standard.
    4. All of the above
  1. Wi-Fi Protected Access (WPA) –
    1. WPA is a quick alternative to improve security over WEP.
    2. Its current standard is WPA 2
    3. It uses an encryption device which encrypts the network with a 256-bit key
    4. All of the above
  1. The principle ways to secure a wireless network are:
    1. Configure access restrictions in the access points including encryption and checks on MAC address, disable ESSID broadcasting
    2. For commercial providers, hotspots and large organizations the preferred solution is often to have an open and unencrypted but completely isolated wireless network.
    3. Both A&B
    4. None
  1. Wi-Fi Protected Access version 2 (WPA 2) –
    1. Is based on 802.11i wireless security standard
    2. The most significant enhancement to WPA 2 over WPA is the use of the Advanced Encryption Standard (AES) for encryption
    3. Both A&B
    4. None

  1. Intrusion detection system – is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches.
    1. The above is correct
    2. The above is incorrect
  1. Intrusion detection system functions include:
    1. Monitoring and analyzing both user and system activities
    2. Analyzing system configurations and vulnerabilities
    3. Assessing system and file integrity
    4. All of the above
  1. Single Sign-On (SSO) –
    1. Is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.
    2. It authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session
    3. Both A&B
    4. None
  1. ALL of the following are correct for an Audit trail EXCEPT?
    1. Audit trail are a substitute for good preventative security measures
    2. Audit trails are stored separately from the input data, documents and records
    3. Audit trail data has its own restrictions on use
    4. None
  1. Benefits of an audit trail include:
    1. It provides a means to help accomplish several security-related objectives
    2. Intrusion detection
    3. Problem analysis
    4. All of the above
  1. Computer forensics – involves the preservation, identification, extraction, documentation and interpretation of computer media for evidentiary and cause analysis.
    1. True
    2. False
  1. Examples of Computer forensics include:
    1. Recovering thousands of deleted emails
    2. Performing investigation post-employment termination
    3. Recovering evidence post formatting hard drive
    4. Performing investigation after multiple users had taken over the system
    5. All of the above

  1. Who uses computer forensics?
    1. Criminal Prosecutors
    2. Civil Litigations
    3. Insurance Companies
    4. Private Corporations
    5. All of the above
  1. The types of Penetration Variations are:
    1. Black box
    2. White box
    3. Grey box
    4. All of the above

—More to come soon—

Read more
Read more
Read more
Read more
Read more
Read more

Leave a Reply

Sign up for Free MCQs

MCQs Club

Log in to continue. IT'S FREE

OR

Don’t have an account? Sign up