1. Security is a state or quality of being secure to be free from–————.
- Vulnerability
- Threat
- Attack
- Danger
Answer :- d (Danger)
2. Which term among the following is correct?
- Cybersecurity
- Cyber-security
- Cyber security
- All are correct
Answer :- d (All are correct)
3. What does “cyber” meanin the context of Information Technology?
- Software
- Hardware
- Network
- Online World
Answer :- D (Online World)
4. Cyber security affects individuals, organizations, society and ——————–.
- Government
- Institution
- Department
- Firms
Answer :- a (Government)
5. Choose the odd one
- Phishing attack
- Denial of Service attack
- SQL Injection
- Man in the middle attack
- Importing data
Answer :- e (Importing data)
6. Restricting unauthorized access and misuse of physical assets helps in achieving physical security of an organization.
- True
- False
Answer :- a (True)
7. Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment , organization and
- users’ cyber assets
- user personal information
- cyberspace
- resource
Answer :- a (users’ cyber assets)
8. The general security objectives comprise —––————-,Availability and Integrity.
- Confidentiality
- Accountability
- Authorization
- Authentication
Answer :- 8 (Confidentiality)
9. Network security involves protection of items, objects, or facilities.
- True
- False
Answer : False
10. What term describes the quality or state of ownership or control of information?
- confidentiality
- possession
- authenticity
- integrity
Answer :- possession
11. Fill in the blanks
The McCumber Cube has ——————-dimensions with ——-cells representing areas that must be addressed to secure today’s information systems.
- 7 and 21
- 4 and 27
- 3 and 18
- 3 and 27
Answer :- 3 and 27
12. ——————is a weakness or fault in a system or protection mechanism that opens it to attack or damage.
- Threat
- Vulnerability
- Risk
- Attack
Answer :- Vulnerability
13. Which of the following is not a component of an organization’s Information System?
(1) Software (2) Vendors (3) People (4) Government (5) ISPs
- 1&3
- 1,2 &4
- 4 & 5
- 2,4, & 5
Answer :- 2,4, & 5
14. True or False:
The person responsible for the storage, maintenance, and protection of information is the data custodian.
- True
- False
Answer :- True
15. Biometric data collected from users is used for—————————- process.
- Authentication
- Authorization
- Accountability
- Privacy
Answer :- Authentication
16. Select the right options of the C.I.A. triad
(1) Assurance that information is shared only among authorized people or organizations
(2) Assurance that the information is complete and uncorrupted
(3) Assurance that information systems and the necessary data are not available for use when needed
- (1) True (2) False (3) True
- (1) False (2) False (3) True
- (1) True (2) True (3) True
- (1) True (2) True (3) False
Answer :- (1) True (2) True (3) False
17. Match the following:
- A-1, B-3, C-4, D-2, E-5
- A-3, B-4, C-5, D-1, E-2
- A-5, B-4, C-3, D-2, E-1
- A-1, B-2, C-3, D-4, E-5
Answer :- A-5, B-4, C-3, D-2, E-1
18. Who are responsible for the security and use of a particular set of information?
- Data users
- Data exporter
- Data custodians
- Data owner
Answer :- Data custodians
19. True or False:
If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity.
- True
- False
Answer :- true
20. Which of the following terms best describe the specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls?
- Blueprint
- NIST handbook
- An information security framework
- Security plan
Answer :- An information security framework
21. True or False: SP 800-18, Guide for Developing Security Plans, is considered the foundation for a comprehensive security blueprint and framework.
- True
- False
Answer :- True
22. One of the foundations of security architectures is the requirement to implement security in layers. This layered approach is referred to as:
- managerial controls
- security domain
- redundancy
- defense in depth
Answer :- defense in depth
23. Control Objectives for Information and Related Technologies is a framework created by —— for information technology (IT) management and ————-
- HIPPA, & Information officer
- ISO, & Security officer
- ISACA, & IT governance
- CISO, & Chief officer
Answer :- ISACA, & IT governanc
24. Three approaches to cyber security management are
- Governance-Risk-Compliance (GRC) approach
- —————————————————
- Organizational planning approach
- Information-driven approach
- Security-driven approach
- Standards-driven approach
- Procedure-driven approach
Answer :- Standards-driven approach
25. ISO/IEC 27032:2012 involves guidelines for —————–
- Network security
- Cyber security
- Risk Management
- Governance of information security
Answer :- Cyber security
26. The five goals of information security governance are
- —————–of information security with business strategy to support organizational objectives
- —————- by executing appropriate measures to manage and mitigate threats to information resources
- —————–by utilizing information security knowledge and infrastructure efficiently and effectively
- —————–by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
- —————–by optimizing information security investments in support of organizational objectives.
A. Strategic alignment
B. Risk management
C. Resource management
D. Performance measurement
E. Value delivery
Match the following
- 1-B,2-C,3-D,4-C,5-A,
- 1-C,2-B,3-A,4-B,5-E
- 1-E,2-C,3-A,4-B,5-D
- 1-A,2-B,3-C,4-D,5-E,
Answer :- c. 1-E,2-C,3-A,4-B,5-D
27. Match ISO Series with the corresponding topic
(A) 27000 (1)Series Overview and Terminology
(B) 27003 (2)Information Security Management Systems Implementation Guidelines
(C) 27004 (3) Information Security Measurements and Metrics
(D) 27005 (4) ISMS Risk Management
(E) 27006 (5) Requirements for Bodies Providing Audit and Certification of ISMS
- A-1, B-2,C-3, D-4, E-5
- A-4, B-2, C-3, D-1, E-5
- A-2,B-1,C-3,D-5,E-4
- A-3,B-2,C-1,D-5,E-4
Answer :- c. A-2,B-1,C-3,D-5,E-4
28. (1)—————— is authorized by policy from senior management and is usually carried out by senior IT and information security executives, such as the(2)———and-(3)——-
1- ISG 2- CIO, 3- CISO
1-CO,2, 2-CIO,3- CISO
1-CISO, 2-CIO, 3-CO
1-CISO, 2-ISG, 3-CO
Answer :- 1- ISG 2- CIO, 3- CISO