INFO.

ASSURANCE AND SECURITY1

PQ1

FALSE 1. Information Assurance refers to the steps involved in protecting information systems -
like reproducing three copies of uploaded articles and journals.

TRUE 2. Integrity is the most important character trait of Information Assurance.

communicability 3. Which one is not a character trait of information assurance?

FALSE 4. IA is a special subject under Information Technology program.

TRUE 5. An IA Specialist must have a thorough understanding of IT and how information systems
work and are interconnected.

cyber bullying 6. Which one is not a security threat in the IT world?

TRUE 7. IA takes steps to maintain integrity, such as having anti-virus software in place so that
data will not be altered or destroyed, and having policies in place.

FALSE 8. Protecting the authentication can involve protecting against malicious code, hackers,
and any other threat that could block access to the information system.

authentication 9. This involves ensuring that the users are who they say are and one of the most
famous method to secure this is by using password.

confidentiality 10. This means that only those authorized to view information are allowed
access to it.

PQ2
Availability means ensuring ____________and reliable access to and use of information. TIMELY

Maintaining _____________ with the regulatory standards is one of the most important
benefits of information protection. COMPLIANCE

Confidentiality means preserving authorized _______________ on access and disclosure,

including means for protecting personal privacy and proprietary information. RESTRICTIONS
_is the measure that protects and defends information and information systems by ensuring
their availability, integrity, authentication, confidentiality, and non-repudiation. IA

can be thought of as a sub-discipline or component of information assurance. INFORMATION

PROTECTION

IA is a protection of information and information systems from ______________ access, use,

disclosure, disruption, modification, or destruction. UNAUTHORIZED

Integrity means guarding against improper information modification or destruction, and

includes ensuring information nonrepudiation and _________________. AUTHENTICITY

Information protection employs security solutions, _______________, and other technologies,

as well as policies and processes, to secure information. ENCRYPTION

Information Assurance focuses on ensuring the quality, reliability, and ______________ of

information in addition to keeping it protected. RETRIEVABILITY

_____________ means that someone cannot deny having completed an action because there
will be proof that they did it. NONREPUDIATION

PRELIM EXAM

All are benefits of information protection except one. e-mailing the suppliers and partners with
updated services
Failure to protect sensitive information can result in __________ issued by regulatory agencies
or lawsuits from other companies or individuals. fines
In addition to security, information assurance ensures the identified answers except one.
enhanced visuals
In IA, this automatically happened as well as availability and reliable and timely access to
confidentiality
No organization can be considered "safe" for any time beyond the last verification of adherence
to its policy. security

This is roughly equivalent to privacy. confidentiality

This assured that the information is authentic and complete. integrity
This is an assurance that the systems responsible for delivering, storing, and processing
information are accessible when needed, by those who need them. availability
This is "the environment in which communication over computer networks occurs.“ cyberspace
Cyber security, also referred to as____________________, focuses on protecting computers,
networks, programs and data from unintended or unauthorized access, change or destruction.
information technology security
The state of being protected against the criminal or unauthorized use of electronic data, or the
measures taken to achieve this. cyber security
This refers to the body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, damage, or unauthorized access. cyber security
A significant portion of data can be sensitive information, whether that be
__________________, financial data, personal information, or other types of data for which
unauthorized access or exposure could have negative consequences. intellectual property
Organizations transmit sensitive data across networks and to other devices in the course of
doing businesses, and this describes the discipline dedicated to protecting that information and
the systems used to process or store it. cyber security
As the volume and sophistication of cyber attacks grow, companies and organizations need to
take steps to protect their sensitive business and personnel information. True
The organizations and the government have focused most of their cyber security resources on
perimeter security to protect all the encrypted system components. False
This issued guidelines in its risk assessment framework that recommend a shift toward
continuous monitoring and real-time assessment. National Institute of Standards and
Technology
This recommends a top-down approach to cyber security in which corporate management leads
the charge in prioritizing cyber security management across all business practices. National
Cyber Security Alliance
This advises that companies must be prepared to “respond to the inevitable cyber incident,
restore normal operations, and ensure that company assets and the company’s reputation are
protected.” NCSA
_______________ should also consider any regulations that impact the way the company
collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA. Cyber Risk Assessment
Following a cyber risk assessment, develop and implement a plan to mitigate cyber risk and
protect the “_____________” outlined in the assessment. crown jewels
Combining sound cyber security measures with an educated and security-minded employee
base provides the best defense against ________________attempting to gain access to your
company’s sensitive data. cyber criminals
This consists of the cyber-physical systems that modern societies rely on.
critical infrastructure security
This is not an example of critical infrastructure. agricultural farm
Negotiations are much more accessible over networks, causing the adoption of security
measures during the development phase to be an imperative phase of the project. False
This is not a type of application security. photo enhancement
This ensures that internal networks are secure by protecting the infrastructure and inhibiting
access to it. network security
These are all common examples of network security implementation except one.
clean storage feature
These are constantly creating and implementing new security tools to help enterprise users
better secure their data. cloud providers
The data is more secure when stored on physical servers and systems the user owned and
controlled. False

MQ1

Which one is not a part of the risk control strategies? isolate

The customer information can be considered as a business liability. False
An up-stander is a person who tries to break the cycle of cyber bullying. True
This is a malicious malware which misleads users of its true intent. trojan horse
The Phonetic Alphabet is a set of words used by the military and other organizations to
communicate letters of the alphabet. yes

MQ2
A computer input device for controlling the pointer on a display screen by sliding the finger
along a special surface: used chiefly in notebook computers. touchpad
This is pressing the mouse button when the cursor is pointing to the required menu option,
icon, or hypertext link. click on
This is the short term for malicious software. malware
It's a file sent with an e-mail message. It may be an image, video, text document, or any other
type of file. attachment
This is a computer program designed to infiltrate and damage computers without the users
content. malware

MIDTERM EXAM

A component with a display screen for viewing computer data. MONITOR

An intrusion ___________ security mechanisms and gains access to an organization resources.

by-passes

This uses a computer network to spread itself, relying on security failures on the target
computer to access it. worm

A movable, usually blinking, symbol on a computer screen, used to indicate where data such as
text or commands may be types. Cursor

It's to remove power from a computer's main components in a controlled way. shut down

This is when groups of pages or people work together to mislead others about who they are or
what they're doing. coordinated inauthentic behavior

A network of private computers infected with malicious software and controlled as a group
without the owners' knowledge is called ___________. botnets

This is a stand alone malicious program. worm

To select an item in a menu, on the desktop or within an application in order to copy, move,
delete, mark, or launch it. Highlight

In a cryptography and computer security, an attacker secretly relays and possibly alters the
communications between two parties who believe they are directly communicating with each
other. man in the middle attack

This is the process that involves protecting information systems and managing the risks to
system by protecting user data. information assurance

A long thing section at the edge of a computer display by which material can be scrolled using a
mouse. scroll bar

Malware is a software designed to help companies find vulnerabilities in their systems. False
One reason a hacker would execute a DDoS attack is to make their competition lose business.
True

This is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by
overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attack

An intrusion detection system is a software designed to automatically alert the organization of

malicious activities. yes

Data Destruction erases the data so that is completely gone from an organization's database.
False

Privacy policies are legal documents that might give permission to sell your information, look
through your photos or read your e-mail. yes

This is to transfer the copied data to another part but completely deleting the copied item from
the original source. CUT

The part of a television or computer on which a picture is formed or information is displayed.

SCREEN

A palm-sized device equipped with one or more buttons, used to point at and select items on a
computer display screen and to control the movement of the cursor. MOUSE

The facility that moves a display on a computer screen in order to view new material at the
bottom of the screen. SCROLL DOWN

This is to record the data or when an image is being worked on to a storage medium. SAVE

This command removes the item from its current location and places it into the clipboard to
insert the current clipboard contents into the new location. Paste

This is to restart a computer. Reboot

One function of Information Security is to protect the data an organization collects and uses.
True

You must always read your private policies. True

A strip of icons that can be clicked to perform certain functions. tool bar

This is a preemptive approach to network security used to identify potential threats and
respond to them swiftly. intrusion prevention

A group of commands or options that appears when you select an item with a mouse.
pull down menu

QUIZ 5

The ability to provide forensic data attesting that the systems have been used in accordance
with stated security policies. Audit

Security architecture has its own discrete security methodology. True

The definition and enforcement of permitted capabilities for a person or entity whose identity
has been established. Authentication
The organization's attitude and tolerance for risk. Risk Management

The ability of the enterprise to function without service interruption or depletion despite
abnormal or malicious events. Availability

Those who will see change to their capability and work with core units but are otherwise not
directly affected. Identify soft enterprise

The substantiation of the identity of a person or entity related to the enterprise or system in
some way. Authentication

The ability to test and prove that the enterprise architecture has the security attributes required
to uphold the stated security policies. Assurance
The protection of information assets from loss or unintended disclosure, and resources from
unauthorized and unintended use. Asset Protection

Those units outside the scoped enterprise who will need to enhance their security architecture
for interoperability purposes. Identify extended enterprise

Security architecture addresses non-normative flows through systems and among applications.
True

Security architecture composes its own discrete views and viewpoints. True

Those stakeholders who will be affected by security capabilities and who are in groups of
communities. Identify communities involved

Security architecture introduces unique, single-purpose components in the design. True

Security architecture introduces its own normative flows through systems and among
applications. True

The ability to add and change security policies, add or change how policies are implemented in
the enterprise, and add or change the persons or entities related to the systems. Administration

Security architecture calls for its own unique set of skills and competencies of the enterprise
and IT architects. True

Those who are most affected and achieve most value from the security work.
Identify core enterprise

QUIZ 6

The following security specifics appropriate to the security architecture must be addressed
within each phase in addition to the generic phase activities. Phase A: Architecture Vision

Assess the impact of new security measures upon other new components or existing leveraged
systems Phase F: Migration Planning

Changes in security standards are usually less disruptive since the trade-off for their adoption is
based on the value of the change. Architecture Change Management
Assess and baseline current security-specific technologies Phase D: Technology Architecture
Determine who are the legitimate actors who will interact with the product/service/process
Phase B: Business Architecture
Assess and baseline current security-specific architecture elements
Phase C: Information Systems Architectures

Establish architecture artifact, design, and code reviews and define acceptance criteria for the
successful implementation of the findings Phase G: Implementation Governance

Identify existing security services available for re-use Phase E: Opportunities & Solutions

FINALS

Security architecture composes its own discrete views and viewpoints. True

Security architecture introduces its own normative flows through systems and among
applications. True

Security architecture calls for its own unique set of skills and competencies of the enterprise
and IT architects. True

Security architecture addresses non-normative flows through systems and among applications.
True

Security architecture introduces unique, single-purpose components in the design. True