Question 1 of 20 2.0 Points
Information Security is primarily a discipline to manage the behavior of:

A.technology

B.people

C.processes

D.organizations

Answer Key: B

Question 2 of 20 2.0 Points
The three objectives of information security are:

A.confidentiality, integrity, and availability.

B.resilience, privacy, and safety.

C.confidentiality, secrecy, and privacy.

D.none of the above.

Answer Key: A

Question 3 of 20 2.0 Points
Which of the following topics would not be part of a program in information security?

A.laws and ethical practices

B.file access control

C.security architecture

D.All of the above would be classes you would expect in an IS program.

Answer Key: D

Question 4 of 20 2.0 Points
Defense in depth is needed to assure that which three mandatory activities are present in a security system?

A.prevention, response, and prosecution

B.response, collection of evidence, and prosecution

C.prevention, detection, and response

D.prevention, response, and management

Answer Key: C

Question 5 of 20 2.0 Points
The three types of security controls are:

A.people, functions, and technology.

B.people, process, and technology.

C.technology, roles, and separation of duties.

D.separation of duties, processes, and people.

Answer Key: B

Question 6 of 20 2.0 Points
The absence or weakness in a system that may possibly be exploited is called a(n):

A.vulnerability.

B.threat.

C.risk.

D.exposure.

Answer Key: A

Question 7 of 20 2.0 Points
The information security Common Body of Knowledge is

A.a compilation and distillation of all security information collected internationally of relevance to information security professionals B.a volume of books published by ISC2

C.a reference