Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo
Foundations of Information Systems

Review Questions

Foundations of Information SystemsReview Questions
1.
What principle primarily concerns protecting information from unauthorized access, modification, or deletion?
  1. data encryption
  2. information security
  3. information privacy
  4. user authentication
2 .
What type of attack manipulates the Domain Name System (DNS) to redirect a website’s traffic to a different IP address?
  1. phishing
  2. spoofing
  3. man-in-the-middle
  4. brute-force attack
3.
What type of social engineering attack appears as a trustworthy entity in digital communication but steals user data, such as login credentials and financial information?
  1. spoofing
  2. hacking
  3. identity theft
  4. phishing
4 .
What authentication mechanism is the most secure?
  1. username and password
  2. two-factor authentication
  3. multi factor authentication
  4. biometric verification
5.
What is the purpose of role-based access control (RBAC) in network security?
  1. to monitor and filter outgoing internet traffic
  2. to prevent data loss through email and web applications
  3. to ensure users have access only to the resources necessary for their roles
  4. to encrypt data transmissions over the network
6 .
Why are regular penetration tests important for maintaining organizational security?
  1. They help in training IT staff on how to respond to media inquiries.
  2. They allow for constant updating of the company website’s content.
  3. They enable the identification and remediation of early vulnerabilities.
  4. They are a regulatory requirement for all businesses.
7.
What is the cyber safety significance of applying regular software updates and patches?
  1. They maintain the software’s compatibility with new hardware.
  2. They often add new features to the software.
  3. They address identified security vulnerabilities to prevent exploits.
  4. They are mainly for aesthetic improvements to the user interface.
8 .
How does ethical hacking differ from malicious hacking?
  1. Ethical hacking is performed without the permission of the target entity.
  2. Ethical hacking is intended to strengthen systems, not to harm them.
  3. Ethical hacking does not require a deep understanding of IT systems.
  4. There is no real difference; all hacking is considered unethical.
9.
What is the purpose of antivirus software?
  1. to increase the speed of the computer’s processor
  2. to protect against known threats and analyze system behavior to detect new threats
  3. to manage the organization’s email server
  4. to offer technical support for software developers
10 .
What is the primary aim of a distributed denial-of-service (DDoS) attack?
  1. modifying unauthorized data
  2. disrupting the availability of a target’s network resources
  3. gaining unauthorized access to secure data
  4. causing physical damage to the network infrastructure
11.
What is a key process of an effective information security risk management (ISRM) strategy?
  1. periodic security training
  2. continuous monitoring
  3. single-layer security
  4. annual risk assessments
12 .
COBIT5 is an example of what type of ISRM resource?
  1. a compliance framework
  2. a risk management plan
  3. a network security protocol
  4. an incident response system
13.
What organization is well known for developing standards and frameworks like COBIT to support compliance with ISRM practices?
  1. IEEE
  2. ISO
  3. ISACA
  4. NIST
14 .
What is the first step in developing a comprehensive risk management plan?
  1. identifying risks
  2. implementing controls
  3. assessing risks
  4. establishing the context
15.
Why is continuous monitoring in an ISRM strategy important?
  1. It allows for one-time setup of complete security controls.
  2. It helps eliminate all cyber risks.
  3. It ensures security measures are effective over time against evolving threats.
  4. It provides a static security environment.
16 .
Why is it important to integrate continuous monitoring with other security processes?
  1. to ensure compliance with COBIT5 only
  2. to guarantee zero risk posture
  3. to reduce the need for security training
  4. to maintain a comprehensive approach to organizational security
17.
Who is responsible for implementing security measures to protect an organization’s data and ensuring that these measures are aligned with regulatory requirements?
  1. security consultant
  2. compliance analyst
  3. security software developer
  4. threat intelligence analyst
18 .
What role does continuous learning play in the field of cybersecurity?
  1. to stay updated with the latest cybersecurity trends and technologies
  2. to maintain a static skill set over time
  3. to focus solely on traditional cybersecurity methods
  4. to decrease the need for professional certifications
19.
In the context of cybersecurity, what does the term “digital trust” primarily refer to?
  1. the encryption standards used in digital communications
  2. the confidence stakeholders place in an organization’s ability to secure data and systems
  3. the digital certificates used for website authentication
  4. the trustworthiness of digital signatures
20 .
What is a significant cybersecurity challenge posed by the rise of cloud computing?
  1. simplified IT infrastructure
  2. decreased data storage needs
  3. unique risks such as data breaches, unauthorized access, and compromised integrity of shared resources
  4. reduced need for network security
21.
In which type of organization would a Certified Information Security Manager (CISM) certification be especially beneficial for career advancement?
  1. tech start-ups
  2. government agencies
  3. financial institutions
  4. nonprofit organizations
22 .
Which role is essential for creating strategies to protect against large-scale cyber threats and managing an organization’s overall cybersecurity posture?
  1. network security administrator
  2. chief information security officer (CISO)
  3. IT support technician
  4. cybersecurity legal advisor
PreviousNext
Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution-NonCommercial-ShareAlike License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
Citation information

© Mar 11, 2025 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.