12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

M10 Quiz
Due Nov 27 at 11:59pm Points 100 Questions 16
Time Limit 60 Minutes

Instructions
Each module will have one quiz containing 15-20 multiple choice questions. The quiz will cover
materials introduced in the given module, in particular important topics highlighted in the slides. Students
will have to take minimum five quizzes. Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Attempt History
Attempt Time Score

LATEST Attempt 1 32 minutes 100 out of 100

(!) Correct answers are hidden.

Score for this quiz: 100 out of 100

Submitted Nov 24 at 11:58pm
This attempt took 32 minutes.

Question 1 6.25 / 6.25 pts

The comprehensive technical security analysis of the system to ensure

that it meets all applicable security requirements is called?

Prototype Model

Data Lake

Refactoring

https://unt.instructure.com/courses/77157/quizzes/433978 1/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Certification

Question 2 6.2516.25 pts

Malware used for the purpose of facilitating a ransom attack is?

Worm

Malware

Ransomware

Virus

Question 3 6-2516-25 Pts

Bypass attack is where users may attempt to bypass controls at the front
end of the database application to access information.

True

False

Question 4 6.2516.25 pts

Relational database model is a database model in which data elements

and records are arranged in parent-child structures such as trees.

https://unt.instructure.com/courses/77157/quizzes/433978 2/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

True

False

Answer: Hierarchical Database Model

Question 5 6.25 / 6.25 pts

The efficient and effective management of information and associated

resources in an enterprise to drive business intelligence and decision­
making. It may include workflow management, business process
modeling, document management, databases and information systems,
and knowledge-based systems is?

Software Whitelisting

Spyware and Adware

Knowledge Management

Level of Abstraction

Question 6 6.25 / 6.25 pts

Procedural programming describes a finite task or process the system

must perform. These are often directly traceable to specific elements in
the final system's design and construction; formal configuration item
audits should, for example, be able to identify a given unit of software with
the specific functional requirements that dictated it be written and included
into the product build.

https://unt.instructure.com/courses/77157/quizzes/433978 3/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

True

False

Answer: Functional Requirements

Question 7 6.25 / 6.25 pts

A suite of application programs that typically manages large, structured

sets of persistent data?

DevOps

Database Management System

Metadatabase Management System

Database Model

Question 8 6.25 / 6.25 pts

Software assurance is the level of confidence that software is free from

vulnerabilities, either intentionally designed into the software or
intentionally inserted at any time during its life cycle, and that it functions
in the intended manner.

True

False

https://unt.instructure.com/courses/77157/quizzes/433978 4/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 9 6.25 / 6.25 pts

Describes the underlying software design concepts that a DBMS

implements; it identifies the specific organization, structure, and
architecture that the DBMS can provide to users, as they build specific
databases to meet business needs?

Database

None of these are correct

Database model

Metadata model

Question 10 6.25 / 6.25 pts

Knowledge Discovery in Databases is?

A mathematical, statistical, and visualization method of identifying invalid

and useful patterns in data

A mathematical, statistical, and visualization method of identifying valid

and useful patterns in data

A mathematical, statistical, and logicalal method of identifying valid and

useful patterns in data

https://unt.instructure.com/courses/77157/quizzes/433978 5/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

A mathematical, statistical, and visualization method of identifying valid

and odd patterns in data

Question 11 6.25 / 6.25 pts

A collection of activities focused on establishing and maintaining the

integrity of information technology products and information systems,
through control of processes for initializing, changing, and monitoring the
configurations of those products and systems throughout the system
development lifecycle? Source: NIST SP 800-53 Rev 4

Configuration management

Data management

DevOps

Database management

Question 12 6-2516-25 Pts

A management technique that simultaneously integrates all essential

acquisition activities through the use of multidisciplinary teams to optimize
the design, manufacturing, and supportability processes?

DevOps

none of these are correct

Trusted Computing Model

https://unt.instructure.com/courses/77157/quizzes/433978 6/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Product and Process Development

This is called Integrated Product and Process Development

Question 13 6-2516-25 Pts

Covert channel is a communications pathway between two or more

processes that transfers information in ways that violate some security
policy or requirement. These can be created deliberately (wittingly) by the
process designer(s), or unwittingly by the hostile process exploiting
hitherto unrecognized exposures of information, resources, or other
characteristics by the target system.

True

False

Question 14 6.25 I 6.25 pts

A decision-making technique that is based on a series of

[ Select ] v> taken from the fields of mathematics,

statistics, cybernetics, and genetics is [ Select ] v

Answer 1:

analytical techniques

Answer 2:

https://unt.instructure.com/courses/77157/quizzes/433978 7/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

mathematics, statistics, cybernetics, and genetics

Answer 3:

Data Mining

Question 15 6.25 / 6.25 pts

A collection of data sources such as separate internal databases to

provide a broader base of information for analysis, trending, and
reference. May also involve databases from outside of the organization,
either by importing a copy or by reference is?

Buffer Overflow

DevSecOps

Data Warehouse

Data Type Enforcement

Question 16 6-2516-25 Pts

Alternate sets of instructions and data that an attacker attempts to trick a

processor into executing is called?

Arbitrary code

Intermediate code

Inheritance

https://unt.instructure.com/courses/77157/quizzes/433978 8/9
12/13/22, 4:55 PM M10 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Mobile code

Quiz Score: 100 out of 100

https://unt.instructure.com/courses/77157/quizzes/433978 9/9
12/13/22, 4:55 PM M9 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

M9 Quiz
Due Nov 20 at 11:59pm Points 100 Questions 10
Time Limit 60 Minutes

Instructions
This module will have one quiz containing 10-20 multiple choice questions. The quiz will cover materials
introduced in the given module, in particular important topics highlighted in the slides. Students will have
to take minimum five quizzes. Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Attempt History
Attempt Time Score

LATEST Attempt 1 30 minutes 100 out of 100*

* Some questions not yet graded

© Correct answers are hidden.

Score for this quiz: 100 out of 100 *

Submitted Nov 16 at 1:32am
This attempt took 30 minutes.

Question 1 10 /10 pts

A patch is?

illegal activity

none of these are correct

any object that contains data

https://unt.instructure.com/courses/77157/quizzes/433974 1/5
12/13/22, 4:55 PM M9 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

an update/fix for an IT asset

Question 2 10/10 pts

Request for change is the documentation of a proposed change in

support of change management activities.

True

False

Question 3 10/10 pts

is an isolated test environment that simulates the production

environment but will not affect production components.

sandboxing

privileged accounts

shadow-boxing

job rotation

Question 4 10/10 pts

is the formal process an organization uses to transition from

the current state to a future state. This typically includes mechanisms to

https://unt.instructure.com/courses/77157/quizzes/433974 2/5
12/13/22, 4:55 PM M9 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

request, evaluate, approve, implement, verify and learn from the change.

baselining

change management

disaster recovery

backup

Question 5 10/10 pts

Testing of a system to ascertain whether recently approved modifications

have changed its performance of other approved functions or has
introduced other unauthorized behaviors is called?

threat intelligence

remediation

forensics, cyber forensics

regression testing

Question 6 10/10 pts

Backup are actions taken by a victim of hacking to compromise the

systems of the alleged attacker.

True

False

https://unt.instructure.com/courses/77157/quizzes/433974 3/5
12/13/22, 4:55 PM M9 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Answer: Hackback

Question 7 10/10 pts

A general term for a contingency or continuity of operations (COOP) site

used to assume system or organizational operations in the event that the
primary site is not usable for a period of time is?

intrusion

alternate site

attacker

disruption

Question 8 10 /10 pts

Full backup copies the entire system to backup media.

True

False

Question 9 10/10 pts

What is the major difference between configuration management and

change management?
https://unt.instructure.com/courses/77157/quizzes/433974 4/5
12/13/22, 4:55 PM M9 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

one is more formal than the other

only one is related to the IT environment

none of these are correct

one of them is against the law

one is comprehensive than the other

Question 10 10 /10 pts

Honeypots or honeynets are machines that exist on the network, but do

not contain sensitive or valuable data, and are meant to distract and
occupy malicious or unauthorized intruders, as a means of advancing
their attempts to access production data/assets. A number of machines of
this kind, linked together as a network or subnet, are referred to as a
"honeynet."

True

False

Quiz Score: 100 out of 100

https://unt.instructure.com/courses/77157/quizzes/433974 5/5
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

M8 Quiz
Due Nov 13 at 11:59pm Points 100 Questions 15
Time Limit 60 Minutes

Instructions
Each module will have one quiz containing 15-20 multiple choice questions. The quiz will cover
materials introduced in the given module, in particular important topics highlighted in the slides. Students
will have to take minimum five quizzes. Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Attempt History
Attempt Time Score

LATEST Attempt 1 40 minutes 97.8 out of 100

Score for this quiz: 97.8 out of 100

Submitted Nov 12 at 2:25pm
This attempt took 40 minutes.

Question 1 6.6 / 6.6 pts

Ensures that a user is who he or she claims to be. The more factors used
to determine a person's identity, the greater the trust of authenticity is
called?

none of these are correct

Correct: multi-factor authentication

single factor authentication

https://unt.instructure.com/courses/77157/quizzes/433979 1/8
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

two factor authentication

Question 2 6-6 /6-6 Pts

is an authentication mechanism that allows a single identity

to be shared across multiple applications.

Mandatory access controls (MAC)

Identity as a service (IDaaS)

Correct- Single Sign-On (SSO)

Privileged Accounts

Question 3 6-6 /6-6 Pts

An automated system that manages the passage of people or assets

through an opening(s) in a secure perimeter(s) based on a set of
authorization rules is called?

Correct- physical access control system

none of these are correct

rule-based access control

role-based access control

https://unt.instructure.com/courses/77157/quizzes/433979 2/8
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 4 6-616-6 Pt®

The individual who manages permissions and access on a day-to-day

basis based on instructions from the data owner is called?

Correct Data Custodian

Data Owner/ Controller

Discretionary access control (DAC)

Attribute-based access control (ABAC)

Question 5 6-616.6 Pts

The Open Authorization 2.0 authorization framework enables a third-party

application to obtain limited access to an HTTP service, either on behalf
of a resource owner by orchestrating an approval interaction between the
resource owner and the HTTP service, or by allowing the third-party
application to obtain access on its own behalf.

Correct- True

False

Question 6 6.616.6 Pts

Data Processor is the individual that the PI I refers to.

True

https://unt.instructure.com/courses/77157/quizzes/433979 3/8
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Correct- False

Answer: Data Subject

Question 7 6 616 6 Pts

Logical access control system is?

Physical system that allows access based upon pre-determined policies.

Correct! ©
Non-physical system that allows access based upon pre-determined
policies.

Non-physical system that allows access based upon dynamic policies.

Non-physical system that denies access based upon pre-determined

policies.

Question 8 6-616-6 Pts

Identity proofing is the process of collecting and verifying information about a person for the
purpose of proving that a person who has requested an account, a credential, or other
special privilege is indeed who he or she claims to be and establishing a reliable
relationship that can't be trusted electronically between the individual and said credential
for purposes of electronic authentication.

True

https://unt.instructure.com/courses/77157/quizzes/433979 4/8
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Correct- False

Question 9 4.4 / 6.6 pts

Identity as a Service (Select all that apply):

Correct Broker identity and access management functions

orrect Is a cloud based service

I
Correct
Can target systems on customers' premises

none of these are correct

Question 10 6-616-6 Pts

The two major types of false rates are?

Correct Rejection

Latent

Capacity

Remittance

Correct- Acceptence

Question 11 6.6 / 6.6 pts

https://unt.instructure.com/courses/77157/quizzes/433979 5/8
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Authorization is the process of defining the specific resources a user

needs and determining the type of access to those resources the user
may have.

Correct- True

False

Question 12 6-6 166 Pts

Crossover Error Rate is?

achieved when the False Rejection Rate and False Acceptance Rate are
negative

Correct- none of these are correct

achieved when the False Reaction Rate and False Acceptance Rate are
equal

achieved when the False Rejection Rate and False Acceptance Rate are
directly correlated

achieved when the False Rejection Rate and False Access Rate are equal

Question 13 6.6 / 6.6 pts

https://unt.instructure.com/courses/77157/quizzes/433979 6/8
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Means to ensure that access to assets is authorized and restricted based

on business and security requirements related to logical and physical
systems?

Correct- Access Control System

none of these are correct

Attribute-based access control

Access control tokens

Question 14 6.6 / 6.6 pts

Access control tokens are best described when the system decides if
access is to be granted or denied based upon the validity of the token for
the point where it is read based on time, date, day, holiday, or other
condition used for controlling validation.

Correct- True

False

Question 15 7.6 / 7.6 pts

[ Select ] ensures that

[ Select ] management has assurance that only

[ Select ] users are accessing the system and using

it properly.

https://unt.instructure.com/courses/77157/quizzes/433979 7/8
12/13/22, 4:54 PM M8 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Answer 1:

Accountability

Answer 2:

account

Answer 3:

authorized

Quiz Score: 97.8 out of 100

https://unt.instnjcture.com/courses/77157/quizzes/433979 8/8
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

M7 Quiz
Due Nov 6 at 11:59pm Points 100 Questions 19
Time Limit 60 Minutes

Instructions
Each module will have one quiz containing 15-20 multiple choice questions. The quiz will cover
materials introduced in the given module, in particular important topics highlighted in the slides. Students
will have to take minimum five quizzes. Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Attempt History
Attempt Time Score

LATEST Attempt 1 30 minutes 89 out of 100

(!) Correct answers are hidden.

Score for this quiz: 89 out of 100

Submitted Nov 6 at 3:30pm
This attempt took 30 minutes.

Question 1 5.5 / 5.5 pts

A radio network distributed over land areas called cells, each served by at
least one fixed-location transceiver, known as a cell site or base station is
called?

Circuit-Switched Network

Concentrators

https://unt.instructure.com/courses/77157/quizzes/433977 1/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Internetworking

Cellular Network

Question 2 1 /1 pts

It can be said that IPSec

provides mechanisms for nonrepudiation.

provides mechanisms for authentication and encryption.

will only be deployed with IPv6.

only authenticates clients against a server.

IP Security (IPSec) is a suite of protocols for communicating

securely with IP by providing mechanisms for authenticating and
encryption. Standard IPSec authenticates only hosts with each
other.

Question 3 5-515-5 Pts

Virtual Local Area Networks?

Allow network administrators to use switches to create hardware-based

LAN segments that can be defined based on factors other than physical
location.

https://unt.instructure.com/courses/77157/quizzes/433977 2/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Allow network administrators to use switches to create software-based

LAN segments that can be defined based on factors other than physical
location.

Allow network administrators to use routers to create software-based LAN

segments that can be defined based on factors other than physical
location.

Allow network administrators to use switches to create software-based

LAN segments that can be defined based on factors like physical location.

Question 4 5.5 / 5.5 pts

can potentially deliver data rates of more than 30

megabits per second.

WEP

WiFi

WAP

WiMAX

Question 5 5.5 / 5.5 pts

Driver (Device Driver) is the software layer that provides an interface for
accessing the functions of hardware devices. Typically used by the

https://unt.instructure.com/courses/77157/quizzes/433977 3/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

operating system.

True

False

Question 6 5.5 / 5.5 pts

Intrusion Detection System (IDS) uses available information to determine

if an attack is underway and sends alerts but also blocks the attack from
reaching its intended target.

True

False

Answer: Intrusion Prevention Systems (IPS)

Question 7 5.5 / 5.5 pts

Most essential representation of data?

packet

bit

port

frame

https://unt.instructure.com/courses/77157/quizzes/433977 4/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 8 5.5 / 5.5 pts

A set of technologies that enables voice to be sent over a packet network

is?

VoUDP

VoTCP

VoIP

None of these are correct

Question 9 5.5 / 5.5 pts

is any of a broad range of techniques that enable

network management, routing, forwarding, and control functions to be
directed by software. This is generally done by abstracting the control and
management planes from the data plane and its forwarding functions.

Software-Defined Networking (SDN)

Network Function Virtualization (NFV)

Root of Trust (RoT)

Internetworking

Question 10 5.5 / 5.5 pts

https://unt.instructure.com/courses/77157/quizzes/433977 5/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

How many layers are in the OSI model?

9, counting sub layers

5, that actually work

11, counting sub layers

Question 11 5.5 / 5.5 pts

A modernized internet protocol responsible for addressing packets so that

they can be transmitted from the source to the destination hosts?

OSI protocol

OSPF

IPv4

IPv6

Question 12 5.5 / 5.5 pts

Packet-Switched Networks are networks that do not use a dedicated

connection between endpoints.

True

https://unt.instructure.com/courses/77157/quizzes/433977 6/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

False

Question 13 5-515-5 Pts

An extension of the SDN practices to connect to entities spread across

the internet to support WAN architecture especially related to cloud
migration?

Software-Defined Wide Area Network

None of these are correct

Software-defined networks

Wide Area Network

Question 14 5-515-5 Pts

Manages multicasting groups that are a set of hosts anywhere on a

network that are listening for a transmission is?

Internet Group Management Model

Internet Group Marketing Protocol

Internet Group Management Protocol

Network Group Management Protocol

https://unt.instructure.com/courses/77157/quizzes/433977 7/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 15 5.5 / 5.5 pts

Teardrop attack exploits the reassembly of fragmented IP packets in the

fragment offset field that indicates the starting position, or offset, of the
data contained in a unfragmented packet relative to the data of the
original fragmented packet.

True

False

I-----------------------------------------------------------------------------------------------
Question 16 0/5.5 pts

What provides a means to send error messages and a way to probe the
network to determine network availability?

None of these are correct

Network Control Message Protocol

Internet Group Management Protocol

Internet Control Management Protocol

Answer is Internet Control Message Protocol

Question 17 5.5 / 5.5 pts

https://unt.instructure.com/courses/77157/quizzes/433977 8/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

uses the IEEE 802.11x specification to create a wireless

local-area network either public or private.

WiFi

WAP

WEP

WiMAX

Question 18 5-515-5 Pts

A device that enforce administrative security policies by filtering incoming

traffic based on a set of rules is called?

Firewall

Brickwall

Firebreak

Antivirus Containment

I-----------------------------------------------------------------------------------------------
Question 19 0/5.5 pts

Bluetooth wireless technology is an open standard for short-range radio

frequency communication used primarily to establish wired personal area
networks (WPANs), and it has been integrated into many types of
business and consumer devices.

True

https://unt.instructure.com/courses/77157/quizzes/433977 9/10
12/13/22, 4:54 PM M7 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

False

Quiz Score: 89 out of 100

https://unt.instructure.com/courses/77157/quizzes/433977 10/10
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Mid Term Exam

Due Oct 30 at 11:59pm Points 100 Questions 50
Available Oct 23 at 11:59pm - Oct 30 at 11:59pm Time Limit 90 Minutes

Instructions
The midterm is comprised of 50 questions. You have 90 minutes to complete the midterm.

This quiz was locked Oct 30 at 11:59pm.

Attempt History
Attempt Time Score

LATEST Attempt 1 66 minutes 100 out of 100

Score for this quiz: 100 out of 100

Submitted Oct 28 at 11:16pm
This attempt took 66 minutes.

Question 1 2 / 2 pts

What is information security?

Protecting the information from cyber crimes

A process of analyzing data and reporting the findings

Correct:
The protection of information and information systems from unauthorized
access, use, disclosure, disruption, modification, or destruction in order to
provide confidentiality, integrity, and availability

https://unt.instructure.com/courses/77157/quizzes/433971 1/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Information and related resources, such as personnel, equipment, funds,

and information technology

Question 2 2 / 2 pts

Refers to creations of the mind: inventions; literary and artistic works; and
symbols, names and images used in commerce is called?

Confidentiality

Compliance

Correct- Intellectual Property

Security Governance

Question 3 2 / 2 pts

A calendar that tracks an organization's audits, assessment, required

filings, their due dates, and related details is called?

Judgmental Sampling

Correct- Compliance Calendar

Misuse Case Testing

Compliance Tests

https://unt.instructure.com/courses/77157/quizzes/433971 2/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 4 2 / 2 pts

A governance committee is? (Select all that apply.)

Correct
The entity that can approve changes and exceptions to current relevant
governance

The entity that can approve strategic initiatives to current relevant

governance

Correct-
A formal body of personnel who determine how decisions will be made
within the organization

A informal body of personnel who determine how decisions will be made

within the organization

Question 5 2 / 2 pts

Block Size (Encryption) is size in symbols (usually bits or bytes) for a

particular block mode encryption algorithm or process.

Correct True

False

https://unt.instructure.com/courses/77157/quizzes/433971 3/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 6 2/2 pts

Statistical sampling is the process of selecting subsets of examples from

a population with the objective of estimating properties of the total
population.

Correct- True

False

Question 7 2 / 2 pts

Baselines, as they relate to cybersecurity are?

Correct- A minimum level of security.

A maximum level of security.

What security should be.

The only acceptable level of security.

Question 8 2 / 2 pts

Transposition Cipher is the size in symbols (usually bits or bytes) for a

particular block mode encryption algorithm or process.

True

Correct- False

https://unt.instructure.com/courses/77157/quizzes/433971 4/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Answer: Block Size (Encryption)

Question 9 2 / 2 pts

Due diligence can be best described as?

Correct
Actions taken by a vendor to demonstrate/provide due care.

Actions taken by a vendor to demonstrate/provide due diligence.

Actions taken by a vendor to demonstrate/provide customers with a

lawsuit.

Actions taken by a vendor to demonstrate/provide due process.

Question 10 2 / 2 pts

An asset is?

Correct- An item perceived as having value

An item perceived to do something

An item no one wants

An item an organization owns

https://unt.instructure.com/courses/77157/quizzes/433971 5/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 11 2/2 pts

Defensible destruction entails?

Eliminating data using a controlled, illegal and non-compliant way.

Correct! ©
Eliminating data using a controlled, legally defensible, and regulatory
compliant way.

Eliminating data using a controlled, defensible, and regulatory way.

Creating data using a controlled, legally defensible, and regulatory

compliant way.

Question 12 2 / 2 pts

A series of randomly generated symmetric encryption keys, each one to

be used only once by sender and recipient is?

Correct- One-time pad

One-time pad is a key that is only used once and that must be as
long as the plaintext but never repeats.

DES

Triple DES

AES

https://unt.instructure.com/courses/77157/quizzes/433971 6/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 13 2 / 2 pts

Quantitative is using numbers to measure something, usually monetary

values.

Correct- True

False

Question 14 2 / 2 pts

Decryption is the reverse process from encoding, converting the encoded

message back into its plaintext format.

True

Correct- False

Answer: Decoding

Question 15 2 / 2 pts

should not be confused with cleartext, which is data or a

message in its natural format, but which its originator has no intention or
need to protect via encryption.

Key Space

Substitution Cipher

https://unt.instructure.com/courses/77157/quizzes/433971 7/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Public Key

Correct Plaintext

Question 16 2 / 2 pts

Block Mode Encryption is using fixed-length sequences of input plaintext

symbols as the unit of encryption.

Correct- True

False

Question 17 2/2 pts

The testing technique used by an auditor to obtain the audit evidence in

order to support auditor opinion is?

Examination

Testing

Finding(s)

Correct Substantive Test

Question 18 2 / 2 pts

https://unt.instructure.com/courses/77157/quizzes/433971 8/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Scoping is limiting the general baseline recommendations by removing

those that do not apply.

Correct- True

False

Question 19 2 / 2 pts

Any data about a human being that could be used to identify that person?

Personally identifiable intelligence

Professionally identifiable information

Personally attributable information

Correct- Personally identifiable information

Question 20 2,2 Pts

Stream mode encryption system is a system that uses both symmetric

and asymmetric encryption processes.

True

https://unt.instructure.com/courses/77157/quizzes/433971 9/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Correct- False

Answer: Hybrid encryption system

Question 21 2,2 Pts

is a testing strategy and technique from the point of view of an

actor hostile to the system, using deliberately chosen sets of actions,
which could lead to systems integrity failures, malfunctions, or other
security or safety compromises.

Testing

Correct- □ Misuse Case Testing

Chaos Engineering

Compliance Tests

Question 22 2,2 Pts

can be defined by one entity and adopted by others, or may

be internal mandates exclusive to an organization.

Correct- Standards

Confidentiality

CIA Triad

Security Governance

https://unt.instructure.com/courses/77157/quizzes/433971 10/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 23 2,2 Pts

Qualitative is defined as?

All answers are correct

Measuring by the quantity of something

Measuring something using numbers, using adjectives, scales, and

grades, etc.

Correct! ®
Measuring something without using numbers, using adjectives, scales, and
grades, etc.

Question 24 2 / 2 pts

Standards can be defined by one entity and adopted by others, or may be

internal mandates exclusive to an organization.

Correct- True

False

Question 25 2 / 2 pts

https://unt.instructure.com/courses/77157/quizzes/433971 11/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

is a document that identifies tasks needing to be accomplished.

It details resources required to accomplish the elements of the plan, any
milestones for meeting the tasks, and scheduled milestone completion
dates.

Compliance Tests

Correct- Plan of Action and Milestones (POA&M)

Misuse Case Testing

Finding(s)

Question 26 2,2 Pts

Chaos Engineering is the discipline of experimenting on a software

system in production in order to build confidence in the system's capability
to withstand turbulent and unexpected conditions.

True

False

Question 27 2,2 Pts

Hybrid Encryption System is the total set of algorithms, processes,

hardware, software, and procedures that taken together provide an
encryption and decryption capability.

True

https://unt.instructure.com/courses/77157/quizzes/433971 12/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Correct- False

Answers: Encryption System

Question 28 2/2 Pts

Used to ensure the authentication and integrity of information, not the

confidentiality?

Code Syntax Loop

Message digest

Message authentication code

Message cipher code

Question 29 2,2 Pts

The removal of sensitive data from storage devices in such a way that
there is assurance that the data may not be reconstructed using normal
system functions or software file/data recovery utilities is called?

C°rec1 Clearing

Cleaning

Wiping

Total destruction

https://unt.instructure.com/courses/77157/quizzes/433971 13/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 30 2,2 Pts

The removal of sensitive data from a system or storage device with the
intent that the data cannot be reconstructed by any known technique is
called?

Paranoid

Correct Purging

Cybersecurity

Information Security

Question 31 2,2 Pts

The inability to deny. In cryptography, it is a security service by which

evidence is maintained so that the sender and the recipient of data cannot
deny having participated in the communication. There are two kinds of
non-repudiation: "non-repudiation of origin" means the sender cannot
deny having sent a particular message, and "non-repudiation of delivery"
is when the receiver cannot say that they have received a different
message than the one that they actually did receive is called?

Confidentiality

Due Diligence

Security Governance

Correct- Non-repudiation

https://unt.instructure.com/courses/77157/quizzes/433971 14/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 32 2,2 Pts

The right of a human individual to control the distribution of information

about him or herself is?

Publicity

Preservation

Seclusion

Privacy

Question 33 2,2 Pts

The process of reviewing a system for compliance against a standard or

baseline. Examples include audits of security controls, configuration
baselines, and financial records is?

Correct Audit/auditing

Audit/accounting

Assurance/auditing

Awareness/auditing

Question 34 2 / 2 pts

https://unt.instructure.com/courses/77157/quizzes/433971 15/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Examination is the process of reviewing a system for compliance against

a standard or baseline. Examples include audits of security controls,
configuration baselines, and financial records. Can be formal and
independent, or informal using internal staff.

True

Correct- False

Answer: Audit/Auditing

Question 35 2,2 Pts

What is cyber security?

The ability to protect the information from all kinds of attacks.

A global domain within the information environment consisting of the

interdependent network of information systems infrastructures including
the Internet, telecommunications networks, computer systems, and
embedded processors and controllers.

Correct-

The ability to protect or defend the use of cyberspace from cyber attacks

The ability to protect all the information in an organization

Question 36 2/2 Pts

Availability is defined as?

https://unt.instructure.com/courses/77157/quizzes/433971 16/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Correct
Ensuring timely and reliable access to and use of information by
authorized users.

Ensuring timely access to and use of information by authorized users.

Ensuring timely and reliable access to and use of information by users.

Ensuring reliable access to and use of information by authorized users.

Question 37 2,2 Pts

Interview(s) is the process of holding discussions with individuals or

groups of individuals within an organization to once again, facilitate
assessor understanding, achieve clarification, or obtain evidence.

True

False

Question 38 2,2 Pts

The amount of effort necessary to break a cryptographic system, usually

measured in total elapsed time is called?

Transposition Cipher

Correct- Work Factor

Key Space

https://unt.instructure.com/courses/77157/quizzes/433971 17/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Substitution Cipher

Question 39 2,2 Pts

The altered form of a plaintext message, so as to be unreadable for

anyone except the intended recipients. Something that has been turned
into a secret.

Confusion

Cybertext

Cryptocurrency

Correct- None of these are correct

Question 40 2,2 Pts

Integrity is the property of information whereby it is recorded, used, and

maintained in a way that ensures its completeness, accuracy, internal
consistency, and usefulness for a stated purpose.

Correct! 8 True

False

Question 41 2 / 2 pts

https://unt.instructure.com/courses/77157/quizzes/433971 18/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Judgmental sampling is also called purposive sampling or authoritative

sampling, and is a non-probability sampling technique in which the
sample members are chosen only on the basis of the researcher's
knowledge and judgment.

Correct- True

False

Question 42 2,2 Pts

The process of exercising one or more assessment objects (i.e., activities

or mechanisms) under specified conditions to compare actual with
expected behavior is called?

Interview(s)

Finding(s)

Corractl @ Testing

Assessment

Question 43 2,2 Pts

Padding is an introduction of data into the plaintext to minimize its

predictable structure or frequency. Also, it's the extra symbols added to
the end of the last plaintext block in a block encryption process to bring it
to proper length.

https://unt.instructure.com/courses/77157/quizzes/433971 19/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Correct- True

False

Question 44 2,2 Pts

Examination is the process of reviewing, inspecting, observing, studying,

or analyzing one or more assessment objects (i.e., specifications,
mechanisms, or activities). The purpose of the examine method is to
facilitate assessor understanding, achieve clarification, or obtain
evidence.

Correct! e True

False

Question 45 2,2 Pts

Due diligence does not require a higher standard of research and

application of knowledge than due care. Due diligence is measured by
absolute standards.

True

Correct- False

Answer: Due diligence requires a higher standard of research and

application of knowledge than due care. Due diligence is not
measured by any absolute standard.

https://unt.instructure.com/courses/77157/quizzes/433971 20/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 46 2,2 Pts

Compliance is adherence to a mandate; both the actions demonstrating

adherence and the tools, processes, and documentation that are used in
adherence.

True

False

Question 47 2,2 Pts

Frequency analysis is a form of cryptanalysis that uses the frequency of

occurrence of letters, words, or symbols in the plaintext alphabet as a way
of reducing the search space.

True

False

Question 48 2,2 Pts

https://unt.instructure.com/courses/77157/quizzes/433971 21/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Categorization is the process of grouping sets of data, information, or

knowledge that have comparable sensitivities (impact or loss ratings), and
have similar security needs mandated by law, contracts, or other
compliance regimes.

Correct- True

False

Question 49 2,2 Pts

Key management is the process of creating a new encryption (or

decryption) key.

True

Correct- False

Answer: Key Generation

Question 50 2 / 2 pts

Inventory is?

Complete list of assets

Complete list of data

Correct- Complete list of items

https://unt.instructure.com/courses/77157/quizzes/433971 22/23
12/13/22, 4:53 PM Mid Term Exam: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Complete list of activities by an organization

Quiz Score: 100 out of 100

https://unt.instructure.com/courses/77157/quizzes/433971 23/23
12/13/22, 4:53 PM M6 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

M6 Quiz
Due Oct 16 at 11:59pm Points 100 Questions 13
Time Limit 60 Minutes

Instructions
Each module will have one quiz containing 10-15 multiple choice questions. The quiz will cover
materials introduced in the given module, in particular important topics highlighted in the slides. Students
will have to take minimum five quizzes. Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Attempt History
Attempt Time Score

LATEST Attempt 1 39 minutes 100 out of 100

(!) Correct answers are hidden.

Score for this quiz: 100 out of 100

Submitted Oct 16 at 9:30pm
This attempt took 39 minutes.

Question 1 7.69 / 7.69 pts

A set of rules, constraints, boundaries, or conditions that establishes limits

on what participants in an activity may or may not do is?

Testing

Plan of Action and Milestones (POA&M)

Rules of Engagement (RoE)

https://unt.instructure.com/courses/77157/quizzes/433980 1/7
12/13/22, 4:53 PM M6 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Examination

Question 2 7.69 / 7.69 pts

A piece of evidence, such as text or a reference to a resource, that is

submitted to support a response to a question is called?

Substantive Test

Artifact

Finding(s)

Testing

Question 3 7.69 / 7.69 pts

The testing technique used by an auditor to obtain the audit evidence in

order to support auditor opinion is?

Testing

Finding(s)

Examination

Substantive Test

Question 4 7.69 / 7.69 pts

https://unt.instructure.com/courses/77157/quizzes/433980 2/7
12/13/22, 4:53 PM M6 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Assessment results produced by the application of an assessment

procedure to a security control or control enhancement to achieve an
assessment objective is?

Finding(s)

Testing

Interview(s)

Assessment

Question 5 7.7 / 7.7 pts

Plan of Action and Milestones (POA&M) is the process of holding

discussions with individuals or groups of individuals within an organization
to once again, facilitate assessor understanding, achieve clarification, or
obtain evidence.

True

False

Answer: Interview(s)

Question 6 7,6917-69 Pts

Examination is the process of reviewing, inspecting, observing, studying,

or analyzing one or more assessment objects (i.e., specifications,
mechanisms, or activities). The purpose of the examine method is to
facilitate assessor understanding, achieve clarification, or obtain
evidence.
https://unt.instructure.com/courses/77157/quizzes/433980 3/7
12/13/22, 4:53 PM M6 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

True

False

Question 7 7.7 / 7.7 pts

The process of exercising one or more assessment objects (i.e., activities

or mechanisms) under specified conditions to compare actual with
expected behavior is?

Interview(s)

Trust Services Criteria

Testing

Misuse Case Testing

Question 8 7.69 / 7.69 pts

A calendar that tracks an organization's audits, assessment, required

filings, their due dates, and related details is called?

Compliance Calendar

Misuse Case Testing

Judgmental Sampling

Compliance Tests

https://unt.instructure.com/courses/77157/quizzes/433980 4/7
12/13/22, 4:53 PM M6 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 9 7.69 / 7.69 pts

is an evaluation that provides assurance an organization's

controls are being applied in accordance with management policies and
procedures.

Misuse Case Testing

Judgmental Sampling

Chaos Engineering

Compliance Tests

Question 10 7.69 / 7.69 pts

Judgmental sampling is also called purposive sampling or authoritative

sampling, and is a non-probability sampling technique in which the
sample members are chosen only on the basis of the researcher's
knowledge and judgment.

True

False

Question 11 7.7 / 7.7 pts

Ethical Penetration Testing, Penetration Testing is the discipline of

experimenting on a software system in production in order to build

https://unt.instructure.com/courses/77157/quizzes/433980 5/7
12/13/22, 4:53 PM M6 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

confidence in the system's capability to withstand turbulent and

unexpected conditions.

True

False

Answer: Chaos Engineering

Question 12 7.69 / 7.69 pts

is a testing strategy and technique from the point of view of an

actor hostile to the system, using deliberately chosen sets of actions,
which could lead to systems integrity failures, malfunctions, or other
security or safety compromises.

Chaos Engineering

□ Misuse Case Testing

Testing

Compliance Tests

Question 13 76917-69 Pts

Examination is the process of reviewing a system for compliance against

a standard or baseline. Examples include audits of security controls,
configuration baselines, and financial records. Can be formal and
independent, or informal using internal staff.

https://unt.instructure.com/courses/77157/quizzes/433980 6/7
12/13/22, 4:53 PM M6 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

True

False

Answer: Audit/Auditing

Quiz Score: 100 out of 100

https://unt.instructure.com/courses/77157/quizzes/433980 7/7
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

M4 and M5 Quiz
Due Oct 9 at 11:59pm Points 100 Questions 20
Time Limit 60 Minutes

Instructions
This quiz will consist of 15-25 questions. The quiz will cover materials introduced in the given modules,
in particular important topics highlighted in the slides. Students will have to take minimum five quizzes.
Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Attempt History
Attempt Time Score

LATEST Attempt 1 38 minutes 100 out of 100

Score for this quiz: 100 out of 100

Submitted Oct 9 at 4:05pm
This attempt took 38 minutes.

Question 1 5/5 pts

The process of reordering the plaintext to hide the message by using the
same letters or bits is called?

Substitution

Confusion

Correct- Transposition

Transference

https://unt.instructure.com/courses/77157/quizzes/433972 1/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 2 5 / 5 pts

A series of randomly generated symmetric encryption keys, each one to

be used only once by sender and recipient is

Hash function

Correct- One-time pad

Triple DES

AES

Question 3 5 / 5 pts

Used to ensure the authentication and integrity of information, not the

confidentiality?

Correct- Message digest

Code Syntax Loop

Message authentication code

Message cipher code

Question 4 5/5 pts

https://unt.instructure.com/courses/77157/quizzes/433972 2/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

The process of exchanging one letter or bit for another is called?

Correct None of these are correct

Steganography

Systematic

Simple Switch

This process is called substitution.

Question 5 5 / 5 pts

is the process and act of converting the message from its

plaintext to ciphertext. Sometimes it is also referred to as enciphering.
The two terms are sometimes used interchangeably in literature and have
similar meanings.

Decoding

Collision

Frequency Analysis

Correct- Encryption

https://unt.instructure.com/courses/77157/quizzes/433972 3/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 6 5/5 pts

Frequency analysis is a form of cryptanalysis that uses the frequency of

occurrence of letters, words, or symbols in the plaintext alphabet as a way
of reducing the search space.

Correct- True

False

Question 7 5 / 5 pts

refers to transmitting or sharing control information, such as

encryption keys and crypto variables, by means of a separate and distinct
communications path, channel or system from which the control
information is used to operate and keep secure.

Decoding

Correct- Out-of-Band

Cybertext

Cryptography

Question 8 5 / 5 pts

should not be confused with cleartext, which is data or a

message in its natural format, but which its originator has no intention or
need to protect via encryption.

https://unt.instructure.com/courses/77157/quizzes/433972 4/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Substitution Cipher

Correct- Plaintext

Public Key

Key Space

Question 9 5 / 5 pts

Padding is an introduction of data into the plaintext to minimize its

predictable structure or frequency. Also, it's the extra symbols added to
the end of the last plaintext block in a block encryption process to bring it
to proper length.

Correctl @ True

False

Question 10 5/5 pts

is the complete set of hardware, software, communications

elements, and procedures that allows parties to communicate, store
information, or use information that is protected by cryptographic means.
The system includes the algorithm, key, and key management functions,
together with other services that can be provided through cryptography.

Cryptovariable(s)

Cryptography

Correct- Cryptosystem

https://unt.instructure.com/courses/77157/quizzes/433972 5/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Cryptology

Question 11 5/5 pts

is the study of techniques for attempting to defeat

cryptographic techniques and, more generally, information security
services.

Key Rotation

Correct- Cryptanalysis

Public Key

Cryptology

Question 12 5 / 5 pts

A managed, scheduled process for retiring one set of keys and replacing
them with new ones, as a way of limiting the time window that the system
and its encrypted traffic is vulnerable to attacks is?

Cryptology

Cryptovariable(s)

Public Key

Correct- Key Rotation

https://unt.instructure.com/courses/77157/quizzes/433972 6/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 13 5 / 5 pts

is one part of a matching key pair generated via asymmetric

encryption processes, which can then be shared or published. Secrecy
and integrity of a public-key encryption process does not depend upon
protecting the value of a public key.

Cryptography

Cryptology

Correct Public Key

Session Key

Question 14 5 / 5 pts

Cryptography is the study or applications of methods to secure or protect

the meaning and content of messages, files, or other information, usually
by disguise, obscuration, or other transformations of that content and
meaning.

Correct- True

False

Question 15 5 / 5 pts

is a process by which keys (asymmetric or symmetric) are

placed in a trusted storage agent's custody, for later retrieval. The

https://unt.instructure.com/courses/77157/quizzes/433972 7/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

trustworthiness of the encryption system(s) being used is thus completely

placed in the escrow agent's control.

Key Space

Key

Key Recovery

Correct- Key Escrow

Question 16 5 / 5 pts

A security model that ensures that objects and subjects at one level of
sensitivity don't inappropriately interact with the objects and subjects at
other levels. Each data access attempt is independent of all others and
approved, if appropriate, by the security architecture is?

Message Digest

Block Size (Encryption)

Correct- Non-interference Model

Asymmetric Encryption

Question 17 5 / 5 pts

The altered form of a plaintext message, so as to be unreadable for

anyone except the intended recipients. Something that has been turned
into a secret.

https://unt.instructure.com/courses/77157/quizzes/433972 8/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Cryptocurrency

Confusion

Cybertext

Correct None of these are correct

This is called ciphertext.

Question 18 5 / 5 pts

Transposition cipher is size in symbols (usually bits or bytes) for a

particular block mode encryption algorithm or process.

True

Correctl False

Answer: Block Size (Encryption)

Question 19 5 / 5 pts

Public key is one part of a matching key pair generated via asymmetric
encryption processes, which can then be shared or published. Secrecy
and integrity of a public-key encryption process does not depend upon
protecting the value of a public key.

True
I
https://unt.instructure.com/courses/77157/quizzes/433972 9/10
12/13/22, 4:53 PM M4 and M5 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

False

Question 20 5,5 Pts

Decryption is the reverse process from encoding, converting the encoded

message back into its plaintext format.

True

Correct- False

Answer: Decoding

Quiz Score: 100 out of 100

https://unt.instructure.com/courses/77157/quizzes/433972 10/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

M2 & M3 Quiz
Due Sep 25 at 11:59pm Points 100 Questions 20
Time Limit 60 Minutes

Instructions
This quiz contains 15~25 questions. The quiz will cover materials introduced in the given modules, in
particular important topics highlighted in the slides. Students will have to take minimum five quizzes.
Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Attempt History
Attempt Time Score

LATEST Attempt 1 42 minutes 100 out of 100

(!) Correct answers are hidden.

Score for this quiz: 100 out of 100

Submitted Sep 25 at 12:28am
This attempt took 42 minutes.

Question 1 5/5 pts

The right of a human individual to control the distribution of information

about him or herself is?

Preservation

Seclusion

Publicity

https://unt.instructure.com/courses/77157/quizzes/433975 1/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Privacy

Question 2 5/5 pts

The process of reviewing a system for compliance against a standard or

baseline. Examples include audits of security controls, configuration
baselines, and financial records.

Awareness/auditing

Audit/auditing

Assurance/auditing

Audit/accounting

Question 3 5 / 5 pts

The property that data or information is not made available or disclosed to

unauthorized persons or processes is called?

Compliance

Calculated

Confidentiality

Computer driven

https://unt.instructure.com/courses/77157/quizzes/433975 2/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 4 5 / 5 pts

is the natural person who is identified or described by

the data.

Data Subject

Governance

Due Process

Due Care

Question 5 5 / 5 pts

A governance committee is? (Select all that apply.)

The entity that can approve strategic initiatives to current relevant

governance

A informal body of personnel who determine how decisions will be made

within the organization

□
The entity that can approve changes and exceptions to current relevant
governance

□
A formal body of personnel who determine how decisions will be made
within the organization

https://unt.instructure.com/courses/77157/quizzes/433975 3/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 6 5/5 pts

Integrity is the property of information whereby it is recorded, used, and

maintained in a way that ensures its completeness, accuracy, internal
consistency, and usefulness for a stated purpose.

True

False

Question 7 5 / 5 pts

A legal and ethical duty owed by a provider to a customer, and the actions
taken by provider to fulfill that duty is called?

Due Care

Due Process

Providers don't have a duty to customers

Due Diligence

Question 8 5 / 5 pts

Due diligence can be best described as?

Actions taken by a vendor to demonstrate/provide due care.

https://unt.instructure.com/courses/77157/quizzes/433975 4/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Actions taken by a vendor to demonstrate/provide due process.

Actions taken by a vendor to demonstrate/provide customers with a

lawsuit.

Actions taken by a vendor to demonstrate/provide due diligence.

Question 9 5/5 pts

Compliance is adherence to a mandate; both the actions demonstrating

adherence and the tools, processes, and documentation that are used in
adherence.

True

False

Question 10 5 / 5 pts

can be defined by one entity and adopted by others or may be

internal mandates exclusive to an organization.

CIA Triad

Confidentiality

Standards

Security Governance

https://unt.instructure.com/courses/77157/quizzes/433975 5/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 11 5/5 pts

Any data about a human being that could be used to identify that person?

Professionally identifiable informaton

Personally attributable informaton

Personally identifiable intelligence

Personally identifiable information

Question 12 5/5 pts

Availability is defines as?

Ensuring reliable access to and use of information by authorized users.

Ensuring timely access to and use of information by authorized users.

Ensuring timely and reliable access to and use of information by users.

Ensuring timely and reliable access to and use of information by

authorized users.

Question 13 5/5 pts

https://unt.instructure.com/courses/77157/quizzes/433975 6/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Security model with the three security concepts of confidentiality, integrity,

and availability make up the CIA triad. It is also sometimes referred to as
the AIC triad is called?

Security Governance

Standards

Integrity

CIA Triad

Question 14 5,5 Pts

The inability to deny. In cryptography, it is a security service by which

evidence is maintained so that the sender and the recipient of data cannot
deny having participated in the communication. There are two kinds of
non-repudiation: "non-repudiation of origin" means the sender cannot
deny having sent a particular message, and "non-repudiation of delivery"
is when the receiver cannot say that they have received a different
message than the one that they actually did receive is called?

Confidentiality

Non-repudiation

Security Governance

Due Diligence

Question 15 5/5 pts

https://unt.instructure.com/courses/77157/quizzes/433975 7/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Refers to creations of the mind: inventions; literary and artistic works; and
symbols, names and images used in commerce is called?

Intellectual Property

Security Governance

Confidentiality

Compliance

Question 16 5/5 pts

Security governance is the entirety of the policies, roles, and processes

the organization uses to make security decisions in an organization.

True

False

Question 17 5/5 pts

Cybercrime is an act that involves the use of information, information

systems, or information technologies in ways that violate the laws that
pertain to the system and the information in question.

True

False

https://unt.instructure.com/courses/77157/quizzes/433975 8/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 18 5/5 pts

Due Diligence reflects a judgment of the circumstances or an event that

would cause a prudent person to take action.

True

False

It should be Due Care.

Question 19 5/5 pts

The process of how an organization is managed; usually includes all

aspects of how decisions are made for that organization, such as policies,
roles, and procedures the organization uses to make those decisions is?

Integrity

Governance

Cybercrime

Non-repudiation

Question 20 5/5 pts

Due diligence does not require a higher standard of research and

application of knowledge than due care. Due diligence is measured by
absolute standards.

https://unt.instructure.com/courses/77157/quizzes/433975 9/10
12/13/22, 4:53 PM M2 & M3 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

True

False

Due diligence requires a higher standard of research and application

of knowledge than due care. Due diligence is not measured by any
absolute standard.

Quiz Score: 100 out of 100

https://unt.instructure.com/courses/77157/quizzes/433975 10/10
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Module 1 Quiz
Due Sep 11 at 11:59pm Points 100 Questions 16
Time Limit 60 Minutes

Instructions
Each module will have one quiz containing 15-20 multiple choice questions. The quiz will cover
materials introduced in the given module, in particular important topics highlighted in the slides. Students
will have to take minimum five quizzes. Only five highest grades will be considered.

This test has a time limit of 1 hour.

You will be notified when time expires, and force to submit.

Access Code: Password85

Attempt History
Attempt Time Score

LATEST Attempt 1 38 minutes 87.5 out of 100

© Correct answers are hidden.

Score for this quiz: 87.5 out of 100

Submitted Sep 10 at 9:38am
This attempt took 38 minutes.
I
Question 1 01625 Pts

What is cyber security?

The ability to protect all the information in an organization

The ability to protect or defend the use of cyberspace from cyber attacks

https://unt.instructure.com/courses/77157/quizzes/433976 1/8
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

The ability to protect the information from all kinds of attacks

A global domain within the information environment consisting of the

interdependent network of information systems infrastructures including
the Internet, telecommunications networks, computer systems, and
embedded processors and controllers.

Question 2 6.25 / 6.25 pts

An asset is?

An item perceived to do something

An item no one wants

An item an organization owns

An item perceived as having value

Question 3 6.25 / 6.25 pts

The phases that an asset goes through from creation (collection) to

destruction?

Asset lifecycle

Asset function

Asset phases

Asset lifespan
https://unt.instructure.com/courses/77157/quizzes/433976 2/8
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 4 6.25 / 6.25 pts

The removal of sensitive data from storage devices in such a way that
there is assurance that the data may not be reconstructed using normal
system functions or software file/data recovery utilities is called?

Wiping

Clearing

Total destruction

Cleaning

Question 5 6.25 / 6.25 pts

What is information security?

Information and related resources, such as personnel, equipment, funds,

and information technology

Protecting the information from cyber crimes

A process of analyzing data and reporting the findings

The protection of information and information systems from unauthorized

access, use, disclosure, disruption, modification, or destruction in order to
provide confidentiality, integrity, and availability

https://unt.instructure.com/courses/77157/quizzes/433976 3/8
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 6 6.2516.25 pts

Inventory is?

Complete list of data

Complete list of activities by an organization

Complete list of assets

Complete list of items

Question 7 6.25 / 6.25 pts

The removal of sensitive data from a system or storage device with the
intent that the data cannot be reconstructed by any known technique is
called?

Cybersecurity

Purging

Information Security

Paranoid

I
Question 8 0 / 6.25 pts

Qualitative is defined as?

https://unt.instructure.com/courses/77157/quizzes/433976 4/8
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Measuring something using numbers, using adjectives, scales, and

grades, etc.

Measuring something without using numbers, using adjectives, scales, and

grades, etc.

Both answers are correct

Question 9 6.2516.25 pts

Using numbers to measure something, usually monetary values is called?

Qualitative

Accurate

None of the above

Quantitative

Question 10 6.25 / 6.25 pts

Baselines, as they relate to cybersecurity are?

What security should be.

The only acceptable level of security.

A maximum level of security.

https://unt.instructure.com/courses/77157/quizzes/433976 5/8
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

A minimum level of security.

Question 11 6.25 / 6.25 pts

The arrangement of assets into categories is called?

Coordination

Classification

Designation

Allocation

Question 12 6.25 / 6.25 pts

Defensible destruction entails?

©
Eliminating data using a controlled, legally defensible, and regulatory
compliant way.

Eliminating data using a controlled, illegal and non-compliant way.

Eliminating data using a controlled, defensible, and regulatory way.

Creating data using a controlled, legally defensible, and regulatory

compliant way.

https://unt.instructure.com/courses/77157/quizzes/433976 6/8
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

Question 13 6.25/6.25 pts

Accountability is the obligation fordoing something. Can be delegated.

True

False

False
It should be -> Responsibility

Question 14 6.25 / 6.25 pts

Categorization is the process of grouping sets of data, information, or

knowledge that have comparable sensitivities (impact or loss ratings), and
have similar security needs mandated by law, contracts, or other
compliance regimes.

True

False

Question 15 6-2516-25 Pts

Tailoring is the process by which a security control baseline is modified

based on (i) the application of scoping guidance, (ii) the specification of
compensating security controls, if needed, and (iii) the specification of

https://unt.instructure.com/courses/77157/quizzes/433976 7/8
12/13/22, 4:52 PM Module 1 Quiz: INFO 5737 Section 002 - Information and Cyber-Security (Fall 2022 1)

organization-defined parameters in the security controls via explicit

assignment and selection statements. Source: NIST SP 800-37 Rev 1

True

False

Question 16 6-2516-25 Pts

Scoping is limiting the general baseline recommendations by removing

those that do not apply.

True

False

Quiz Score: 87.5 out of 100

https://unt.instructure.com/courses/77157/quizzes/433976 8/8