1.

2. D

3. A

4. D
5. A

6. B

7. C

8. D

9. C

10. D

1. It is a computer program that replicates and propagates itself without having to attach itself to a host.

A. Trojan Program

B. Adware

C. Spyware

D. Worm*

2. Which statement is incorrect regarding data and technology assets?

A. Reliance on current infrastracture services guarantees a long-term security of technology assets.*

B. The organization must exhaust its efforts in protecting its own data and that of the related third
parties as well.

C. Protection of data entails medium to high level of corporate spending.

D. Size and scope of the organization is of primary interest in formulating steps to safeguard technology
assets.

3. STATEMENT A: Data is the lifeblood of an organization because without it, no value can be delivered
to clients.

STATEMENT B: Concern for information security is solely delegated to the management to oversee.

A. A and B are correct

B. A and B are incorrect

C. Only A is incorrect

D. Only B is incorrect*
4. All of the following are considered organization-level controls except:

A. Personnel controls

B. Business continuity planning controls

C. Processing controls*

D. Access to computer files

5. What type of risk exists before plans are made to control it?

A. Residual Risk

B. Historical Risk

C. Current Risk

D. Inherent Risk*

6. The following are types of risk response:

I. Share

II. Accept

III. Develop

A. I and II*

B. I and III

C. II and III

D. I, II and III

7. Information security performs these important functions, except:

A. Protects organization’s ability to function

B. Enables safe operation of applications implemented on organization’s IT systems

C. Protects the organization from physical threats such as theft.*

D. Safeguards the technology assets in use at the organization

8. The following are types of malicious software except:

A. Denial of Service Attack

B. Trap door

C. Phreaker*

D. Polymorphic

9. Which of the following statements is incorrect?

A. Section 2A-1 of the Cybercrime Prevention Act refers to the illegal access to a computer system
without any right.*

B. Bots are often the technology used to implement Trojan horses, logic bombs and spyware.

C. Intellectual property protections include trademarks, patents and trade secrets.

D. An attack is an act that takes advantage of a vulnerability to compromise a controlled system.

10. Which of the following is not a broad category of activities that breach confidentiality?

A. Unauthorized accessing of information

B. Competitive intelligence vs. espionage

C. Shoulder surfing

D. Power irregularities*