160 final

¡Supera tus tareas y exámenes ahora con Quizwiz!

Computer assets are the focus of information security and are the information that has value to the organization, as well as the systems that store, process, and transmit the information. ____________

FALSE

Encryption methodologies that require the same secret key to encipher and decipher the message are using what is called public-key encryption. _________________________

FALSE

Every member of the organization's InfoSec department must have a formal degree or certification in information security.

FALSE

Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _________________________

FALSE

In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project. _________________________

FALSE

Knowing yourself means identifying, examining, and understanding the threats facing the organization.

FALSE

Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _________________________

FALSE

Criminal laws address activities and conduct harmful to society and is categorized as private or public.

TRUE

Each organization has to determine its own project management methodology for IT and information security projects.

TRUE

A best practice proposed for a small to medium-sized business will be similar to one used to help design control strategies for a large multinational company.

FALSE

A cold site provides many of the same services and options of a hot site, but at a lower cost.

FALSE

A routing table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. _________________________

FALSE

A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________

FALSE

ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.

FALSE

Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels.

FALSE

Alarm filtering may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators. _________________________

FALSE

All IDPS vendors target users with the same levels of technical and security expertise.

FALSE

CERT stands for "computer emergency recovery team." _________________________

FALSE

Common implementations of a registration authority (RA) include functions to issue digital certificates to users and servers.

FALSE

CompTIA offers a vendor-specific certification program called the Security+ certification.

FALSE

Port Address Translation assigns non-routing local addresses to computer systems in the local area network and uses ISP-assigned addresses to communicate with the Internet on a one-to-one basis. _________________________

FALSE

Process-based measures are comparisons based on observed numerical data, such as numbers of successful attacks. _________________________

FALSE

Risk acceptance defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. _________________________

FALSE

Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager.

FALSE

The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project. _________________________

FALSE

The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release information about national security without permission. _________________________

FALSE

The Graham-Leach-Bliley Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. _________________________

FALSE

The SSCP examination is much more rigorous than the CISSP examination.

FALSE

The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers.

FALSE

The computed value of the ALE compares the costs and benefits of a particular control alternative to determine whether the control is worth its cost. _________________________

FALSE

The defense control strategy is the risk control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards, but it is not the preferred approach to controlling risk.

FALSE

The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not.

FALSE

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system dramatically interfering with the performance of the organization as a whole. _________________________

FALSE

The physical design is the blueprint for the desired solution.

FALSE

To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive.

FALSE

Usually, as the length of a cryptovariable increases, the number of random guesses that have to be made in order to break the code is reduced.

FALSE

Videoconferencing is off-site computing that uses Internet connections, dial-up connections, connections over leased point-to-point links between offices, and other mechanisms. _________________________

FALSE

Within security perimeters the organization can establish security redundancies, each with differing levels of security, between which traffic must be screened. _________________________

FALSE

A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to external content from within a network.

TRUE

A service bureau is an agency that provides a service for a fee. _________________________

TRUE

A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _________________________

TRUE

A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________

TRUE

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. _________________________

TRUE

An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS.

TRUE

An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.

TRUE

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.

TRUE

In digital forensic investigations for information security, most operations focus on policies-documents that provide managerial guidance for ongoing implementation and operations. ____________

TRUE

In many organizations, information security teams lack established roles and responsibilities.

TRUE

In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.

TRUE

NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans, and provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size.

TRUE

Over time, external monitoring processes should capture information about the external environment in a format that can be referenced across the organization as threats emerge and for historical use.

TRUE

Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment.

TRUE

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability.

TRUE

Security efforts that seek to provide a superior level of performance in the protection of information are referred to as best business practices. _________________________

TRUE

Security managers are accountable for the day-to-day operation of the information security program.

TRUE

Security tools that go beyond routine intrusion detection include honeypots, honeynets, and padded cell systems.

TRUE

Sometimes a risk assessment report is prepared for a specific IT project at the request of the project manager, either because it is required by organizational policy or because it is good project management practice. _________________________

TRUE

Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group.

TRUE

The ISO/IEC 27000 series is derived from an earlier standard, BS7799.

TRUE

The Metasploit Framework is a collection of exploits coupled with an interface that allows the penetration tester to automate the custom exploitation of vulnerable systems.

TRUE

The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

TRUE

The best method of remediation in most cases is to repair a vulnerability. _________________________

TRUE

The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device. _________________________

TRUE

The investigation phase of the SDLC involves specification of the objectives, constraints, and scope of the project.

TRUE

The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security management. _________________________

TRUE


Conjuntos de estudio relacionados

frases en espanol a ingles - sentences in spanish to english

View Set

1-9: The Conquest of the West and Industrialization of America

View Set

Respiratory Lippincott NCLEX Style

View Set

Y1 Hello song + Sorry song + Where is Friend song

View Set

Chapter 3: Genetics, Conception, Fetal Development, and Reproductive Technology by Durham and Chapman

View Set