bcis 4740 final
____________________ is the process of making and using codes to secure the transmission of information.
Cryptography
In TCP/IP networking, port __________ is not used.
0
The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
CERT/CC
The __________ is typically considered the top information security officer in the organization.
CISO
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.
CISSP
In PKI, the CA periodically distributes a(n) _________ to all users that identifies all revoked certificates.
CRL
__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Temporary employees
True or False: "Unfreezing" in the Lewin change model involves thawing hard-and-fast habits and established procedures.
True
True or False: A chain of custody is the detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court. ___________
True
True or False: A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component.
True
True or False: A(n) log file monitor is similar to an NIDPS. _________________________
True
True or False: An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS.
True
True or False: An ideal organization fosters resilience to change. _________________________
True
True or False: Ciphertext or a cryptogram is an encoded message, or a message that has been successfully encrypted. _________________________
True
True or False: Corrective action decisions are usually expressed in terms of trade-offs. _________________________
True
True or False: In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.
True
True or False: In some instances, risk is acknowledged as being part of an organization's business process.
True
True or False: Internet Protocol Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocols.
True
True or False: Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny.
True
True or False: Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined.
True
True or False: Organizations should have a carefully planned and fully populated inventory of all their network devices, communication channels, and computing devices. _________________________
True
True or False: Planning for the implementation phase of a security project requires the creation of a detailed project plan.
True
True or False: Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms.
True
True or False: Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _________________________
True
Related to the concept of separation of duties is that of ____________________, the requirement that two individuals review and approve each other's work before the task is categorized as finished.
two-person control
The Lewin change model includes __________.
unfreezing, moving and refreezing
Rehearsals that use plans as realistically as possible are called ____________________ games.
war
The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.
wireless
Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.
LFM
The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals?
accounting
A(n) ____________________ vulnerability scanner is one that initiates traffic on the network in order to determine security holes.
active
__________ are a component of the security triple.
all of the above; threats, vulnerabilities and assets
In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior or improper use.
application
At the center of the bull's-eye model are the ____________________ used by the organization to accomplish its work.
applications
The ____________________ of (ISC)2 program is geared toward those who want to take the CISSP or SSCP exam before obtaining the requisite experience for certification.
associate
Under the guise of justice, some less scrupulous administrators may be tempted to ____________________, or hack into a hacker's system to find out as much as possible about the hacker.
back hack
A performance ____________________ is an expected level of performance against which all subsequent levels of performance are compared.
baseline
Which of the following ports is commonly used for the HTTP protocol?
80
The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________.
All of the above; enterprise security management practices, security management practices, business continuity planning and disaster recovery planning
The __________ layer of the bull's-eye model receives attention last.
Applications
____________________ is the process of reviewing the use of a system, not to check performance but to determine if misuse or malfeasance has occurred.
Auditing
A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan.
CBA
The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?
CCE and MCCE
In digital forensics, all investigations follow the same basic methodology once permission for search and seizure has been obtained. Which of the following is NOT one of the elements of that process?
Determine whether to "apprehend and prosecute"
__________ are encrypted message components that can be mathematically proven to be authentic.
Digital signatures
__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
Encryption
True or False: "Administrators" provide the policies, guidelines, and standards in the Schwartz, Erwin, Weafer, and Briney classification. _________________________
False
True or False: "Builders" in the field of information security provide day-to-day systems monitoring and use to support an organization's goals and objectives.
False
True or False: A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position.
False
True or False: A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered.
False
True or False: A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________
False
True or False: A(n) server-based IDPS protects the server or host's information assets. _________________________
False
True or False: Adopted by NIST in 1976 as a federal standard, DES uses a 64-bit block size and key.
False
True or False: All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.
False
True or False: An effective information security governance program requires constant change. _________________________
False
True or False: Asymmetric encryption systems use a single key to both encrypt and decrypt a message.
False
True or False: DES was created to offer the same strength as the DES algorithm but ran three times as fast, thus saving time.
False
True or False: Encryption methodologies that require the same secret key to encipher and decipher the message are using what is called public-key encryption. _________________________
False
True or False: Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _________________________
False
True or False: ISSMP stands for Information Systems Security Monitoring Professional. _________________________
False
True or False: In 1953, Giovan Batista Bellaso introduced the idea of the passphrase (password) as a key for encryption.
False
True or False: In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure.
False
True or False: In project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as prerequisites. _________________________
False
True or False: Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.
False
True or False: Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _________________________
False
True or False: Organizations are not required by law to protect employee information that is sensitive or personal.
False
True or False: Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal. _________________________
False
True or False: S-HTTP is an extended version of Hypertext Transfer Protocol that provides for the encryption of protected e-mail transmitted via the Internet between a client and server. _________________________
False
True or False: The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _________________________
False
True or False: The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables.
False
True or False: The general management community of interest must plan for the proper staffing of the information security function. _________________________
False
True or False: The information security function cannot be placed within protective services.
False
True or False: The networks layer of the bull's eye is the outermost ring of the bull's eye.
False
True or False: The systems development life cycle (SDLC) is the overall process of developing, implementing, and retiring information systems through a multistep approach—initiation, analysis, design, implementation, and use. _________________________
False
True or False: The work breakdown structure (WBS) can only be prepared with a complex, specialized desktop PC application.
False
True or False: Threats cannot be removed without requiring a repair of the vulnerability.
False
True or False: To be put to the most effective use, the information that comes from the IDPS must be integrated into the inventory process. _________________________
False
True or False: Within a PKI, a(n) registration authority issues, manages, authenticates, signs, and revokes users' digital certificates, which typically contain the user name, public key, and other identifying information. _________________________
False
True or False: You can document the results of the verification of a vulnerability by saving the results in what is called a(n) profile. _________________________
False
__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.
Fuzz
The Secure ____________________ Standard issued by the National Institute of Standards and Technology specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file.
Hash
__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet.
IPSec
A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
MAC
_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.
PGP
__________ was developed by Phil Zimmermann and uses the IDEA cipher for message encoding.
PGP
__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.
PKI
The __________ commercial site focuses on current security tool resources.
Packet Storm
Originally released as freeware, ____________________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms as an open-source de facto standard for encryption and authentication of e-mail and file storage.
Pretty Good Privacy (PGP)
If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors.
RFP
The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
SSL Record Protocol
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
Security technicians
True or False: The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. _________________________
True
True or False: The International Society of Forensic Computer Examiners (ISFCE) offers two levels of certification: the Certified Computer Examiner (CCE) and the Master Certified Computer Examiner (MCCE). _________________________
True
True or False: The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _________________________
True
True or False: The permutation cipher simply rearranges the values within a block to create the ciphertext.
True
True or False: The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.
True
True or False: The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. _________________________
True
True or False: The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies.
True
True or False: The vulnerability database, like the risk, threat, and attack database, both stores and tracks information.
True
True or False: To assist in footprint intelligence collection, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.
True
True or False: To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.
True
True or False: Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.
True
True or False: When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change.
True
True or False: When possible, major incident response plan elements should be rehearsed. _________________________
True
Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?
User
The analysis step of an Internet vulnerability assessment occurs when a knowledgeable and experienced vulnerability analyst screens test results for ____________________ vulnerabilities logged during scanning.
candidate
The level of resistance to ____________________ impacts the ease with which an organization is able to implement procedural and managerial changes.
change
When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.
clipping
Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a ____________________ manager."
common
The science of encryption is known as ____________________.
cryptology
Almost all aspects of a company's environment are ____________________, meaning threats that were originally assessed in the early stages of the project's systems development life cycle have probably changed and new priorities have emerged.
dynamic
It is important to gather employee ____________________ early about the information security program and respond to it quickly.
feedback
Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.
fingerprinting
The model commonly used by large organizations places the information security department within the __________ department.
information technology
The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.
intranet
A signature-based IDPS is sometimes called a(n) ____________________-based IDPS.
knowledge
Security ____________________ are accountable for the day-to-day operation of the information security program.
managers
The ____________________ port is also known as a switched port analysis (SPAN) port or mirror port.
monitoring
The objective of the external ____________________ domain within the maintenance model is to provide early awareness of new and emerging threats, threat agents, vulnerabilities, and attacks that the organization needs in order to mount an effective and timely defense.
monitoring
One of the oldest models of change is the Lewin change model, which consists of three stages: unfreezing, ____________________, and refreezing.
moving
Organizations should perform a(n) ____________________ assessment of their information security programs.
periodic
During the implementation phase, the organization translates its blueprint for information security into a project ____________________.
plan
Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and ____________________ areas.
policy
By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce.
process of change
The attack ____________________ is a series of steps or processes used by an attacker, in a logical sequence, to launch an attack against a target system or network.
protocol
Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.
rainbow table
A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.
scanning
The __________ is a statement of the boundaries of the RA.
scope
Three methods dominate IDPS detection methods: the ____________________-based approach, the statistical anomaly-based approach, and the stateful packet inspection approach.
signature
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.
signatures
A(n) ____________________ risk is one that is higher than the risk appetite of the organization.
significant
A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
smart
A packet ____________________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.
sniffer
The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.
wrap-up