final 2602

The application layer proxy firewall is also known as a(n) __________.

application firewall

Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.

control

A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.

direct

A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.

false

An extranet is a segment of the DMZ where no authentication and authorization controls are put into place.

false

Baselining is the comparison of past security activities and events against the organization's current performance.

false

The security framework is a more detailed version of the security blueprint.

false

In 2002, Congress passed the Federal Information Security Management Act (FISMA), which mandates that all federal agencies __________.

provide security awareness training

The transfer of transaction data in real time to an off-site facility is called ____.

remote journaling

_________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty.

risk

A security clearance is a component of a data classification scheme that assigns a status level to systems to designate the maximum level of classified data that may be stored on them.

False

A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.

False

Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.

False

For policy to become enforceable, it only needs to be distributed, read, understood, and agreed to.

False

__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

MAC layer

Kerberos __________ provides tickets to clients who request services.

TGS

Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) longer than ____________________ characters in Internet Explorer 4.0, the browser will crash.

256

_________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.

Damage assessment

Network security focuses on the protection of physical items, objects, or areas from unauthorized access andmisuse.

False

Syntax errors in firewall policies are usually difficult to identify.

False

Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager.

False

The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure than the general-public networks but more secure than the internal network.

False

Which of the following is an example of a Trojan horse program?

Happy99.exe

The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the __________.

loss frequency

Disaster recovery personnel must know their roles without supporting documentation, which is a function of preparation, training, and rehearsal.

true