final 2602
The application layer proxy firewall is also known as a(n) __________.
application firewall
Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
control
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.
direct
A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.
false
An extranet is a segment of the DMZ where no authentication and authorization controls are put into place.
false
Baselining is the comparison of past security activities and events against the organization's current performance.
false
The security framework is a more detailed version of the security blueprint.
false
In 2002, Congress passed the Federal Information Security Management Act (FISMA), which mandates that all federal agencies __________.
provide security awareness training
The transfer of transaction data in real time to an off-site facility is called ____.
remote journaling
_________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty.
risk
A security clearance is a component of a data classification scheme that assigns a status level to systems to designate the maximum level of classified data that may be stored on them.
False
A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.
False
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.
False
For policy to become enforceable, it only needs to be distributed, read, understood, and agreed to.
False
__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.
MAC layer
Kerberos __________ provides tickets to clients who request services.
TGS
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) longer than ____________________ characters in Internet Explorer 4.0, the browser will crash.
256
_________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.
Damage assessment
Network security focuses on the protection of physical items, objects, or areas from unauthorized access andmisuse.
False
Syntax errors in firewall policies are usually difficult to identify.
False
Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager.
False
The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure than the general-public networks but more secure than the internal network.
False
Which of the following is an example of a Trojan horse program?
Happy99.exe
The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the __________.
loss frequency
Disaster recovery personnel must know their roles without supporting documentation, which is a function of preparation, training, and rehearsal.
true
