Info Security Midterm

__________ law comprises a wide variety of laws that govern a nation or state.

Civil

The National Information Infrastructure Protection Act of 1996 modified which act?

Computer Fraud and Abuse Act

The __________ is an intermediate area between a trusted network and an untrusted network.

DMZ

A(n) _________ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

FCO

The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.

Fraud

__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

Packet-filtering

__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.

Physical

Which of the following is not a major processing mode category for firewalls?

Router passthru

The ____________________ data file contains the hashed representation of the user's password.

SAM

Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____.

SLA

__________ inspection firewalls keep track of each network connection between internal and external systems.

Stateful

__________ filtering requires that the firewall's filtering rules for allowing and denying packets are developed and installed with the firewall.

Static

________often function as standards or procedures to be used when configuring or maintaining systems.

SysSPs

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?

The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.

A short-term interruption in electrical power availability is known as a ____.

fault

An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

framework

The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any __________ purposes.

marketing

Hackers can be generalized into two skill groups: expert and ____________________.

novice

The first phase of risk management is _________.

risk identification

"4-1-9" fraud is an example of a ____________________ attack.

social engineering

A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.

direct

The concept of competitive _________ refers to falling behind the competition.

disadvantage

A __________ filtering firewall can react to an emergent event and update or create rules to deal with the event.

dynamic

Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________.

education

A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

strategic

A computer is the __________ of an attack when it is used to conduct an attack against another computer.

subject

The restrictions most commonly implemented in packet-filtering firewalls are based on __________.

All of the above: IP source and destination address, Direction (inbound or outbound), and TCP or UDP source and destination port requests.

Which of the following functions does information security perform for an organization?

All of the above: Protecting the organization's ability to function, Protecting the data the organization collects and uses, and Enabling the safe operation of applications implemented on the organization's IT systems.

__________ of information is the quality or state of being genuine or original.

Authenticity

A(n) _________ is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.

Data classification scheme

The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

EISP

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?

Electronic Communications Privacy Act

_________ addresses are sometimes called electronic serial numbers or hardware addresses.

MAC

__________ was the first operating system to integrate security as one of its core functions.

MULTICS

__________ has become a widely accepted evaluation standard for training and education related to the security of information systems.

NSTISSI No. 4011

__________ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.

Public

​The goals of information security governance include all but which of the following?

Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

The application layer proxy firewall is also known as a(n) __________.

application firewall

Risk _________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.

appetite

Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.

control

Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards.

de jure

The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.

demilitarized

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value.

hash

The Health Insurance Portability and Accountability Act of 1996, also known as the __________ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange.

kennedy-Kessebaum

__________ access control is a form of __________ access control in which users are assigned a matrix of authorizations for particular areas of access.

lattice-based, nondiscretionary

The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________."

management

According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except __________.

to harass

Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

trespass

Federal agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered "National Security Information," __________ data is the lowest-level classification.

unclassified

The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security.

vulnerabilities