Info Security Santa Fe College
Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.
False
Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks. True or False
False
Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
False
Qualitative risk analysis is a list of identified risks that results from the risk-identification process. True or False
False
Audits are necessary because of ________.
All of the above
Which of the following adequately defines continuous authentication?
An authentication method in which a user is authenticated at multiple times or event intervals.
When you apply an account-lockout policy, set the __________ to a high enough number that authorized users aren't locked out due to mistyped passwords.
Threshold
A computer virus is an executable program that attaches to, or infects, other executable programs.
True
Failing to prevent an attack all but invites an attack. True or False
True
SAS70 was officially retired in June 2011 and was superseded and enhanced by the Statement of Standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations. True or False
True
SOC 3 reports are intended for public consumption.
True
When security seems to get in the way of an employee's productivity, they'll often bypass security measures to complete their work more quickly.
True
Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.
True
Which of the following is the definition of packet-filtering firewall?
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.
In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations.
Compliance
"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned."This is a disadvantage to choosing the self-study option thatcan be labeled ________.
Procrastination
From the perspective of a _________ professional, configuration management evaluates the impact a modification might have on security.
Security
E-commerce systems and applications demand strict C-I-A ________
Security Controls
What fills security gaps and software weaknesses?
Testing and quality assurance
The primary difference between SOC 2 and SOC 3 reports is ________.
Their Audience
Decryption is the act of scrambling plaintext into ciphertext.
False
One of the OSI Reference Model layers, the Transport Layer, creates, maintains, and disconnects communications that take place between processes over the network. True or False
False
Opt-in (subscribe) features in spam messages can represent a new form of reconnaissance attack to acquire legitimate target addresses. True or False
False
Wardialers are becoming more frequently used given the rise of digitaltelephony and now IP telephony or Voice over IP (VoIP).
False
Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.
Integrity
Although wardialing is an old attack method, it is still useful for finding access points to computers because many computer networks and voice systems have modems attachedto phone lines.
True
Most often, passphrases are used for public and private key authentication.
True
Multiprotocol Label Switching (MPLS) is a WAN software feature that allows customers to maximize performance.
True
One of the most important parts of a FISMA information security program is that agencies test and evaluate it.
True
Qualitative risk analysis is a list of identified risks that results from the risk-identification process.
True
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas. True or False
True
The proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage, is exposure factor (EF).
True
The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.
True
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
Today, one of the most common methods for identifying what skills a security professional possesses is his or herlevel of certification. True or False
True
Typically, the director of IT security ensures that the company meets WAN Domain security policies, standards, procedures, and guidelines.
True
Typically, the director of IT security ensures that the company meets WAN Domain security policies, standards, procedures, and guidelines. True or False
True
Loss of financial assets due to ________ is a worst-case scenario for all organizations.
Malicious attack
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.
Worm
There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data mightbe.
Ciphertext-only attack (COA)
A method to restrict access to a network based on identity or other rules is the definition of ________.
network access control (NAC)
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
Continuing Education
________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk.
Quantitative risk analysis
