information security final
SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm. a. 48 b. 160 c. 256 d. 56
160
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____________________ characters in Internet Explorer 4.0, the browser will crash. a. 512 b. 128 c. 64 d. 256
256
DES uses a(n) ___________-bit block size. a. 64 b. 32 c. 128 d. 256
64
__________ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure. a. 2DES b. 3DES c. DES d. AES
AES
The successor to 3DES is the ______ Encryption Standard.
Advanced
An information system is the entire set of __________, people, procedures, and networks that make possible the use of information resources in the organization. a. software b. All of the above c. data d. hardware
All of the above
At the World Championships in Athletics in Helsinki in August 2005, a virus called Cabir infected dozens of __________, the first time this occurred in a public setting. a. Bluetooth mobile phones b. WiFi routers c. iPad tablets d. laptop Macintosh computers
Bluetooth mobile phones
In PKI, the CA periodically distributes a(n) _________ to all users that identifies all revoked certificates. a. MAC b. RA c. RDL d. CRL
CRL
__________ sensors for example, work when a foot steps on a pressure-sensitive pad under a rug, or a window is opened a. Pressure b. Contact and weight c. Movement d. Motion
Contact and weight
__________ are encrypted message components that can be mathematically proven to be authentic. a. Message certificates b. MACs c. Digital signatures d. Message digests
Digital signatures
The __________ attempts to prevent trade secrets from being illegally shared. a. Sarbanes-Oxley Act b. Electronic Communications Privacy Act c. Economic Espionage Act d. Financial Services Modernization Act
Economic Espionage Act
The ______ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications.
Electronic Communications Privacy
__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals. a. Cryptology b. Cryptography c. Decryption d. Encryption
Encryption
What is the subject of the Computer Security Act? a. Telecommunications Common Carriers b. Federal Agency Information Security c. Cryptography Software Vendors d. Banking Industry
Federal Agency Information Security
What is the subject of the Sarbanes-Oxley Act? a. Trade secrets b. Banking c. Privacy d. Financial Reporting
Financial Reporting
The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. a. Usage b. Violence c. Theft d. Fraud
Fraud
__________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. a. Encryption b. Hash c. Key d. Map
Hash
__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet. a. IPSec b. PEM c. SSH d. SET
IPSec
The Health Insurance Portability and Accountability Act Of 1996, also known as the __________ Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange. a. HITECH b. Privacy c. Gramm-Leach-Bliley d. Kennedy-Kessebaum
Kennedy-Kessebaum
__________ is the entire range of values that can possibly be used to construct an individual key. a. Code b. Keyspace c. An algorithm d. A cryptogram
Keyspace
A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. a. fingerprint b. MAC c. digest d. signature
MAC
_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. a. PGP b. ESP c. AH d. DES
PGP
__________ was developed by Phil Zimmermann and uses the IDEA cipher for message encoding. a. PEM b. PGP c. S/MIME d. SSL
PGP
__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. a. MAC b. AES c. DES d. PKI
PKI
Originally released as freeware, _______ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms as an open-source de facto standard for encryption and authentication of e-mail and file storage.
Pretty Good Privacy (PGP)
The __________ algorithm, developed in 1977, was the first public-key encryption algorithm published for commercial use. a. MAC b. RSA c. DES d. AES
RSA
The ____________________ data file contains the hashed representation of the user's password. a. FBI b. SLA c. SNMP d. SAM
SAM
A variation of an SDLC that can be used to implement information security solutions in an organizations with little or no formal security in place is the __________. a. LCSecD b. CLSecD c. SecDSLC d. SecSDLC
SecSDLC
Netscape developed the _______ Layer protocol to use public-key encryption to secure a channel over the Internet, thus enabling secure communications.
Secure Socket
____ is any technology that aids in gathering information about a person or organization without their knowledge. a. Worm b. Trojan c. A bot d. Spyware
Spyware
The ____________________ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. a. TCP b. WWW c. HTTP d. FTP
TCP
____________________ are malware programs that hide their true nature, and reveal their designed behavior only when activated. a. Trojan horses b. Viruses c. Spam d. Worms
Trojan horses
The _____ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.
U.S.A. PATRIOT
The __________ defines stiffer penalties for prosecution of terrorist crimes. a. Gramm-Leach-Bliley Act b. Economic Espionage Act c. USA PATRIOT Act d. Sarbanes-Oxley Act
USA PATRIOT Act
Also known as the one-time pad, the ______ cipher, which was developed at AT&T, uses a set of characters only one time for each encryption process.
Vernman
__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. a. Work factor b. A key c. Code d. An algorithm
Work factor
Bit stream methods commonly use algorithm functions like the exclusive OR operation (__________). a. NOR b. OR c. EOR d. XOR
XOR
____________________ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. a. Servants b. Zombies c. Drones d. Helpers
Zombies
Which of the following functions does information security perform for an organization? a. Protecting the data the organization collects and uses. b. All of the above. c. Enabling the safe operation of applications implemented on the organization's IT systems. d. Protecting the organization's ability to function
all of the above
______ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication
authenticity
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage __________. a. with negligence b. with intent c. with malice d. by accident
by accident
A digital ______ is an electronic document or container file that contains a key value and identifying information about the entity that controls the key.
certificate
Digital ______ are public-key container files that allow computer programs to validate the key and identify to whom it belongs.
certificates
A(n) ______, or cryptosystem, is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.
cipher
The history of information security begins with the concept of ______ security.
computer
In an organization, the value of ______ of information is especially high when it involves personal information about employees, customers, or patients.
confidentiality
Attempting to reverse-calculate a password is called ______
cracking
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is called ______
cryptoanalysis
The science of encryption is known as ______.
cryptology
____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. a. infoterrorism b. hacking c. cracking d. cyberterrorism
cyberterrorism
One of the most widely known cryptographic algorithms is the ________, which was developed by IBM and is based on the company's Lucifer algorithm.
data encryption standard (DES)
Some sprinkler systems, called _______ systems, keep open all of the individual sprinkler heads, and as soon as the system is activated, water is immediately applied to all areas.
deluge
A message _______ is a fingerprint of the author's message that is compared with the recipient's locally calculated hash of the same message.
digest
An X.509 v3 certificate binds a ___________, which uniquely identifies a certificate entity, to a user's public key. a. message digest b. digital signature c. fingerprint d. distinguished name
distinguished name
Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is _____.
education
To _____ means to encrypt, encode, or convert plaintext into the equivalent ciphertext.
encipher
The ______ operation is a function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0.
exclusive OR
A short-term interruption in electrical power availability is known as a ____. a. brownout b. lag c. blackout d. fault
fault
The ______ detector is a sensor that detects the infrared or ultraviolet light produced by an open flame.
flame
One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. a. hackcyber b. phreak c. cyberhack d. hacktivist
hacktivist
The Secure ______ Standard issued by the National Institute of Standards and Technology specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file
hash
______ is the amount of moisture in the air.
humidity
Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ______
intelligence
"Long arm _______" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems whenever it can establish jurisdiction.
jurisdiction
A __________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. a. passphrase b. cipher c. password d. key
key
______ is the legal obligation of an entity that extends beyond criminal or contract law.
liability
A computer virus consists of segments of code that perform ______ actions.
malicious
Hashing functions do not require the use of keys, but it is possible to attach a ______ code to allow only specified recipients to access the message digest.
message authentication
A(n) ______ is a formal approach to solving a problem by means of a structured sequence of procedures.
methodology
A(n) _______ substitution uses one alphabet.
monoalphabetic
The presence of additional and disruptive signals in network communications or electrical power delivery is referred to as ______.
noise
A computer is the ______ of an attack when it is the entity being targeted.
object
The encapsulating security ______ protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.
payload
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. a. Physical b. Personal c. Object d. Standard
physical
During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases. a. implementation b. analysis c. investigation d. physical design
physical design
Managerial directives that specify acceptable and unacceptable employee behavior in the workplace are known as _______
policies
More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions. a. polyalphabetic b. polynomic c. multialphabetic d. monoalphabetic
polyalphabetic
Family law, commercial law, and labor law are all encompassed by _____ law.
private
A frequently overlooked component of an information system, ______ are the written instructions for accomplishing a specific task.
procedures
The more common name for asymmetric encryption is ______ -key encryption.
public
Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version. a. smurf list b. agile scrum c. timing matrix d. rainbow table
rainbow table
Organizations are moving toward more __________-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product. a. reliability b. security c. availability d. accessibility
security
Digital ______ are encrypted messages that can be mathematically proven to be authentic.
signatures
"4-1-9" fraud is an example of a ____________________ attack. a. virus b. spam c. social engineering d. worm
social engineering
In the context of information security, _____ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
social engineering
The ______ component of the IS comprises applications, operating systems, and assorted command utilities.
software
_______ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
spoofing
The process of hiding messages within the digital encoding of a picture or graphic is called _______.
steganography
A computer is the __________ of an attack when it is used to conduct an attack against another computer. a. target b. object c. subject d. facilitator
subject
To use a(n) ______ cipher, you substitute one value for another.
substitution
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role. a. Security professionals b. End users c. System administrators d. Security policy developers
system administrators
A methodology for the design and implementation of an information system that is a formal development strategy is referred to as a __________. a. development life project b. systems design c. systems development life cycle d. systems schema
systems development life cycle
A(n) ______ is an a potential risk to an information asset.
threat
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ________. a. for purposes of commercial advantage b. to harass c. in furtherance of a criminal act d. for private financial gain
to harass
In IPSec ______ mode, only the IP data is encrypted, not the IP headers.
transport
The ________ cipher simply rearranges the values within a block to create the ciphertext.
transposition
A mathematical ______ is a secret mechanism that enables you to easily accomplish the reverse function in a one-way function.
trapdoor
A(n) _______ is a potential weakness in an asset or its defensive control(s).
vulnerability
A type of SDLC where each phase has results that flow into the next phase is called the __________ model. a. waterfall b. SA&D c. pitfall d. Method 7
waterfall
A(n) ______ is a malicious program that replicates itself constantly, without requiring another program environment.
worm
