RQ SEC CH 01
__________ is a network project that preceded the Internet. (p. 5) NIST ARPANET FIPS DES
ARPANET
An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization. (p. 20) software hardware data All of the above
All of the above
__________ of information is the quality or state of being genuine or original. (p. 14-15) Authenticity Spoofing Confidentiality Authorization
Authenticity
E-mail spoofing involves sending an e-mail message with a harmful attachment. True False
False
Information security can be an absolute. (p. 23) True False
False
Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks. (p. 21) True False
False Data is often to most valuable asset of an organization and therefore the main target of intentional attacks.
The bottom-up approach to information security has a higher probability of success than the top-down approach. (p. 24) True False
False The bottom up approach seldom works because it lacks critical features such as participant support and organizational staying power.
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC). (p. 28) True False
False The maintenance and change phase is the longest and most expensive of the process.
The possession of information is the quality or state of having value for some purpose or end. (p. 15-16) True False
False The utility of information describes how data has value or usefulness for an end purpose.
Using a methodology will usually have no effect on the probability of success. (p. 26) True False
False Using a methodology ensures a rigorous process with a clearly defined goal and increases the probabilitiy of success.
When a computer is the subject of an attack, it is the entity being attacked. (p. 13) True False
False. The computer being attacked is the object of the attack where the computer being used to attack is the subject.
__________ was the first operating system to integrate security as one of its core functions. (p. 8) UNIX DOS MULTICS ARPANET
MULTICS
__________ has become a widely accepted evaluation standard for training and education related to the security of information systems. (p. 19) NIST SP 800-12 (p. 32) NSTISSI No. 4011 IEEE 802.11(g) ISO 17788
NSTISSI No. 4011
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. (p. 21) Physical Personal Object Standard
Physical
A breach of possession may not always result in a breach of confidentiality. (p. 18) True False
True
During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. True False
True
Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse. True False
True
The investigation phase of the SDLC involves specification of the objectives, constraints, and scope of the project. (p. 28) True False
True
The value of information comes from the characteristics it possesses. (p. 15) True False
True
To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats. (p. 23) True False
True
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value. (p. 17) result smashing hash code
hash
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection. (p. 12-13) indirect direct software hardware
indirect
A computer is the __________ of an attack when it is used to conduct an attack against another computer. (p. 13) subject object target facilitator
subject
A methodology and formal development strategy for the design and implementation of an information system is referred to as a __________. (p. 25-26) systems design development life project systems development life cycle systems schema
systems development life cycle or SDLC
The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security. (p. 5) bugs vulnerabilities malware maintenance hooks
vulnerabilities