Security Review 4
The model commonly used by large organizations places the information security department within the __________ department.
Information Technology
The service within Kerberos that generates and issues session keys is known as __________.
KDC
Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _________________________
True
The effective use of a DMZ is one of the primary methods of securing an organization's networks.
True
The process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. _________________________
True
The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.
True
A(n) __________ is a simple project management planning tool.
WBS
In __________ mode, the data within an IP packet is encrypted, but the header information is not.
Transport
All systems that are mission critical should be enrolled in platform security validation (PSV) measurement.
True
In 1917, Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key.
True
PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities.
True
DES uses a(n) ___________-bit block size.
64
Which of the following acts defines and formalizes laws to counter threats from computer-related acts and offenses?
Computer Fraud and Abuse Act of 1986
All organizations with a router at the boundary between the organization's internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets.
False
Media are items of fact collected by an organization and include raw numbers, facts, and words.
False
Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _________________________
False
Static electricity is not noticeable to humans until levels approach 150 volts.
False
The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _________________________
False
The SSCP examination is much more rigorous than the CISSP examination.
False
The defense control strategy is the risk control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards, but it is not the preferred approach to controlling risk.
False
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
False
In the __________ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time.
Rate-of-rise
The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
SSL Record Protocol
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
Separation of duties
"4-1-9" fraud is an example of a ____________________ attack.
Social Engineering
Kerberos __________ provides tickets to clients who request services.
TGS
An X.509 v3 certificate binds a ___________, which uniquely identifies a certificate entity, to a user's public key.
distinguished name
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.
electronic vaulting