Security Review 4

¡Supera tus tareas y exámenes ahora con Quizwiz!

The model commonly used by large organizations places the information security department within the __________ department.

Information Technology

The service within Kerberos that generates and issues session keys is known as __________.

KDC

Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _________________________

True

The effective use of a DMZ is one of the primary methods of securing an organization's networks.

True

The process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. _________________________

True

The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.

True

A(n) __________ is a simple project management planning tool.

WBS

In __________ mode, the data within an IP packet is encrypted, but the header information is not.

Transport

All systems that are mission critical should be enrolled in platform security validation (PSV) measurement.

True

In 1917, Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key.

True

PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities.

True

DES uses a(n) ___________-bit block size.

64

Which of the following acts defines and formalizes laws to counter threats from computer-related acts and offenses?

Computer Fraud and Abuse Act of 1986

All organizations with a router at the boundary between the organization's internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets.

False

Media are items of fact collected by an organization and include raw numbers, facts, and words.

False

Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _________________________

False

Static electricity is not noticeable to humans until levels approach 150 volts.

False

The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _________________________

False

The SSCP examination is much more rigorous than the CISSP examination.

False

The defense control strategy is the risk control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards, but it is not the preferred approach to controlling risk.

False

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).

False

In the __________ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time.

Rate-of-rise

The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.

SSL Record Protocol

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of duties

"4-1-9" fraud is an example of a ____________________ attack.

Social Engineering

Kerberos __________ provides tickets to clients who request services.

TGS

An X.509 v3 certificate binds a ___________, which uniquely identifies a certificate entity, to a user's public key.

distinguished name

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

electronic vaulting


Conjuntos de estudio relacionados

Mgt. 4335 Ch. 8, Mgt. 4335 Ch. 10, Mgt. 4335 Ch. 12, Mgt. 4335 Ch. 11

View Set

Commercial and Consumer contracts

View Set

Introduction to Scrum Master Week 1

View Set

Biology Study Guide- Food Chains and Food Webs

View Set