CINS 3044 Exam 1

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted is the __________ security model.

CNSS

Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past?

Descriptive ethics

Access control lists regulate who, what, when, where, and why authorized users can access a system. (T/F?)

False

Information ambiguation occurs when pieces of nonprivate data are combined to create information that violates privacy. (T/F?)

False

It is the responsibility of InfoSec professionals to understand state laws and bills. (T/F?)

False

The "Authorized Uses" section of an ISSP specifies what the identified technology cannot be used for. (T/F?)

False

The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. (T/F?)

False

The first step in solving problems is to gather facts and make assumptions. (T/F?)

False

To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in 1996.​ (T/F?)

False

Values statements should be ambitious; after all, they are meant to express the aspirations of an organization. (T/F?)

False

When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. (T/F?)

False

Which law addresses privacy and security concerns associated with the electronic transmission of PHI?

Health Information Technology for Economic and Clinical Health Act

security

A state of being secure and free from danger or harm.

asset

An organizational resource that is being protected.

Which of the following is a C.I.A. triad characteristic that addresses the threat from corruption, damage, destruction, or other disruption of its authentic state?

integrity

A detailed outline of the scope of the policy development project is created during which phase of the SDLC?

investigation

Which phase of the SDLC should get support from senior management?

investigation

IT's focus is the efficient and effective delivery of information and administration of information resources, while InfoSec's primary focus is the __________ of all information assets.

protection

The individual accountable for ensuring the day-to-day operation of the InfoSec program, accomplishing the objectives identified by the CISO, and resolving issues identified by technicians is known as a(n) ____________.

security manager

Which level of planning breaks down each applicable strategic goal into a series of incremental objectives?

tactical

Digital forensics can be used for two key purposes: ________ or _________.

to investigate allegations of digital malfeasance; to perform root cause analysis

In which SDLC model does the work product from each phase transition into the next phase to serve as its starting point while allowing movement back to a previous phase should the project require it?

waterfall

information security (InfoSec)

Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology

informational asset

The focus of information security; information that has value to the organization, and the systems that store, process, and transmit the information.

The basic outcomes of InfoSec governance should include all but which of the following?

Time management by aligning resources with personnel schedules and organizational objectives

A clearly directed strategy flows from top to bottom rather than from bottom to top. (T/F?)

True

A maintenance model is intended to focus ongoing maintenance efforts so as to keep systems usable and secure. (T/F?)

True

Policies must specify penalties for unacceptable behavior and define an appeals process. (T/F?)

True

The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. (T/F?)

True

Today's InfoSec systems need constant monitoring, testing, modifying, updating, and repairing. (T/F?)

True

​Due diligence requires that an organization make a valid and ongoing effort to protect others. (T/F?)

True

​Information security policies are designed to provide structure in the workplace and explain the will of the organization's management. (T/F?)

True

What are the two general approaches for controlling user authorization for the use of a technology?

access control lists and capability tables

A risk assessment is performed during which phase of the SDLC?

analysis

The most complex part of an investigation is usually __________.

analysis for potential EM

Force majeure includes all of the following EXCEPT:

armed robbery

Which of the following is a C.I.A. triad characteristic that ensures only those with sufficient privileges and a demonstrated need may access certain information?

confidentiality

The process of integrating the governance of the physical security and information security efforts is known in the industry as __________.

convergence

Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies, and technical controls.

deterrence

A __________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

distributed denial of service

Writing a policy is not always as easy as it seems. However, the prudent security manager always scours available resources for __________ that may be adapted to the organization.

examples

Laws, policies, and their associated penalties only provide deterrence if three conditions are present. Which of these is NOT one of them?

frequency of review

One form of online vandalism is __________, in which individuals interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

hacktivism

This collaborative support group began as a cooperative effort between the FBI's Cleveland field office and local technology professionals with a focus of protecting critical national infrastructure.

InfraGard


Kaugnay na mga set ng pag-aaral

The Normative/Descriptive Decision

View Set

Ch 16: gene regulation in eukaryotes - epigentics

View Set

CH 6 Concept Overviews, Exercises, Problems

View Set

Chapter 1: Baptism - Source of Our Life - Samuel Konur

View Set

Chapter 25 Liquid Chromatography

View Set