CS 175 Review For Final
A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________.
access
The sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place is called a(n) _____.
affidavit
The date for sending the final RFP to vendors is considered a milestone because it signals that __________.
all RFP preparation work is complete
Risk _____ is a determination of the extent to which an organization's information assets are exposed to risk.
analysis
The _____ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.
bull's-eye
The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____.
chain of evidence
Ideally, the _____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components
chief information officer (CIO)
Intrusion _____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
correction
______ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.
cyberterrorism
A(n) _____ scheme is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.
data classification
Which of the following is NOT a described IDPS control strategy?
decentralized
An X.509 v3 certificate binds a _____, which uniquely identifies a certificate entity, to a user's public key.
distinguished name
A ______ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
distributed denial-of-service
A technique used to compromise a system is known as a(n) ___________.
exploit
Activities that scan networks for active systems and then identify the network services offered by the host systems are known as _____.
fingerprinting
By managing the _____, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce.
process of change
Using a database of precomputed hashes from sequentially calculated passwords called a(n) _____, an attacker can simply look up a hashed password and read out the text version.
rainbow table
The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources is ____.
recovery time objective (RTO)
Many public organizations must spend all budgeted funds within the fiscal year—otherwise, the subsequent year's budget is _____.
reduced by the unspent amount
The first phase of the risk management process is _____.
risk identification
The dominant architecture used to secure network access today is the _____ firewall.
screened subnet
Digital _____ are encrypted messages that can be mathematically proven to be authentic.
signatures
Advance-Fee fraud is an example of a ______ attack.
social engineering
The process of hiding messages within the digital encoding of a picture or graphic is called _____.
steganography
A(n) _____ plan is a plan for the organization's intended efforts over the next several years (long-term).
strategic
A methodology and formal development strategy for the design and implementation of an information system is referred to as a _____.
systems development life cycle
The actions taken by management to specify the intermediate goals and objectives of the organization are _____.
tactical planning
The _____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
AH
_____ is simply how often you expect a specific type of attack to occur.
ARO
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____.
All of the above
Redundancy can be implemented at a number of points throughout the security architecture, such as in _____.
All of the above
Which of the following is a valid type of role when it comes to data ownership?
All of the above
Laws, policies, and their associated penalties only provide deterrence if which of the following conditions is present?
All of the other answers are correct
The restrictions most commonly implemented in packet-filtering firewalls are based on _____.
All of these answers are correct
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages?
All of these are BIA stages
A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.
False
All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.
False
Among the considerations in evaluating an IDPS are the product's scalability, testing, support provisions, and ability to provide information on the source of attacks.
False
Crisis response is an organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.
False
Firewalls can only filter packets by port number.
False
__________ was the first operating system to integrate security as one of its core functions.
MULTICS
The Digital _____ Copyright Act is the American contribution to an international effort by the World Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement.
Millennium
_____ are usually passive devices, but cannot analyze encrypted packets, making some traffic invisible to the process.
NIDPSs
__________ has become a widely accepted evaluation standard for training and education related to the security of information systems and is hosted by CNSS.
NSTISSI No. 4011
The EISP component of _____ provides information on the importance of information security in the organization and the legal and ethical obligation to protect critical information about customers, employees, and markets.
Need for Information Security
_____ controls address personnel security, physical security, and the protection of production inputs and outputs.
Operational
____ is any technology that aids in gathering information about a person or organization without their knowledge.
Spyware
_____ inspection firewalls keep track of each network connection between internal and external systems.
Stateful
_____ filtering requires that the firewall's filtering rules for allowing and denying packets are manually developed and installed with the firewall.
Static
_____often function as standards or procedures to be used when configuring or maintaining systems.
SysSPs
Which of the following versions of TACACS is still in use?
TACACS+
The ______ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.
TCP
Kerberos _____ provides tickets to clients who request services.
TGS
__________ occurs when an authorized person opens a door, and other people, who may or may not be authorized, also enter.
Tailgating
_____ is the requirement that every employee be able to perform the work of another employee.
Task rotation
_____ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Temporary employees
Due care and due diligence require that an organization make a valid effort to protect others and continually maintain this level of effort, ensuring these actions are effective.
True
Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites.
True
Internet Protocol Security (IPSec) is an open-source protocol framework for security development within the TCP/IP family of protocols.
True
Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught.
True
Managerial controls set the direction and scope of the security process and provide detailed instructions for its conduct.
True
Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database or violations of those rules.
True
The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device. _____
True
The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. _____
True
To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.
True
When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.
True
A device that assures the delivery of electric power without interruption is a(n) __________.
UPS
The InfoSec measurement development process recommended by NIST is divided into major activities that include all of the following EXCEPT _____.
Usage of the selected metrics.
A(n) _____ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
VPN
A(n) _____ is a simple project management planning tool used to break the project plan into smaller and smaller steps.
WBS
______ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.
Zombies
DES uses a(n) _____-bit block size.
64
_____ is the entire range of values that can possibly be used to construct an individual key.
Keyspace
A primary mailing list for new vulnerabilities, called simply _____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.
Bugtraq
A(n) _____ determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost.
CBA
The ______ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
CISO
The breadth and depth covered in each of the domains makes the _____ one of the most difficult-to-attain certifications on the market.
CISSP
In some organizations, the CISO's position may be combined with physical security responsibilities or may evenreport to a security manager who is responsible for both logical (information) security and physical security and such aposition is generally referred to as a _____.
CSO
The National Information Infrastructure Protection Act of 1996 modified which act?
Computer Fraud and Abuse Act
Which of the following acts defines and formalizes laws to counter threats from computer-related acts and offenses?
Computer Fraud and Abuse Act of 1986
The _____ is an intermediate area between a trusted network and an untrusted network.
DMZ
_____ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.
Defense in depth
_____ are encrypted message components that can be mathematically proven to be authentic.
Digital signatures
The _____ attempts to prevent trade secrets from being illegally shared.
Economic Espionage Act
_____ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
Encryption
A(n) _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
A _____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
MAC
Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost.
False
Knowing yourself means identifying, examining, and understanding the threats facing the organization's information assets.
False
Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients.
False
Risk mitigation is the risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards, but it is not the preferred approach to controlling risk.
False
SSL builds on the encoding format of the digital encryption standard (DES) protocol and uses digital signatures based on public-key cryptosystems to secure e-mail.
False
Standard HTTP (S-HTTP) is an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages transmitted via the Internet between a client and server using AES over HTTP.
False
The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers.
False
The continuity planning management team (CPMT) is the group of senior managers and project members organized to conduct and lead all contingency planning efforts.
False
You cannot combine the XOR operation with a block cipher operation.
False
An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement.
False
_____ addresses are sometimes called electronic serial numbers or hardware addresses.
MAC
The Computer _____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
Fraud
_____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
Hash
Known as the ping service, _____is a common method for hacker reconnaissance and should be turned off to prevent snooping.
ICMP
_____ is a professional association that focuses on auditing, control, and security. The membership comprises both technical and managerial professionals.
ISACA
In 2001, the Council of Europe drafted the European Council Cybercrime Convention, which empowers an international task force to oversee a range of security functions associated with _____ activities.
Internet
Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as _____.
JAD
The Health Insurance Portability and Accountability Act of 1996, also known as the _____ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange.
Kennedy-Kessebaum
Which type of organizations should prepare for the unexpected?
Organizations of every size and purpose should also prepare for the unexpected.
In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) _____.
PAC
The _____ commercial site focuses on current security tool resources.
Packet Storm
_____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
Packet-filtering
The _____ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly.
Policies
_____ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.
Program review
_____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.
Public
____ uses a number of hard drives to store information across multiple drive units.
RAID
If the task is to write firewall specifications for the preparation of a(n) _____, the planner would note that the deliverable is a specification document suitable for distribution to vendors.
RFP
Which of the following is not a major processing mode category for firewalls?
Router Passthrough
The ______ data file contains the hashed representation of the user's password.
SAM
A(n) _____ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
SPAN
The _____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
SSL Record Protocol
The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.
Security and Freedom through Encryption Act
Which if these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams?
So individuals don't find themselves with different responsibilities in different locations at the same time.
______ are malware programs that hide their true nature and reveal their designed behavior only when activated.
Trojan horses
AES implements a block cipher called the Rijndael Block Cipher with a variable block length and a key length of 128, 192 or 256 bits. _____
True
An affidavit is a sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place.
True
Criminal laws address activities and conduct harmful to society and are categorized as public law.
True
An information security _____ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.
framework
The risk management (RM) _____ is the overall structure of the strategic planning and design for the entirety of the organization's RM efforts.
framework
Nonmandatory recommendations the employee may use as a reference is known as a _____.
guideline
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value.
hash
When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting ______.
industrial espionage
Network behavior analysis system _____ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
inline
Criminal or unethical _____ goes to the state of mind of the individual performing the act.
intent
Understanding the _____ context means understanding elements that could impact or influence the RM process such as the organization's governance structure (or lack thereof), the organization's internal stakeholders, as well as the organization's culture.
internal
Which of the following phases is often considered the longest and most expensive phase of the systems development life cycle?
maintenance and change
The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption is _____.
maximum tolerable downtime (MTD)
The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures, is known as ______.
mean time between failure (MTBF)
The _____ risk treatment strategy attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.
mitigation
A potential disadvantage of a timeshare site-resumption strategy is:
more than one organization might need the facility
A(n) _____ IDPS is focused on protecting network information assets.
network-based
Hackers can be generalized into two skill groups: expert and ______.
novice
Security managers accomplish _____ identified by the CISO and resolve issues identified by technicians
objectives
The actions taken by management to specify the short-term goals and objectives of the organization are _____.
operational planning
A _____ is usually the best approach to security project implementation.
phased implementation
In a _____ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.
pilot
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except _____.
to harass
Risk _____ is the assessment of the amount of risk an organization is willing to accept for a particular information asset, typically synthesized into the organization's overall risk appetite.
tolerance
The _____ risk treatment strategy attempts to shift risk to other assets, other processes, or other organizations.
transference
In _____ mode, the data within an IP packet is encrypted, but the header information is not.
transport
In a _____, assets or threats can be prioritized by identifying criteria with differing levels of importance, assigning a score for each of the criteria, and then summing and ranking those scores.
weighted table analysis
Security _____ are the areas of trust within which users can freely communicate.
domains
The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.
physical security