CYB 155 Exam 2 (Modules 5-7)

The _____ is a respected professional society that was established in 1947. Today it is "the world's largest educational and scientific computing society. - Association for Computing Machinery - Information Systems Security Association (ISSA) - International Information Systems Security Certification Consortium, Inc. - EC-Council

Association for Computing Machinery

The Cybersecurity Analyst+ certification from _____ is an intermediate certification with both knowledge-based and performance-based assessment. - SANS - CompTIA - ACM - ISACA

CompTIA

CompTIA offers a vendor-specific certification program called the Security+ certification. T/F

False

The (ISC)2 CISSP concentrations are available for currently certified CISSP professionals to demonstrate knowledge that is part of the CISSP common body of knowledge. T/F

False

The (ISC)2 CISSP-ISSEP concentrationfocuses on the knowledge area including systems lifecycle management, threat intelligence and incident managements. T/F

False

The Council of Europe Convention on Cybercrime has not been well received by advocates of intellectual property rights because it de-emphasizes prosecution for copyright infringement. T/F

False

The security manager position is much more general than that of the CISO. T/F

False

an after-action review is an opportunity for everyone who was involved in planning for an incident or disaster to sit down and discuss what will happen when the plan is implemented. T/F

False

an attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement. T/F

False

incident detail assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets. T/F

False

procedures are planned for each identified incident scenario with incident handling procedures established for before and during the incident. T/F

False

reported attacks are a definite indicator of an actual incident. T/F

False

root cause analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting. T/F

False

What is the subject of the Computer Security Act of 1987? - Federal agency information security - Telecommunications common carriers - Cryptography software vendors - All of the other answers are correct

Federal agency information security

There are three general causes of unethical and illegal behavior: _____, Accident, and Intent. - Curiosity - Ignorance - Revenge - None of the other answers are correct

Ignorance

The former System Administration, Networking, and Security Organization is now better known as _____. - SANO - SANSO - SANS - SAN

SANS

the CPMT should include a ______ who is a high-level manager to support, promote, and endorse the findings, and endorse the findings of the project and could be the COO or (ideally) the CEO/president. - project instigator - executive-in-charge - champion - project manager

champion

ideally, the ____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components. - chief executive officer (CEO) - senior auditor - chief financial officer (CFO) - chief information officer (CIO)

chief information officer

the transfer of large batches of data to an off-site facility, usually through leased lines of services, is called ______. - off-site storage - databases shadowing - electronic vaulting - remote journaling

electronic vaulting

Many organizations use a(n) _____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization. - exit - departure - termination - hostile

exit

The latest forecasts for information security-related positions expect _____ openings than in many previous years.. - fewer - more - many fewer - the same number of

more

Security managers accomplish _____ identified by the CISO and resolve issues identified by technicians - strategies - objectives - tactics - tasks

objectives

which type of organizations should prepare for the unexpected? - large organizations which have many assets at risk - small organizations that can easily recover - only those without good insurance - organizations of every size and purpose should also prepare for the unexpected

organizations of every size and purpose should also prepare for the unexpected

Laws, policies, and their associated penalties only provide deterrence if which of the following conditions is present? - Fear of penalty - Probability of being caught - Probability of penalty being administered - All of the other answers are correct

All of the other answers are correct

Many who enter the field of information security are technical professionals such as _____ who find themselves working on information security applications and processes more often than traditional IT assignments. - All of the other answers are correct - networking experts or systems administrators - database administrators - programmers

All of the other answers are correct

The information security function can be placed within the _____. - legal department - administrative services function - All of the other answers are correct - insurance and risk management function

All of the other answers are correct

The ISSMP concentration examination is designed to provide CISSPs with a mechanism to demonstrate competence in _____. - business continuity planning and disaster recovery planning - security management practices - enterprise security management practices - All of these answers are correct

All of these answers are correct

According to Schwartz, "_____" are the real techies who create and install security solutions. - Builders - Administrators - Engineers - Definers

Builders

The _____ is the title most commonly associated with the top information security officer in the organization. - CEO - CISO - CTO - CFO

CISO

The (ISC)2 _____ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's common body of knowledge. - CISM - CISA - C|CISO - CISSP

CISSP

The breadth and depth covered in each of the domains makes the _____ one of the most difficult-to-attain certifications on the market. - Security+ - CISSP - ISEP - CISA

CISSP

In some organizations, the CISO's position may be combined with physical security responsibilities or may even report to a security manager who is responsible for both logical (information) security and physical security and such a position is generally referred to as a _____. - CSO - CTO - CPSO - CNSO

CSO

_____ law comprises a wide variety of laws pertaining to relationships among individuals and organizations. - Criminal - Civil - Statutory - Constitutional

Civil

The National Information Infrastructure Protection Act of 1996 modified which act? - USA PATRIOT Act - USA PATRIOT Improvement and Reauthorization Act - Computer Security Act - Computer Fraud and Abuse Act

Computer Fraud and Abuse Act

Which of the following acts defines and formalizes laws to counter threats from computer-related acts and offenses? - Electronic Communications Privacy Act of 1986 - Freedom of Information Act (FOIA) of 1966 - Computer Fraud and Abuse Act of 1986 - All of the other answers are correct

Computer Fraud and Abuse Act of 1986

Payment Card Industry _____ Standards are designed to enhance the security of customers' payment card account data. - Data Safety - Data Security - Data Practices - Account Security

Data Security

The _____ attempts to prevent trade secrets from being illegally shared. - Electronic Communications Privacy Act - Sarbanes-Oxley Act - Financial Services Modernization Act - Economic Espionage Act

Economic Espionage Act

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? - Electronic Communications Privacy Act - Financial Services Modernization Act - Sarbanes-Oxley Act - Economic Espionage Act

Electronic Communications Privacy Act

_____ use allows copyrighted materials to be used to support news reporting, teaching, scholarship, and similar activities, if the use is for educational or library purposes, is not for profit, and is not excessive. - Justified - Fair - Personal - Limited

Fair

A key difference between a policy and a law is that ignorance of a law is an acceptable defense. T/F

False

A(n) alarming event is an event with negative consequences that could threaten the organization's information assets or operations T/F

False

Changes to systems logs are a possible indicator of an actual incident. T/F

False

Cultural differences can make it difficult to determine what is ethical and not ethical between cultures, except when it comes to the use of computers, where ethics are considered universal. T/F

False

Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site. T/F

False

Existing information security-related certifications are typically well understood by those responsible for hiring in organizations. T/F

False

Organizations are not required by law to protect employee information that is sensitive or personal. T/F

False

a recovery time objective (RTO) is the total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption. T/F

False

a(n) disaster is an adverse event that could result in a loss of an information asset or assets, but does not currently threaten the viability of the entire organization T/F

False

a(n) disaster recovery plan includes the steps necessary to ensure the continuation of the organization when a disaster's scope or scale exceeds the ability of the organization to restore operations, usually through relocation of critical business function to an alternate location T/F

False

an affidavit is permission to search for evidentiary material at a specified location or to seize items to return to an investigator's lab for examination. T/F

False

an external event is an event with negative consequences that could threaten the organization's information assets or operations; also referred to as an incident candidate. T/F

False

an incident is an adverse event that could result in a loss of information assets and threatens the viability of the entire organization. T/F

False

crisis response is an organization's set of planning and preparation efforts for dealing with potential human injury, emotional, trauma, or loss of life as a result of a disaster. T/F

False

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? - Financial Services Modernization Act - Communications Act - Computer Security Act - Health Insurance Portability and Accountability Act

Financial Services Modernization Act

What is the subject of the Sarbanes-Oxley Act? - Banking - Financial reporting - Privacy - Trade secrets

Financial reporting

The Computer _____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. - Violence - Fraud - Theft - Usage

Fraud

_____ is a professional association that focuses on auditing, control, and security. The membership comprises both technical and managerial professionals. - ISACA - Information Systems Security Association (ISSA) - EC-Council - SANS

ISACA

In 2001, the Council of Europe drafted the European Council Cybercrime Convention, which empowers an international task force to oversee a range of security functions associated with _____ activities. - online terrorist - electronic - cyberactivist - Internet

Internet

The Health Insurance Portability and Accountability Act of 1996, also known as the _____ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange. - Gramm-Leach-Bliley - Kennedy-Kessebaum - Privacy - HITECH

Kennedy-Kessebaum

The Digital _____ Copyright Act is the American contribution to an international effort by the World Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement. - Management - Master - Information - Millennium

Millennium

_____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. - Public - Private - Civil - Criminal

Public

_____ uses a number of hard drives to store information across multiple drive units. - RAID - continuous database protection - legacy backup - virtualization

RAID

_____ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented. - CISOs - CSOs - Security analysts - Security managers

Security analysis

The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. - Prepper Act - Economic Espionage Act - USA PATRIOT Act - Security and Freedom through Encryption Act

Security and Freedom through Encryption Act

_____ is a cornerstone in the protection of information assets and in the prevention of financial loss. - Fire suppression - Separation of duties - Business separation - Collusion

Separation of duties

In the 1999 study of computer use-ethics, which of the following countries reported the least tolerant attitudes toward misuse of organizational computing resources? - Australia - United States - Singapore - Sweden

Singapore

_____ is the requirement that every employee be able to perform the work of another employee. - Two-man control - Collusion - Duty exchange - Task rotation

Task rotation

_____ are hired by the organization to serve in a temporary position or to supplement the existing workforce. - Consultants - Self-employees - Temporary employees - Contractors

Temporary employees

A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position. T/F

True

In many organizations, information security teams lack established roles and responsibilities. T/F

True

Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught. T/F

True

Prior to the development of each of the types of contingency planning documents, the CP team should work to develop the policy environment. T/F

True

Security administrators provide day-to-day systems monitoring to support an organization's goals and objectives. T/F

True

Since it was established in January 2001, every FBI field office has started an InfraGard program to collaborate with public and private organizations and the academic community. T/F

True

Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group. T/F

True

The Department of Homeland Security works with academic campuses nationally, focusing on resilience, recruitment, internationalization, growing academic maturity, and academic research. T/F

True

The Secret Service is charged with safeguarding the nation's financial infrastructure and payments systems to preserve the integrity of the economy. T/F

True

The process of integrating information security perspectives into the hiring process includes with reviewing and updating all job descriptions. T/F

True

The recovery point objective (RPO) is the point in time prior to disruption or system outage to which mission/business process data can be recovered after an outage. ______ T/F

True

The use of standardized job descriptions can increase the degree of professionalism in the information security field. T/F

True

To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility. T/F

True

an alert message is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. T/F

True

disaster classification is the process of examining an adverse event or incident and determination whether it constitutes an actual disaster. T/F

True

evidentiary material is any information that could potentially support an organization's legal or policy-based case against a suspect. T/F

True

forensics can provide a determination of the source or origin of an event, problem, or issue like an incident. T/F

True

incident classification is the process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident. T/F

True

incident damage assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets. T/F

True

incident response is an organization's set of planning and preparation efforts for detecting, reacting to, and recovering from an incident. T/F

True

prior to the development of each of the types of contingency planning documents, the CP team should work to develop the policy environment. T/F

True

the business impact analysis is a preparatory activity common to both CP and risk management. T/F

True

the chain of evidence is the detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. T/F

True

the disaster recovery planning team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters. T/F

True

the organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: protect and forget or apprehend and prosecute. T/F

True

the organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: the two approaches are protect and forget, and apprehend and prosecute. T/F

True

Which of the following is not one of the categories of positions defined by Schwartz? - User - Builder - Administrator - Definer

User

a(n) ________ is a document containing contact information for the people to be notified in the event of an incident - phone list - emergency notification system - alert roster - call registry

alert roster

A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____ - controls have proven ineffective - controls have failed - controls have been bypassed - all of the above

all of the above

In 2002, Congress passed the Federal Information Security Management Act (FISMA), which mandates that all federal agencies _____. - provide security awareness training - periodic assessment of risk - develop policies and procedures based on risk assessments - all of the other answers are correct

all of the other answers are correct

the CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? - determine mission/business processes and recovery critically - identify resource requirements - identify recovery priorities for system resources - all of these are BIA stages

all of these are BIA stages

most common data backup schemes involve ______. - disk-to-disk-to-cloud - neither a nor b - RAID - both a and/or b

both a and/or b

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage _____. - with intent - by accident and/or through unintentional negligence - with malice - none of the other answers are correct

by accident and/or through unintentional negligence

The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____. - evidence affidavit - chain of evidence - search warrant - audit trail

chain of evidence

a ______ site provides only rudimentary services and facilities - hot - cold - warm - commercial

cold

the most common schedule for tape-based backup is a ______ backup, either incremental or differential, with a weekly off-site full backup - hourly off-site - daily on-site - daily off-site - 12-hour-on-site

daily-on-site

______ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident. - incident response - containment development - damage assessment - disaster assessment

damage assessment

the storage of duplicate online transaction data, along with the duplication of the databases, at a remote on a redundant server is called _______. - database shadowing - electronic vaulting - application recovery - remote journaling

database shadowing

a crime involving digital media, computer technology, or related components may best be called an act of ______. - digital malfeasance - digital abuse - computer theft - computer trespass

digital malfeasance

the process of examining an adverse event or incident and determining whether it constitutes an actual disaster in known as _____. - disaster indication - disaster classification - event escalation - incident review

disaster classification

an organization aggrgates all local backups to a central repository and then backs up that repository to an online vendor with a _____ backup strategy - RAID - differential - disk-to-disk-to-cloud - disk-to-disk-to-tape

disk-to-disk-to-cloud

In most cases, organizations look for a technically qualified information security _____ who has a solid understanding of how an organization operates. - specialist - expert - internist - generalist

generalist

a resumption location known as a ______ is a fully configured computer facility capable of establishing operations at a moment's notice. - mobile site - hot site - service bureau - cold site

hot site

The unauthorized taking of person information with the intent of committing fraud and abuse of a person's financial and personal reputation, purchasing goods and services without authorization, and generally impersonating the victim for illegal or unethical purposes.is known as _____. - non-criminal fraud - ransoming - identity theft - identity extortion

identity theft

Criminal or unethical _____ goes to the state of mind of the individual performing the act. - ignorance - intent - accident - all of the other answers are correct

intent

The ISSEP concentration allows CISSP certificate holders to demonstrate expert knowledge of all of the following except _____. - international laws - certification and accreditation/risk management framework - technical management - systems security engineering

international laws

the total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption is _______. - recovery time objective (RTO) - recovery point objective (RPO) - work recovery time (WRT) - maximum tolerable downtime (MTD)

maximum tolerable downtime (MTD)

Many who move to business-oriented information security were formerly_____ who were often involved in national security or cybersecurity. - business analysts - lawyers - military personnel - marketing managers

military personnel

a potential disadvantage of a timeshare site-resumption strategy is: - more than one organization might need the facility - more expensive than other options - requires additional investment in time and technology to get up to speed in the event of a disaster - all of the above

more than one organization might need the facility

Information about a person's history, background, and attributes that can be used to commit identity theft is known as _____ information. - virtually interpreted - privately held - personally identifiable - identity defined

personally identifiable

The transfer of transaction data in real time to an off-site facility is called ______. - database shadowing - electronic vaulting - off-site storage - remote journaling

remote journaling

data backup should be based on a(n) _____ policy that specifies how long log data should be maintained. - retention - business resumption - incident response - replication

retention

a _____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor. - time-share agreement - mutual agreement - service agreement - memorandum of understanding

service agreement

which of these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams? - to allow people to specialize in one area - to avoid cross-division rivalries - so individuals don't find themselves with different responsibilities in different locations at the same time - to spread the work out among more people

so individuals don't find themselves with different responsibilities in different locations at the same time

According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except _____. - for purposes of commercial advantage - for private financial gain - to harass - in furtherance of a criminal act

to harass

The SSCP examination is much more rigorous than the CISSP examination. T/F

False

The United States has implemented a version of the DMCA law called the Database Right, in order to comply with Directive 95/46/EC. T/F

False

a business influence analysis (BIA) is an investigation and assessment of adverse events that can affect the organization. T/F

False

a business policy is a task performed by an organization's overall mission and operations. T/F

False

a disaster recovery plan shows the organization's intended efforts to establish operations at an alternate site in the aftermath of a disaster. T/F

False

a planning check is a testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster. T/F

False

an after-action re-assessment is an opportunity for everyone who was involved in an incident or disaster to sit down and discuss what happened. T/F

False

the business impact analysis is a preparatory activity common to both CP and risk management T/F

False

the computer security incident response team in composed solely of technical IT professionals who are prepared to detect, react to, and recover from an incident. T/F

False

the continuity planning management team (CPMT) is the group of senior managers and project members organized to conduct and lead all contingency planning efforts. T/F

False

the disaster recovery preparation team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters. T/F

False

the total time needed to place the business function back in service must be longer than the maximum tolerable downtime. T/F

False

the work response time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. T/F

False

two ways to activate an alert roster are simultaneously and in parallel. T/F

False

use of dormant accounts is a probable indicator of an actual incident. T/F

False

a(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs T/F

False - Business Continuity Plan (BCP)

A cold site provides many of the same services and options of a hot site, but at a lower cost T/F

False - a cold site only has rudimentary services

a(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people T/F

False - hierarchical

An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training. T/F

True

Criminal laws address activities and conduct harmful to society and are categorized as public law. T/F

True

In many cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates. T/F

True

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. T/F

True

a business process is a task performed by an organization or one of its units in support of the organization's overall mission and operations. T/F

True

a business process is a task performed by and organization or one of its units in support of the organization's overall mission and operations T/F

True

a rapid-onset disaster is one that gradually degrades the capacity of an organization contracts with a service agency to provide a facility for a fee. T/F

True

a service bureau is an agency that provides a service for a fee T/F

True

an affidavit is a sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place. T/F

True

reported attacks are a probable indicator of an actual incident. T/F

True

the process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. T/F

True

the work recovery time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. T/F

True

using a service bureau is a BC strategy in which an organization contracts with a service agency to provide a facility for a fee. T/F

True

The _____ defines stiffer penalties for prosecution of terrorism-related activities. - USA PATRIOT Act - Sarbanes-Oxley Act - Gramm-Leach-Bliley Act - Economic Espionage Act

USA PATRIOT Act

The CISA credential is promoted by ISACA as the certification that is appropriate for all but which type of professionals? - accounting - auditing - security - networking

accounting

the sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place is called a(n) ______. - affidavit - writ of habeas corpus - sworn warrant - search warrant

affidavit

To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a behavioral feasibility study before the program is _____. - planned - budgeted - considered - implemented

implemented

The model commonly used by large organizations places the information security department within the _____ department. - physical security - management - information technology - production

information technology

each of the following is a role for the crisis management response team EXCEPT: - informing local emergency services to respond to the crisis - keeping the public informed about the event - communicating with major customers and other stakeholders - supporting personnel and their loved ones during the crisis

informing local emergency services to respond to the crisis

Like the CISSP, the SSCP certification is more applicable to the security_____ than to the security _____. - manager, technician - technician, manager - manager, engineer - technician, executive

manager, technician

The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any _____ purposes. - troubleshooting - billing - customer service - marketing

marketing

digital forensics involves the _____, identification, extraction, documentation, and interpretation of digital media. - investigation - determination - confiscation - preservation

preservation

the point in time before a disruption or system outage to which business process data can be recovered after an outage is ______. - recovery point objective (RPO) - work recovery time (WRT) - recovery time objective (RTO) - maximum tolerable downtime (MTD)

recovery point objective (RPO)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources is ____. - work recovery time (WRT) - recovery time objective (RTO) - recovery point objective (RPO) - maximum tolerable downtime (MTD)

recovery time objective (RTO)

a ________ is an agency that provides physical facilities in the event of a disaster for a fee - service bureau - time-share - mobile site - cold site

service bureau