Intrusion Detection & Firewalls

__________ information is a form of collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group.

Aggregate

A(n) ____________________ is a scripted description of an incident—usually just enough information so that each individual knows what portion of the IRP to implement, and not enough to slow down the notification process.

Alert Message

Management of classified data includes its storage and _________. destruction distribution portability All of the above

All of the above

The restrictions most commonly implemented in packet-filtering firewalls are based on __________. Direction (inbound or outbound) IP source and destination address All of the above TCP or UDP source and destination port requests

All of the above

The ____________________ phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.

Analysis

__________ of information is the quality or state of being genuine or original. Authenticity Spoofing Confidentiality Authorization

Authenticity

A virus or worm can have a payload that installs a(n) ____________________ door or trap door component in a system, which allows the attacker to access the system at will with special privileges

Back

A(n) ____________________ is an application error that occurs when more data is sent to a program than it is designed to handle.

Buffer Overflow

Which of the following acts defines and formalizes laws to counter threats from computer-related acts and offenses? Electronic Communications Privacy Act of 1986 Freedom of Information Act (FOIA) of 1966 All of the above Computer Fraud and Abuse Act of 1986

Computer Fraud and Abuse Act of 1986

The Internet brought ____________________ to virtually all computers that could reach a phone line or an Internet-connected local area network.

Connectivity

The __________ is an intermediate area between a trusted network and an untrusted network. perimeter firewall domain DMZ

DMZ

An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as __________. JAD/RAD SecOps DevOps SDLC

DevOps

The __________ Act of 1996 attempts to prevent trade secrets from being illegally shared

Economic Espionage

The __________ attempts to prevent trade secrets from being illegally shared. Financial Services Modernization Act Electronic Communications Privacy Act Sarbanes-Oxley Act Economic Espionage Act

Economic Espionage Act

ESD is the acronym for ____________________ discharge

Electrostatic

When information gatherers employ techniques in a commercial setting that cross the threshold of what is legal or ethical, they are conducting industrial ____________________.

Espionage

A(n) strategic ​information security policy is also known as a general security policy, and sets the strategic direction, scope, and tone for all security efforts. _________________________ True False

FALSE

A(n) _________ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. HTTP FCO CTO IP

FCO

The __________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security.

FOIA

A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior. True False

False

A(n) disaster is any adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. _________________________ True False

False

A(n) disaster recovery plan includes the steps necessary to ensure the continuation of the organization when a disaster's scope or scale exceeds the ability of the organization to restore operations, usually through relocation of critical business functions to an alternate location. _________________________ True False

False

A(n) intranet ​is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _________________________ True False

False

According to Sun Tzu, if you know yourself and know your enemy, you have an average chance to be successful in an engagement. True False

False

According to the CNSS, networking is "the protection of information and its critical elements." _________________________ True False

False

An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement. True False

False

Attacks conducted by scripts are usually unpredictable. True False

False

Civil law addresses activities and conduct harmful to society and is actively enforced by the state. _________________________ True False

False

Computer assets are the focus of information security and are the information that has value to the organization, as well as the systems that store, process, and transmit the information. ____________ True False

False

E-mail spoofing involves sending an e-mail message with a harmful attachment. True False

False

Each of the threats faced by an organization must be evaluated, including determining the threat's potential to endanger the organization, which is known as a threat prioritization. _________________________ True False

False

Even if Kerberos servers are subjected to denial-of-service attacks, a client can still request additional services. True False

False

Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets. True False

False

In information security, benchmarking is the comparison of past security activities and events against the organization's current performance. _________________________ True False

False

In order to keep the Web server inside the internal network, direct all HTTP requests to the internal filtering firewall and configure the internal filtering router/firewall to allow only that device to access the internal Web server. _________________________ True False

False

Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects. _________________________ True False

False

Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost. True False

False

Kerberos uses asymmetric key encryption to validate an individual user to various network resources. _________________________ True False

False

MULTICS stands for Multiple Information and Computing Service. _________________________ True False

False

Media are items of fact collected by an organization and include raw numbers, facts, and words. True False

False

Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________ True False

False

One of the basic tenets of security architectures is the layered implementation of security, which is called defense in redundancy. _________________________ True False

False

One of the biggest challenges in the use of the trusted computer base (TCB) is the existence of explicit channels. _________________________ True False

False

Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. _________________________ True False

False

Pervasive risk is the amount of risk that remains to an information asset even after the organization has applied its desired level of controls. _________________________ True False

False

Risk acceptance defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. _________________________ True False

False

Risk control is the enumeration and documentation of risks to an organization's information assets. _________________________ True False

False

Syntax errors in firewall policies are usually difficult to identify. True False

False

Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. True False

False

The Analysis phase of the SDLC examines the event or plan that initiates the process and specifies the objectives, constraints, and scope of the project. _________________________ True False

False

The Council of Europe Convention on Cybercrime has not been well received by advocates of intellectual property rights because it de-emphasizes prosecution for copyright infringement, but it has been well received by supporters of individual rights in the United States. True False

False

The Department of Homeland Security was created in 2003 by the 9/11 Memorial Act of 2002. _________________________ True False

False

The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system. _________________________ True False

False

The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers. True False

False

The bottom-up approach to information security has a higher probability of success than the top-down approach. True False

False

The difference between a policy and a law is that ignorance of a law is an acceptable defense. True False

False

The global information security community has universally agreed with the justification for the code of practices as identified in the ISO/IEC 17799. True False

False

The macro virus infects the key operating system files located in a computer's start-up sector. _________________________ True False

False

The possession of information is the quality or state of having value for some purpose or end. True False

False

The security framework is a more detailed version of the security blueprint. True False

False

The security model is the basis for the design, selection, and implementation of all security program elements, including policy implementation and ongoing policy and program management. _________________________ True False

False

Using a methodology will usually have no effect on the probability of success. True False

False

When a computer is the subject of an attack, it is the entity being attacked. True False

False

Within data classification schemes, it is important that all categories used be classified and mutually exclusive. _________________________ True False

False

What is the subject of the Sarbanes-Oxley Act? Banking Financial reporting Privacy Trade secrets

Financial reporting

Which of the following is an example of a Trojan horse program? Netsky MyDoom Klez Happy99.exe

Happy99.exe

The ____________________ authentication system is named after the three-headed dog of Greek mythology that guards the gates to the underworld.

Kerberos

__________ was the first operating system to integrate security as one of its core functions. MULTICS UNIX ARPANET DOS

MULTICS

__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. Circuit gateway Mac layer Application gateway Packet-filtering

Mac layer

RAID Level 1 is commonly called disk ____________________.

Mirroring

The ____________________ of an organization are the intermediate states obtained to achieve progress toward a goal or goals.

Objectives

During the early years, information security was a straightforward process composed predominantly of ____________________ security and simple document classification schemes.

Physical

__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. Standard Object Personal Physical

Physical

Duplication of software-based intellectual property is more commonly known as software ____________________.

Piracy

Software license infringement is also often called software __________.

Piracy

____________________ measures are generally less focused on numbers and are more strategic than metrics-based measures.

Process-based

__________ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Civil Public Criminal Private

Public

The goals of information security governance include all but which of the following? ​Risk management by executing appropriate measures to manage and mitigate threats to information resources ​Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care ​Strategic alignment of information security with business strategy to support organizational objectives

Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

____________________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.

Risk management

The __________ Act seeks to improve the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies.

SOX

Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level. True False

T

Kerberos __________ provides tickets to clients who request services. TGS KDS AS VPN

TGS

Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) ​_________.

Threat

In the ____________________ approach, the project is initiated by upper-level managers who issue policy, procedures, and processes, dictate the goals and expected outcomes, and determine accountability for each required action.

Top-down

A mail bomb is a form of DoS attack. True False

True

A number of technical mechanisms—digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media—have been used to deter or prevent the theft of software intellectual property. True False

True

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. _________________________ True False

True

A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. _________________________ True False

True

Best business practices are often called recommended practices. True False

True

Disaster recovery personnel must know their roles without supporting documentation, which is a function of preparation, training, and rehearsal. True False

True

Due care and due diligence require that an organization make a valid effort to protect others and continually maintain this level of effort, ensuring these actions are effective. True False

True

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. True False

True

Firewalls can be categorized by processing mode, development era, or structure. True False

True

Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of configuration rules. True False

True

Hackers are "persons who access systems and information without authorization and often illegally." _________________________ True False

True

Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _________________________ True False

True

In addition to their other responsibilities, the three communities of interest are responsible for determining which control options are cost effective for the organization. True False

True

Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. _________________________ True False

True

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. True False

True

Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied. _________________________ True False

True

Likelihood is the probability that a specific vulnerability within an organization will be the target of an attack. _________________________ True False

True

NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans, and provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size. True False

True

Of the two approaches to information security implementation, the top-down approach has a higher probability of success. _________________________ True False

True

One way to determine which information assets are valuable is by evaluating which information asset(s) would expose the company to liability or embarrassment if revealed. _________________________ True False

True

Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely. True False

True

Since it was established in January 2001, every FBI field office has started an InfraGard program to collaborate with public and private organizations and the academic community. True False

True

Software code known as a(n) cookie can allow an attacker to track a victim's activity on Web sites. _________________________ True False

True

Some firewalls can filter packets by protocol name. True False

True

The Department of Homeland Security works with academic campuses nationally, focusing on resilience, recruitment, internationalization, growing academic maturity, and academic research. True False

True

The Economic Espionage Act of 1996 protects American ingenuity, intellectual property, and competitive advantage. _________________________ True False

True

The FTC recommends that people place an initial fraud alert (among other things) when they suspect they are victims of identity theft. True False

True

The application layer proxy firewall is capable of functioning both as a firewall and an application layer proxy server. True False

True

The policy administrator is responsible for the creation, revision, distribution, and storage of the policy. True False

True

The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment. True False

True

The roles of information security professionals are almost always aligned with the goals and mission of the information security community of interest. True False

True

The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security management. _________________________ True False

True

The value of information comes from the characteristics it possesses. True False

True

The value of information to the organization's competition should influence the asset's valuation. True False

True

Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems. True False

True

To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards. True False

True

To remain viable, security policies must have a responsible manager, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and revision date. True False

True

With the removal of copyright protection mechanisms, software can be easily distributed and installed. True False

True

A(n) __________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. SESAME KERBES SVPN VPN

VPN

A(n) ____________________ dialer is an automatic phone-dialing program that dials every number in a configured range and checks to see if a person, answering machine, or modem picks up.

WAR

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees. accidental intentional physical external

accidental

Configuring firewall policies is viewed as much as a(n) __________ as it is a(n) __________. art, science skill, science pain, necessity philosophy, skill

art, science

You can determine the relative risk for each of the organization's information assets using a process called risk ____________________.

assessment

A(n) ____________________ is a performance value or metric used to compare changes in the object being measured.

baseline

The protection of all communications media, technology, and content is known as ___________. communications security ​physical security ​network security ​information security

communications security

A(n) ____________________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.

community of interest

In an organization, the value of ____________________ of information is especially high when it involves personal information about employees, customers, or patients.

confidentiality

A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. distributed denial-of-service virus spam denial-of-service

distributed denial-of-service

Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is __________.

education

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____. remote journaling electronic vaulting database shadowing off-site storage

electronic vaulting

A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.

expectancy

A technique used to compromise a system is known as a(n) ___________. access method exploit asset risk

exploit

The physical design is the blueprint for the desired solution. True False

false

Many organizations have policies that prohibit the installation of _________________________ tools without the written permission of the CISO

hacking

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value. hash code result smashing

hash

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____________________. false alarms urban legends polymorphisms hoaxes

hoaxes

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________. information security ​physical security ​communications security ​network security

information security

Information has ____________________ when it is whole, complete, and uncorrupted.

integrity

Criminal or unethical __________ goes to the state of mind of the individual performing the act. accident intent All of the above attitude

intent

__________ is the legal obligation of an entity that extends beyond criminal or contract law.

liability

In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. sniff-in-the-middle server-in-the-middle man-in-the-middle zombie-in-the-middle

man-in-the-middle

The ____________________ control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

mitigation

The __________ is the difference between an organization's observed and desired performance. objective risk assessment issue delta performance gap

performance gap

During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases. physical design analysis investigation implementation

physical design

The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________. ​information security ​physical security ​network security ​communications security

physical security

The ____________________ of information is the quality or state of ownership or control of some object or item.

possession

In 2002, Congress passed the Federal Information Security Management Act (FISMA), which mandates that all federal agencies __________. provide security awareness training develop policies and procedures based on risk assessments All of the above periodic assessment of risk

provide security awareness training

A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n) __________. dictionary crib rainbow table crack file

rainbow table

Incident ____________________ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets.

response

The dominant architecture used to secure network access today is the __________ firewall. unlimited static bastion screened subnet

screened subnet

A computer is the __________ of an attack when it is used to conduct an attack against another computer. facilitator subject target object

subject

People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____. End users System administrators Security professionals Security policy developers

system administrators

Terminal emulation, especially the unprotected ____________________ protocol, should be blocked from any access to all internal servers from the public network.

telnet

The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security

vulnerabilities

A potential weakness in an asset or its defensive control system(s) is known as a(n) ​_________.

vulnerability

A(n) ____________________ is a potential weakness in an asset or its defensive control(s).

vulnerability

A long-term interruption (outage) in electrical power availability is known as a(n) ___________. ​brownout ​sag ​fault ​blackout

​blackout