IS Chapter 15 Quiz
The U.S. Transportation Administration (TSA) initially started with an anti-counterfeiting role in 1865. True/False
False
United States Computer Emergency Response Team (US-CERT) developed OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Exposure), a risk management methodology. True/False
False
The ________ manages the U.S. Secret Service, Customs and Border Protection, and the Transportation Security Administration (TSA).
Department of Homeland Security (DHS)
Once qualified, an (ISC)2 certification is valid for life. True/False
False
The MITRE Corporation hosts the National Vulnerability Database (NVD). True/False
False
The National Institute of Standards and Technology (NIST) manages the U.S. Secret Service. True/False
False
Open Web Application Security Project (OWASP) tools include the following EXCEPT: -Nmap -AntiSamy -WebScarab -WebGoat
NOT Anti NOT WebGoat
The National Cyber Security Division (NCSD) is part of which U.S. federal agency? -Federal Trade Commission -Department of Homeland Security -Federal Communications Commission -Department of Commerce
NOT Department of Commerce NOT Federal Communications
Which organization's projects include the Web-Hacking Incident Database and distributed open proxy honeypots? -US-CERT -National Cyber Security Division (NCSD) -Web Application Security Consortium (WASC) -MITRE Corporation
NOT National NOT MITRE
Which of the following is NOT true of the United States Computer Emergency Response Team Coordination Center (CERT/CC)? -Plays an active role in the investigation of computer incidents -Is part of the Software Engineering Institute at Carnegie Mellon University -Conducts research and training for the wider computer security incident response team (CSIRT) community -Provides training for OCTAVE
NOT Provides NOT Conducts NOT Is part
You are an information systems security professional who is interested in specializing in risk management. Which of the following (ISC)2 certifications is most appropriate? -Systems Security Certified Practitioner (SSCP) -Certified Information Systems Security Professional (CISSP) -Certification and Accreditation Professional (CAP) -Associate
NOT Systems NOT Certified
You are a program developer who is interested in specializing in the security aspects of software development. Which of the following (ISC)2 certifications is most appropriate? -Certification and Accreditation Professional (CAP) -Certified Secure Software Lifecycle Professional (CSSLP) -Systems Security Certified Practitioner (SSCP) -Certified Information Systems Security Professional (CISSP)
NOT Systems NOT Certified Information
You are a recent college graduate with a degree in information systems security. Which of the following (ISC)2 certifications is most appropriate for a person starting a career in this field? -Certified Information Systems Security Professional (CISSP) -Associate -Systems Security Certified Practitioner (SSCP) -Certification and Accreditation Professional (CAP)
NOT Systems NOT Certified Information
The National Institute of Standards and Technology (NIST) publishes:
NOT The Common
United States Computer Emergency Response Team (US-CERT) is part of which organization? -Computer Emergency Response Team Coordination Center (CERT/CC) -National Institute of Standards and Technology (NIST) -National Cyber Security Division (NCSD) -The MITRE Corporation
NOT The MITRE
What is the purpose of a honeypot?
NOT To draw participants to user awareness training
Which of the following does National Institute of Standards and Technology (NIST) offer? -Common Vulnerabilities and Exposures (CVE) list -CISSP certification -Federal Information Processing Standards (FIPS) -Web-Hacking Incident Database
NOT Web- NOT CISSP
Which technology does US-CERT primarily use to keep you up to date on security tips, bulletins, and alerts, as well as the most recent security activities with leading vendors?
Really Simple Syndication (RSS) feeds
What is the primary focus of U.S. DoD Directive 8570?
Security certification for federally related workers
Open Software Assurance Maturity Model (OpenSAMM) is derived from the basic structure of: -The Carnegie Mellon University Software Engineering Institute’s Capability Maturity Model -NIST Special Publication 800-53 -The WASC Web Threat Classification -OCTAVE
The Carnegie Mellon University Software Engineering Institute’s Capability Maturity Model
The National Cyberspace Response System, part of the NCSD, is a comprehensive program that covers the following EXCEPT: -Computer vulnerabilities -The Special Publications 800 series of guides and recommendations -Computer incident response -Information sharing
The Special Publications 800 series of guides and recommendations
A single entry on the Common Vulnerabilities and Exposures (CVE) list is known as a "CVE identifier." True/False
True
CERT/CC is part of the Software Engineering Institute at Carnegie Mellon University. True/False
True
CERT/CC was founded in 1988 under contract from DARPA, after the Morris Worm attack. True/False
True
Open proxies are computers that anonymously accept and forward requests for network services, and they are often used to shield attackers from tracking. True/False
True
Open source refers to a copyright or licensing system that, compared with conventional commercial licensing schemes, allows wide use and modification of the material. True/False
True
The (ISC)2 CISSP certification is based on the Common Body of Knowledge (CBK). True/False
True
The Common Vulnerabilities and Exposures (CVE) list was created as a commonly accepted reference system for computer and software vulnerabilities. True/False
True
The Department of Homeland Security (DHS) manages the Transportation Security Administration (TSA). True/False
True
The MITRE Corporation established the CVE list in 1999 in collaboration with a number of software and security vendors. True/False
True
The MITRE Corporation is a major government and defense contractor, set up and operating as a not-for-profit corporation. True/False
True
The NIST Computer Security Resource Center (CSRC) provides public access to NIST final and draft reports. True/False
True
The NIST Federal Information Processing Standards (FIPS) series sets specifications for essential security components. True/False
True
The National Cyber Security Division (NCSD) of the Department of Homeland Security sponsors the Common Vulnerabilities and Exposures (CVE) list. True/False
True
The National Infrastructure Advisory Council is a presidential advisory panel of up to 30 appointed members. Its role is to provide advice on securing key sectors of the economy and government. True/False
True
