ISA 3300 Final Chapters 7-12

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

minor release

(update or patch) A minor revision of a version from its previous state.

timing channels

A TCSEC-defined covert channel that communicates by managing the relative timing of events.

storage channels

A TCSEC-defined covert channel that communicates by modifying a stored object, such as in steganography.

electronic vaulting

A backup method that uses bulk batch transfer of data to an off-site facility; this transfer is usually conducted via leased lines or secure Internet connections.

database shadowing

A backup strategy to store duplicate online transaction data along with duplicate databases at the remote site on a redundant server. This server combines electronic vaulting with remote journaling by writing multiple copies of the database simultaneously to two locations.

configuration

A collection of components that make up a configuration item.

software library

A collection of configuration items that is usually controlled and that developers use to construct revisions and issue new configuration items.

Bell-LaPadula (BLP) confidentiality model

A confidentiality model or "state machine reference model" that ensures the confidentiality of the modeled system by using MACs, data classification, and security clearances.

collusion

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions.

timeshare

A continuity strategy in which an organization co-leases facilities with a business partner or sister organization. A timeshare allows the organization to have a BC option while reducing its overall costs.

service bureau

A continuity strategy in which an organization contracts with a service agency to provide a BC facility for a fee.

mutual agreement

A continuity strategy in which two organizations sign a contract to assist the other in a disaster by providing BC facilities, resources, and services until the organization in need can recover from the disaster.

rolling mobile site

A continuity strategy that involves contracting with an organization to provide specialized facilities configured in the payload area of a tractor-trailer.

symmetric encryption

A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message.

asymmetric encryption

A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it.

XOR cipher conversion

A cryptographic operation in which a bit stream is subjected to a Boolean XOR function against some other data stream, typically a key stream. The XOR function compares bits from each stream and replaces similar pairs with a "0" and dissimilar pairs with a "1."

transposition cipher

A cryptographic operation that involves simply rearranging the values within a block based on an established pattern. Also known as a permutation cipher.

Bluetooth

A de facto industry standard for short-range wireless communications between wireless telephones and headsets, between PDAs and desktop computers, and between laptops.

Trusted Computer System Evaluation Criteria (TCSEC)

A deprecated (no longer used) DoD system certification and accreditation standard that defined the criteria for assessing the access controls in a computer system. Also known as the rainbow series due to the color coding of the individual documents that made up the criteria.

alert message

A description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.

after-action review (AAR)

A detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery.

application layer proxy firewall

A device capable of functioning both as a firewall and an application layer proxy server.

proxy firewall

A device capable of functioning both as a firewall and an application layer proxy server.

bastion host

A device placed between an external, untrusted network and an internal, trusted network. Also known as a sacrificial host, as it serves as the sole target for attack and should therefore be thoroughly secured.

wireless access point (WAP)

A device used to connect wireless networking users and their devices to the rest of the organization's network(s). Also known as a Wi-Fi router.

alert roster

A document that contains contact information for personnel to be notified in the event of an incident or disaster.

warm site

A facility that provides many of the same services and options as a hot site, but typically without installed and configured software applications. Warm sites are used for BC operations.

cold site

A facility that provides only rudimentary services, with no computer hardware or peripherals. Cold sites are used for BC operations.

screened-host architecture

A firewall architectural model that combines the packet filtering router with a second, dedicated device such as a proxy server or proxy firewall.

screened-subnet architecture

A firewall architectural model that consists of one or more internal bastion hosts located behind a packet filtering router on a dedicated network segment, with each host performing a role in protecting the trusted network.

single bastion host architecture

A firewall architecture in which a single device performing firewall duties, such as packet filtering, serves as the only perimeter device providing protection between an organization's networks and the external network. This architecture can be implemented as a packet filtering router or as a firewall behind a non-filtering router.

deep packet inspection (DPI)

A firewall function that involves examining multiple protocol headers and even content of network traffic, all the way through the TCP/IP layers and including encrypted, compressed, or encoded data.

dynamic packet filtering firewall

A firewall type that can react to network traffic and create or modify configuration rules to adapt.

stateful packet inspection (SPI) firewall

A firewall type that keeps track of each network connection between internal and external systems using a state table, and that expedites the filtering of those communications. Also known as a stateful inspection firewall.

talk-through

A form of structured walk-through in which individuals meet in a conference room and discuss a CP plan rather than walking around the organization.

hot site

A fully configured computing facility that includes all services, communications links, and physical plant operations. Hot sites are used for BC operations.

configuration item

A hardware or software item that will be modified and revised throughout its life cycle.

build list

A list of the versions of components that make up a build.

total cost of ownership (TCO)

A measurement of the true cost of a device or application, which includes not only the purchase price, but annual maintenance or service agreements, the cost to train personnel to manage the device or application, the cost of systems administrators, and the cost to protect it.

honey net

A monitored network or network segment that contains multiple honey pot systems.

port

A network channel or connection point in a data communications system.

dual-homed host

A network configuration in which a device contains two network interfaces: one that is connected to the external network and one that is connected to the internal network. All traffic must go through the device to move between the internal and external networks.

packet filtering firewall

A networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules.

security clearance

A personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is "cleared" to access.

passphrase

A plain-language phrase, typically longer than a password, from which a virtual password is derived.

clipping level

A predefined assessment level that triggers a predetermined response when surpassed. Typically, the response is to write the event to a log file and/or notify an administrator.

Bugtraq

A primary mailing list for new vulnerabilities, called simply ______, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.

virtual private network (VPN)

A private, secure network operated over a public and insecure network. A VPN keeps the contents of the network messages hidden from observers who may have access to public traffic.

difference analysis

A procedure that compares the current state of a network segment against a known previous state of the same network segment (the baseline of systems and services).

InfoSec performance management

A process of designing, implementing, and managing the use of specific measurements to determine the effectiveness of the overall security program.

cache server

A proxy server or application-level firewall that stores the most recently accessed information in its internal caches, minimizing the demand on internal servers.

mandatory access control (MAC)

A required, structured data classification scheme that rates each collection of information as well as each user. These ratings are often referred to as sensitivity or classification levels.

mandatory vacation policy

A requirement that all employees take time off from work, which allows the organization to audit the individual's areas of responsibility.

password

A secret word or combination of characters that only the user should know; used to authenticate the user.

proxy server

A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server, thus protecting and minimizing the demand on internal servers. Some proxy servers are also cache servers.

Wired Equivalent Privacy (WEP)

A set of protocols designed to provide a basic level of security protection to wireless networks and to prevent unauthorized access or eavesdropping. WEP is part of the IEEE 802.11 wireless networking standard.

Wi-Fi Protected Access (WPA)

A set of protocols used to secure wireless networks; created by the Wi-Fi Alliance. Includes WPA and WPA2.

penetration testing

A set of security tests and evaluations that simulate attacks by a hacker or other malicious external source.

major release

A significant revision of a version from its previous state.

build

A snapshot of a particular version of software assembled or linked from its component modules.

content filter

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment.

scanning

A step commonly used for Internet vulnerability assessment includes _________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.

monoalphabetic substitution

A substitution cipher that incorporates only a single alphabet in the encryption process.

polyalphabetic substitution

A substitution cipher that incorporates two or more alphabets in the encryption process.

state table

A tabular record of the state and context of each packet in a conversation between an internal and external user or system. A state table is used to expedite traffic filtering.

business process

A task performed by an organization or one of its units in support of the organization's overall mission.

port-address translation (PAT)

A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-many basis; that is, one external valid address is mapped dynamically to a range of internal addresses by adding a unique port number to the address when traffic leaves the private network and is placed on the public network.

network-address translation (NAT)

A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned internal address.

metric

A term traditionally used to describe any detailed statistical analysis technique on performance, but now commonly synonymous with performance measurement. See performance measurements.

certificate authority (CA)

A third party that manages users' digital certificates and certifies their authenticity.

war game

A type of rehearsal that seeks to realistically simulate the circumstances needed to thoroughly test a plan.

lattice-based access control

A variation on the MAC form of access control, which assigns users a matrix of authorizations for particular areas of access, incorporating the information assets of subjects such as users and objects.

discretionary access controls (DACs)

Access controls that are implemented at the discretion or option of the data user.

nondiscretionary controls

Access controls that are implemented by a central authority.

Configuration management and control procedures

According to NIST 800-64, Rev. 2, Security Considerations in the System Development Life Cycle, states: "_________ are critical to establishing an initial baseline of hardware, software, and firmware components for the information system and subsequently to controlling and maintaining an accurate inventory of any changes to the system."

When dealing with an incident, the incident response team must conduct a(n) __________, which entails a detailed examination of the events that occurred from first detection to final recovery.

After action review (AAR)

Conduct an after-action review

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

crossover error rate (CER)

Also called the equal error rate, the point at which the rate of false rejections equals the rate of false acceptances.

application layer firewall

Also known as a layer seven firewall, a device capable of examining the application layer of network traffic (for example, HTTP, SMTP, FTP) and filtering based upon its header content rather than the traffic IP headers.

cost-benefit analysis (CBA)

Also known as an economic feasibility study, the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization.

cost-benefit analysis (CBA)

Also known as an economic feasibility study, the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization. ALE(precontrol) - ALE(postcontrol) - ACS

anomaly-based IDPS

An IDPS that compares current data and traffic patterns to an established baseline of normalcy, looking for variance out of parameters. Also known as a behavior-based IDPS.

network-based IDPS (NIDPS)

An IDPS that resides on a computer or appliance connected to a segment of an organization's network and monitors traffic on that segment, looking for indications of ongoing or successful attacks.

host-based IDPS (HIDPS)

An IDPS that resides on a particular computer or server, known as the host, and monitors activity only on that system. Also known as a system integrity verifier.

computer security incident response team (CSIRT)

An IR team composed of technical IT, managerial IT, and InfoSec professionals who are prepared to detect, react to, and recover from an incident. The CSIRT may include members of the IRPT.

biba integrity model

An access control model that is similar to BLP and is based on the premise that higher levels of integrity are more worthy of trust than lower levels.

incident

An adverse event that could result in a loss of information assets, but does not threaten the viability of the entire organization.

honey pot

An application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion.

vulnerability scanner

An application that examines systems connected to networks and their network traffic to identify exposed usernames and groups, open network shares, configuration problems, and other vulnerabilities in servers.

configuration and change management (CCM)

An approach to implementing system change that uses policies, procedures, techniques, and tools to manage and evaluate proposed changes, track changes through completion, and maintain systems inventory and supporting documentation. Sometimes referred to as configuration management (CM).

intranet vulnerability assessment

An assessment approach designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

platform security validation (PSV)

An assessment approach designed to find and document vulnerabilities that may be present because misconfigured systems are used within the organization.

Internet vulnerability assessment

An assessment approach designed to find and document vulnerabilities that may be present in the organization's public network.

wireless vulnerability assessment

An assessment approach designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

baseline

An assessment of the performance of some action or process against which future performance is assessed; the first measurement (benchmark) in benchmarking. See also internal benchmarking.

war driving

An attacker technique of moving through a geographic area or building while actively scanning for open or unsecured wireless access points.

benchmarking

An attempt to improve information security practices by comparing an organization's efforts against practices of a similar organization or an industry-developed standard to produce results it would like to duplicate. Sometimes referred to as external benchmarking.

dumb card

An authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared.

synchronous token

An authentication component in the form of a token-a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token must be calibrated with the corresponding software on the central authentication server.

asynchronous token

An authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token does not require calibration of the central authentication server; instead, it uses a challenge/response system.

smart card

An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN.

Kerberos

An authentication system that uses symmetric key encryption to validate an individual user's access to various network resources by keeping a database containing the private keys of clients and servers that are in the authentication domain it supervises.

internal benchmarking

An effort to improve information security practices by comparing an organization's current efforts against its past efforts, or a desired target value, to identify trends in performance, areas of excellence, and areas in need of improvement. See also baselining.

substitution cipher

An encryption method in which one value is substituted for another.

adverse event

An event with negative consequences that could threaten the organization's information assets or operations. Sometimes referred to as an incident candidate.

operational feasibility

An examination of how well a particular solution fits within the organization's culture and the extent to which users are expected to accept the solution. Also known as behavioral feasibility.

political feasibility

An examination of how well a particular solution fits within the organization's political environment—for example, the working relationship within the organization's communities of interest or between the organization and its external environment.

organizational feasibility

An examination of how well a particular solution fits within the organization's strategic planning objectives and goals.

technical feasibility

An examination of how well a particular solution is supportable given the organization's current technological infrastructure and resources, which include hardware, software, networking, and personnel.

dumpster diving

An information attack that involves searching through a target organization's trash and recycling bins for sensitive information.

public key infrastructure (PKI)

An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.

demilitarized zone (DMZ)

An intermediate area between a trusted network and an untrusted network that restricts access to internal systems.

Information Technology System Evaluation Criteria (ITSEC)

An international set of criteria for evaluating computer systems, very similar to TCSEC.

Common Criteria for Information Technology Security Evaluation

An international standard (ISO/IEC 15408) for computer security certification that is considered the successor to TCSEC and ITSEC.

business impact analysis (BIA)

An investigation and assessment of adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning process, which includes a determination of how critical a system or set of information is to the organization's core processes and its recovery priorities.

business continuity (BC)

An organization's set of efforts to ensure its long-term viability when a disaster precludes normal operations at the primary site. The organization temporarily establishes critical operations at an alternate site until it can resume operations at the primary site or select and occupy a new primary site.

crisis management (CM)

An organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.

disaster recovery (DR)

An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from a disaster.

incident response (IR)

An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from a disaster.

trap and trace applications

Applications that combine the function of honey pots or honey nets with the capability to track the attacker back through the network.

__________ planning ensures that critical business functions can continue if a disaster occurs.

Business continuity (BC)

If operations at the primary site cannot be quickly restored, the __________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site.

Business continuity plan (BCP)

Which of the following provides advise about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?

COBIT

log files

Collections of data stored by a system and used by administrators to audit system performance and use both by authorized and unauthorized users. Also known as logs.

plans for unexpected adverse events

Contingency planning is primarily focused on

Wander freely in and out of facilities

Contract employees - or simply contractors - should not be allowed to do what?

__________ is the financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident.

Cost avoidance

__________ channels are unauthorized or unintended methods of communications hidden inside a computer system, including storage and timing channels.

Covert

benchmarking

Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?

performance measurements

Data or the trends in data that may indicate the effectiveness of security countermeasures or controls—technical and managerial—implemented in the organization. Also known as performance measures or metrics.

__________ is a backup technique that stores duplicate online transaction data along with duplicate databases at the remote site on a redundant server.

Database shadowing

incident response procedures (IR procedures)

Detailed, step-by-step methods of preparing, detecting, reacting to, and recovering from an incident.

slow-onset disasters

Disasters that occur over time and gradually degrade the capacity of an organization to withstand their effects. Examples include droughts, famines, environmental degradation, desertification, deforestation, and pest infestation.

rapid-onset disasters

Disasters that occur suddenly, with little warning, taking people's lives and destroying the means of production. Examples include earthquakes, floods, storm winds, tornadoes, and mud flows.

__________ encompasses a requirement that the implemented standards continue to provide the required level of protection.

Due diligence

signing the employment contract

Employees new to an organization should receive an extensive InfoSec briefing that includes all of the following EXCEPT:

performance evaluations

Employees pay close attention to job _________, and including InfoSec tasks in them will motivate employees to take more care when performing these tasks.

digital signatures

Encrypted message components that can be mathematically proven to be authentic.

A company striving for "best security practices" makes every effort to establish security program elements that meet every minimum standard in their industry. a. True b. False

False

A general guideline for performance of hard drives suggests that when the amount of data stored on a particular hard drive averages 95% of available capacity for a prolonged period, you should consider an upgrade for the drive. a. True b. False

False

An effective information security governance program requires no ongoing review once it is well established. a. True b. False

False

An intranet vulnerability scan starts with the scan of the organization's default Internet search engine. a. True b. False

False

Documentation procedures are not required for configuration and change management processes. a. True b. False

False

ISO 27001 certification is only available to companies that do business internationally. a. True b. False

False

In most organizations, the COO is responsible for creating the IR plan. a. True b. False

False

Performance measurements are seldom required in today's regulated InfoSec environment. a. True b. False

False

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties. a. True b. False

False

Technical controls alone, when properly configured, can secure an IT environment. a. True b. False

False

The "something a person has" authentication mechanism takes advantage of something inherent in the user that is evaluated using biometrics. a. True b. False

False

The Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure. a. True b. False

False

The defense risk treatment strategy may be accomplished by outsourcing to other organizations. a. True b. False

False

The internal monitoring domain is the component of the maintenance model that focuses on identifying, assessing, and managing the physical security of assets in an organization. a. True b. False

False

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as minimal access. a. True b. False

False

The target selection step of Internet vulnerability assessment involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed. a. True b. False

False

Threats cannot be removed without requiring a repair of the vulnerability. a. True b. False

False

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster. a. True b. False

False

Under the Clark-Wilson model, internal consistency means that the system is consistent with similar data at the organization's competitors. a. True b. False

False

Using a practice called baselining, you are able to compare your organization's efforts to those of other organizations you feel are similar in size, structure, or industry. a. True b. False

False

When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan. a. True b. False

False

When performing full-interruption testing, normal operations of the business are not impacted. a. True b. False

False

Wireless vulnerability assessment begins with the planning, scheduling, and notification of all Internet connections, using software such as Wireshark. a. True b. False

False

management model such as the ISO 27000 series deals with methods to maintain systems. a. True b. False

False

Boundary controls regulate the admission of users into trusted areas of the organization. __________

False - Access

Standardization is an attempt to improve information security practices by comparing an organization's efforts against those of a similar organization or an industry-developed standard to produce results it would like to duplicate. __________

False - Benchmarking

US-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities. It is sponsored in part by SecurityFocus. __________

False - Bugtraq

Intense packet inspection is a firewall function that involves examining multiple protocol headers and even content of network traffic, all the way through the TCP/IP layers and including encrypted, compressed, or encoded data. __________

False - Deep

The internal vulnerability assessment is usually performed against every device that is exposed to the Internet, using every possible penetration testing approach. __________

False - Internet

Collusion is the requirement that every employee be able to perform the work of at least one other employee. __________

False - Job rotation

Two-person control is the requirement that all critical tasks can be performed by multiple individuals. _________

False - Task rotation

The risk treatment strategy that indicates the organization is willing to accept the current level of risk and do nothing further to protect an information asset is known as the termination risk treatment strategy. ____________

False - acceptance

A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. __________

False - after action

Specific warning bulletins are issued when developing threats and specific assets pose a measurable risk to the organization. __________

False - attacks

A(n) credit check can uncover past criminal behavior or other information that suggests a potential for future misconduct or a vulnerability that might render a job candidate susceptible to coercion or blackmail. __________

False - background

A progression is a measurement of current performance against which future performance will be compared. __________

False - baseline

A security metric is an assessment of the performance of some action or process against which future performance is assessed. __________

False - baseline

A bollard host is a device placed between an external, untrusted network and an internal, trusted network. __________

False - bastion

The biggest barrier to baselining in InfoSec is the fact that many organizations do not share information about their attacks with other organizations. __________

False - benchmarking

In information security, a framework or security model customized to an organization, including implementation details, is known as a template. __________

False - blueprint

In a lattice-based access control, a restriction table is the row of attributes associated with a particular subject (such as a user). __________

False - capabilities

A smart chip is an authentication component, similar to a dumb card, that contains a computer chip to verify and validate several pieces of information instead of just a PIN. __________

False - card

A standard of due process is a legal standard that requires an organization and its employees to act as a "reasonable and prudent" individual or organization would under similar circumstances. __________

False - care

The action level is a predefined assessment level of an IDPS that triggers a predetermined response when surpassed. __________

False - clipping

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions is known as racketeering. __________

False - collusion

Tracking monitoring involves assessing the status of the program as indicated by the database information and mapping it to standards established by the agency. __________

False - compliance

In some organizations, asset management is the identification, inventory, and documentation of the current information system's status—hardware, software, and networking configurations. __________

False - configuration

The risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards is the protect risk treatment strategy, also known as the avoidance strategy.

False - defense

Dumpster exploitation is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information. __________

False - diving

In wireless networking, the waveprint is the geographic area in which there is sufficient signal strength to make a network connection. __________

False - footprint

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a blueprint. __________

False - framework

The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all the organization's networks, information systems, and information security defenses. __________

False - internal

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as required privilege. __________

False - least

To be put to the most effective use, the information that comes from the IDPS must be integrated into the inventory process. __________

False - maintenance

The systems development life cycle (SDLC) is the overall process of developing, implementing, and retiring information systems through a multistep approach—from initiation to use. __________

False - maintenance to disposal

The NIST SP 800-100 Information Security Handbook provides technical guidance for the establishment and implementation of an information security program. __________

False - managerial

An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. __________

False - message

The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the development and operation of IT infrastructures. __________

False - methods

In e-commerce situations, some cryptographic tools can be used for misrepresentation in order to assure that parties to the transaction are authentic, and that they cannot later deny having participated in a transaction. __________

False - nonrepudiation

In a cost-benefit analysis, the expected frequency of an attack expressed on a per-year basis is known as the annualized risk of likelihood. __________

False - occurrence

Data or the trends in data that may indicate the effectiveness of security countermeasures or controls—technical and managerial—implemented in the organization are known as progress measurements. __________

False - performance

A semialphabetic substitution cipher is one that incorporates two or more alphabets in the encryption process. __________

False - polyalphabetic

A security monitor is a conceptual piece of the system within the trusted computer base that manages access controls—in other words, it mediates all access to objects by subjects. __________

False - reference

The final process in the vulnerability assessment and remediation domain is the maintenance phase. __________

False - remediation

. CERT stands for "computer emergency recovery team." __________

False - response

An effective information security governance program requires constant change. __________

False - review

An affidavit is used as permission to search for evidentiary material at a specified location and/or to seize items to return to an investigator's lab for examination after being signed by an approving authority. __________

False - search warrant

The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them is called isolation of duties. __________

False - separation

A validity table is a tabular record of the state and context of each packet in a conversation between an internal and external user or system. __________

False - state

An examination of how well a particular solution is supportable given the organization's current technological infrastructure and resources, which include hardware, software, networking, and personnel, is known as operational feasibility. __________

False - technical

The risk treatment strategy that attempts to shift risk to other assets, other processes, or other organizations is known as the defense risk treatment strategy. __________

False - transference

You can document the results of the verification of a vulnerability by saving the results in what is called a(n) profile. __________

False - trophy

A user ticket is opened when a user calls about an issue. __________

False - trouble False - help desk False - support

WLAN stands for "wide local area network." __________

False - wireless

Which international standard provides structured methodology for evaluating threats to economic performance in an organization and was developed using the Australian/New Zealand standard AS/NZS 4360:2004 as a foundation?

ISO 31000

Identify relevant stakeholders and their interests in InfoSec measurement

Identify relevant stakeholders and their interests in InfoSec measurement

transport mode

In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses.

tunnel mode

In IPSec, an encryption method in which the entire IP packet is encrypted and inserted as the payload in another IP packet. This requires other systems at the beginning and end of the tunnel to act as proxies to send and receive the encrypted packets and then transmit the packets to their ultimate destination.

single loss expectancy (SLE)

In a cost-benefit analysis, the calculated value associated with the most likely loss from an attack (impact). The SLE is the product of the asset's value and the exposure factor.

single loss expectancy (SLE)

In a cost-benefit analysis, the calculated value associated with the most likely loss from an attack (impact). The SLE is the product of the asset's value and the exposure factor. asset value (AV) x exposure factor (EF)

annualized rate of occurrence (ARO)

In a cost-benefit analysis, the expected frequency of an attack, expressed on a per-year basis.

annualized loss expectancy (ALE)

In a cost-benefit analysis, the product of the annualized rate of occurrence and single loss expectancy.

annualized loss expectancy (ALE)

In a cost-benefit analysis, the product of the annualized rate of occurrence and single loss expectancy. SLE x ARO

capabilities table

In a lattice-based access control, the row of attributes associated with a particular subject (such as a user).

agent, sensor

In an IDPS, a piece of software that resides on a syste and reports back to a management server is known as a(n) _________.

agent

In an IDPS, a piece of software that resides on a system and reports back to a management server. Also referred to as a sensor.

firewall

In information security, a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network.

blueprint

In information security, a framework or security model customized to an organization, including implementation details.

framework

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including InfoSec policies, security education and training programs, and technological controls. Also known as a security model.

Business continuity

In the event of an incident or disaster, which planning element is used to guide off-site operations?

Permutation

In which cipher method are values rearranged within a block to create the ciphertext?

footprint

In wireless networking, the geographic area in which there is sufficient signal strength to make a network connection.

The COSO framework is built on five interrelated components. Which of the following is NOT one of them?

InfoSec governance

Number of systems and users of those systems

InfoSec measurement collected from production statistics depend greatly on which of the following factors?

security event information management (SEIM) systems

Log management systems specifically tasked to collect log data from a number of servers or other network devices for the purpose of interpreting, filtering, correlating, analyzing, storing, and reporting the data.

Organizations must consider all but which of the following during development and implementation of an InfoSec measurement program?

Measurements must be useful for tracking non-compliance by internal personnel

the repeatability of the measurement development, customization, collection and reporting activities

NIST recommends the documentation of performance measurements in a standardized format to ensure _________?

Unified Threat Management (UTM)

Networking devices categorized by their ability to perform the work of multiple devices, such as a stateful packet inspection firewall, network intrusion detection and prevention system, content filter, spam filter, and malware scanner and filter.

test environment, production

Once the decision has been made to implement a change, the change should be moved from _________ into _________.

difference analysis

One approach that can improve the situational awareness of the information security function is to use a process known as _________ to quickly identify changes to the internal environment.

personally identifiable information (PII)

Organizations are required by privacy laws to protect sensitive or personal employee information, including _________.

Under the Common Criteria, which term describes the user-generated specifications for security requirements?

Protection Profile (PP)

digital certificates

Public key container files that allow PKI system components and end users to validate a public key and identify its owner.

This NIST publication provides information on the elements of InfoSec, key roles and responsibilities, an overview of threats and vulnerabilities, a description of the three NIST security policy categories, and an overview of the NIST RM Framework and its use, among other topics needed for a foundation in InfoSec.

SP 800-12, Rev. 1: An Introduction to Information Security (2017)

Which NIST publication describes the philosophical guidelines that the security team should integrate into the entire InfoSec process, beginning with "security supports the mission of the organization"?

SP 800-12, Rev. 1: An Introduction to Information Security (2017)

best security practices (BSPs)

Security efforts that are considered among the best in the industry.

recommended practices

Security efforts that seek to provide a superior level of performance in the protection of information.

__________ channels are TCSEC-defined covert channels that communicate by modifying a stored object, such as in steganography.

Storage

Which security architecture model is part of larger series of standards collectively referred to as the "Rainbow Series"?

TCSEC

structured walk-through

The CP testing strategy in which all involved individuals walk through a site and discuss the steps they would take during an actual CP event. A walk-through can also be conducted as a conference room talk-through.

full-interruption testing

The CP testing strategy in which all team members follow each IR/DR/BC procedure, including those for interruption of service, restoration of data from backups, and notification of appropriate individuals.

desk check

The CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster; each individual reviews the plan and validates its components.

simulation

The CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or disaster had occurred. The CP team is presented with a scenario in which all members must specify how they would react and communicate their efforts.

over 40 percent of

The Harford Insurance Company estimates that, on average, _________ business that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.

Rejection of the certification application based o lack of compliance of failure to remediate shortfalls

The ISO certification process takes approximately six to eight weeks and involves all of the following steps EXCEPT:

CERT/CC

The _________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research development center operated by Carnegie Mellon University.

scope

The _________ is a statement of the boundaries of the RA.

intranet

The _________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

business resumption planning (BRP)

The actions taken by senior management to develop and implement a combined DR and BC policy, plan, and set of recovery teams.

business continuity planning (BCP)

The actions taken by senior management to develop and implement the BC policy, plan, and continuity teams.

crisis management planning (CMP)

The actions taken by senior management to develop and implement the CM policy, plan, and response teams.

disaster recovery planning (DRP)

The actions taken by senior management to develop and implement the DR policy, plan, and recovery teams.

incident response planning (IRP)

The actions taken by senior management to develop and implement the IR policy, plan, and computer security incident response team.

contingency planning (CP)

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster. This planning includes incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis.

work recovery time (WRT)

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. This recovery time is identified by the RTO.

remote journaling

The backup of data to an off-site facility in close to real time based on transactions as they occur.

Increased opportunities for government contracts

The benefits of ISO certification achieving it include all of the following EXCEPT:

vulnerability assessment and remediation domain

The component of the maintenance model focused on identifying specific, documented vulnerabilities and remediating them in a timely fashion.

external monitoring domain

The component of the maintenance model that focuses on evaluating external threats to the organization's information assets.

planning and risk assessment domain

The component of the maintenance model that focuses on identifying and planning ongoing information security activities and identifying and managing risks introduced through IT information security projects.

internal monitoring domain

The component of the maintenance model that focuses on identifying, assessing, and managing the configuration and status of information assets in an organization.

least privilege

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary. Least privilege implies a need-to-know.

revision date

The date associated with a particular version or build.

business continuity plan (BC plan)

The documented product of business continuity planning; a plan that shows the organization's intended efforts to continue critical functions when operations at the primary site are not feasible.

crisis management plan (CM plan)

The documented product of crisis management planning; a plan that shows the organization's intended efforts to protect its personnel and respond to safety threats.

disaster recovery plan (DR plan)

The documented product of disaster recovery planning; a plan that shows the organization's intended efforts in the event of a disaster.

incident response plan (IR plan)

The documented product of incident response planning; a plan that shows the organization's intended efforts in the event of an incident.

cryptology

The field of science that encompasses cryptography and cryptanalysis.

cost avoidance

The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident.

intrusion detection and prevention system (IDPS)

The general term for a system with the capability both to detect and modify its configuration and environment to prevent intrusions. An IDPS encompasses the functions of both intrusion detection systems and intrusion prevention technology.

contingency planning management team (CPMT)

The group of senior managers and project members organized to conduct and lead all CP efforts.

Diffie-Hellman key exchange method

The hybrid cryptosystem that pioneered the technology.

incident detection

The identification and classification of an adverse event as an incident, accompanied by the CSIRT's notification and the implementation of the IR reaction phase.

crisis management planning team (CMPT)

The individuals from various functional areas of the organization assigned to develop and implement the CM plan.

separation of duties

The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them.

standard of due care

The legal standard that requires an organization and its employees to act as a "reasonable and prudent" individual or organization would under similar circumstances.

IRP

The optimum approach is based on a thorough integration of the monitoring process into the _________.

two-person control

The organization of a task or process such that it requires at least two individuals to work together to complete. Also known as dual control.

apprehend and prosecute

The organizational CP philosophy that focuses on an attacker's identification and prosecution, the defense of information assets, and preventing reoccurrence. Also known as "pursue and prosecute."

protect and forget

The organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. Also known as "patch and proceed."

footprinting

The organized research and investigation of Internet addresses owned or controlled by a target organization.

recovery point objective (RPO)

The point in time before a disruption or system outage to which business process data can be recovered after an outage, given the most recent backup copy of the data.

business continuity policy (BC policy)

The policy document that guides the development and implementation of BC plans and the formulation and performance of BC teams.

crisis management policy (CM policy)

The policy document that guides the development and implementation of CM plans and the formulation and performance of CM teams.

disaster recovery policy (DR policy)

The policy document that guides the development and implementation of DR plans and the formulation and performance of DR teams.

incident response policy (IR policy)

The policy document that guides the development and implementation of IR plans and the formulation and performance of IR teams.

IP Security (IPSec)

The primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group. A framework for security development within the TCP/IP family of protocol standards, IPSec provides application support for all uses within TCP/IP, including VPNs.

need-to-know

The principle of limiting users' access privileges to only the specific information required to perform their assigned tasks.

asset valuation

The process of assigning financial value or worth to each information asset.

baselining

The process of conducting a baseline.

disaster classification

The process of examining an adverse event or incident and determining whether it constitutes an actual disaster.

incident classification

The process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident.

vulnerability assessment (VA)

The process of identifying and documenting specific and provable flaws in the organization's information asset environment.

cryptography

The process of making and using codes to secure information.

cryptanalysis

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.

nonrepudiation

The process of reversing public key encryption to verify that a message was sent by a specific sender and thus cannot be refuted.

remediation

The processes of removing or repairing flaws in information assets that cause a vulnerability or removing the risk associated with the vulnerability.

false reject rate

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device. This failure is also known as a Type I error or a false negative.

false accept rate

The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.

version

The recorded state of a particular revision of a software or hardware configuration item. The version number is often noted in a specific format, such as "M.N.b." In this notation, "M" is the major release number and "N.b." can represent various minor releases or builds within the major release.

task rotation

The requirement that all critical tasks can be performed by multiple individuals.

job rotation

The requirement that every employee be able to perform the work of at least one other employee.

auditing

The review of a system's use to determine if misuse or malfeasance has occurred.

defense risk treatment strategy

The risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards in an effort to change the likelihood of a successful attack on an information asset. Also known as the avoidance strategy.

mitigation risk treatment strategy

The risk treatment strategy that attempts to reduce the impact of the loss caused by an incident, disaster, or attack through effective contingency planning and preparation.

transference risk treatment strategy

The risk treatment strategy that attempts to shift risk to other assets, other processes, or other organizations.

termination risk treatment strategy

The risk treatment strategy that eliminates all risk associated with an information asset by removing it from service.

acceptance risk treatment strategy

The risk treatment strategy that indicates the organization is willing to accept the current level of residual risk. As a result, the organization makes a conscious decision to do nothing else to protect an information asset from risk and to accept the outcome from any resulting exploitation.

access control

The selective method by which systems specify who may use a particular resource and how they may use it.

stop the incident, mitigate incident effects, provide information for recovery from the incident

The steps in IR are designed to:

trusted network

The system of networks inside the organization that contains its information assets and is under the organization's control.

untrusted network

The system of networks outside the organization over which it has no control. The Internet is an example of an untrusted network.

fingerprinting

The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range.

incident response planning team (IRPT)

The team responsible for designing and managing the BC plan of relocating the organization and establishing primary operations at an alternate site until the disaster recovery planning team can recover the primary site or establish a new location.

disaster recovery planning team (DRPT)

The team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters, including reestablishment of business operations at the primary site after the disaster.

business continuity planning team (BCPT)

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents.

maximum tolerable downtime (MTD)

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption. The MTD includes all impact considerations.

hybrid encryption system

The use of asymmetric encryption to exchange symmetric keys so that two (or more) organizations can conduct quick, efficient, secure communications based on symmetric encryption.

war driving

The use of mobile scanning techniques to identify open wireless access points.

biometrics

The use of physiological characteristics to provide authentication for a provided identification. Biometric means "life measurement" in Greek.

60

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages _________% or more over prolonged periods, you should consider adding more memory.

port scanners

Tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.

. A(n) war game puts a subset of plans in place to create a realistic test environment. __________

True

A firewall is any device that prevents a specific type of information from moving between the untrusted network and the trusted network. a. True b. False

True

A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations. a. True b. False

True

A packet filtering firewall is a networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules. __________

True

A password should be difficult to guess. __________

True

A requirement that all employees take time off from work, which allows the organization to audit the individual's areas of responsibility, is known as a mandatory vacation policy. __________

True

A security clearance is an access control model in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access. __________

True

A slow-onset disaster occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________

True

A wireless access point is a device used to connect wireless networking users and their devices to the rest of the organization's network(s). __________

True

All systems that are mission critical should be enrolled in platform security validation (PSV) measurement. a. True b. False

True

Also known as an economic feasibility study, the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization, is known as cost-benefit analysis (CBA). __________

True

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. __________

True

Biometrics are the use of physiological characteristics to provide authentication of an identification. __________

True

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. __________

True

Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________

True

Due care and due diligence occur when an organization adopts a certain minimum level of security—that is, what any prudent organization would do in similar circumstances. __________

True

External monitoring entails forming intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization.

True

For configuration management and control, it is important to document the proposed or actual changes in the system security plan. __________

True

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well. a. True b. False

True

In a cold site there are only rudimentary services, with no computer hardware or peripherals. a. True b. False

True

In an IDPS, a sensor is a piece of software that resides on a system and reports back to a management server. __________

True

In information security, a security blueprint is a framework or security model customized to an organization, including implementation details. a. True b. False

True

In some instances, risk is acknowledged as being part of an organization's business process. a. True b. False

True

Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites. a. True b. False

True

Inventory characteristics for hardware and software assets that record the manufacturer and versions are related to technical functionality, and should be highly accurate and updated each time there is a change. a. True b. False

True

Lattice-based access control specifies the level of access each subject has to each object, if any. a. True b. False

True

Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. a. True b. False

True

One of the critical tasks in the measurement process is to assess and quantify what will be measured and how it is measured. __________

True

One question you should ask when choosing among recommended practices is "Can your organization afford to implement the recommended practice?" a. True b. False

True

Organizations should have a carefully planned and fully populated inventory of all their network devices, communication channels, and computing devices. __________

True

Over time, external monitoring processes should capture information about the external environment in a format that can be referenced across the organization as threats emerge and for historical use. a. True b. False

True

Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment. a. True b. False

True

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________

True

Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a current foundation for the information security program. a. True b. False

True

Recommended or best practices are those security efforts that seek to provide a superior level of performance in the protection of information. __________

True

Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed. a. True b. False

True

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability. a. True b. False

True

Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset. a. True b. False

True

Secure Shell (SSH) provides security for remote access connections over public networks by creating a secure and persistent connection. a. True b. False

True

Temporary workers—often called temps—may not be subject to the contractual obligations or general policies that govern other employees. a. True b. False

True

The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. __________

True

The ISO 27005 Standard for InfoSec Risk Management has a five-stage management methodology that includes risk treatment and risk communication. a. True b. False

True

The KDC component of Kerberos knows the secret keys of all clients and servers on the network. a. True b. False

True

The basic function of the external monitoring process is to monitor activity, report results, and escalate warnings. __________

True

The best method of remediation in most cases is to repair a vulnerability. __________

True

The criterion most commonly used when evaluating a strategy to implement InfoSec controls and safeguards is economic feasibility. a. True b. False

True

The false accept rate is the rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. __________

True

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know. __________

True

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called vulnerability assessment (VA). __________

True

The risk treatment strategy that attempts to reduce the impact of the loss caused by a realized incident, disaster, or attack through effective contingency planning and preparation is known as the mitigation risk treatment strategy. __________

True

The risk treatment strategy that eliminates all risk associated with an information asset by removing it from service is known as the termination risk treatment strategy. ____________

True

The simplest kind of validation, the desk check, involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster. a. True b. False

True

The vulnerability database, like the risk, threat, and attack database, both stores and tracks information. a. True b. False

True

US-CERT is generally viewed as the definitive authority for computer emergency response teams. a. True b. False

True

Unlike many other risk management frameworks, FAIR relies on the qualitative assessment of many risk components using scales with value ranges. a. True b. False

True

When possible, major incident response plan elements should be rehearsed. __________

True

covert channels

Unauthorized or unintended methods of communications hidden inside a computer system.

Security budgets arr effectively utilized and appropriately justified

Under Information Security Governance in the Maintenance model, which of the following is NOT an area that agencies should monitor the status of their programs in order to ensure that:

trusted computing base (TCB)

Under TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy.

identify change

What is the first step in the CM process?

Fingerprinting

What is the next phase of the pre-attack data gathering process after an attacker has collected all of an organization's Internet addresses?

Business continuity

When a disaster renders the current business location unusable, which plan is put into action?

Signature recognition

Which of the following biometric authentication systems is the most accepted by users?

Face geometry

Which of the following characteristics currently used today for authentication purposes is the LEAST unique?

High level of employee buy-in

Which of the following is NOT a factor critical to the success of an information security performance program?

React

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?

Former employee's home computer must be audited

Which of the following is NOT a task that must be performed if an employee is terminated

Something a person says

Which of the following is NOT among the three types of authentication mechanisms?

Unusual consumption of computing resources

Which of the following is a "possible" indicator of an actual incident according to Donald Pipkin?

Key Distribution Center

Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys?

Electronic vaulting

Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?

Use of dormant accounts

Which of the following is a definite indicator of an actual incident according to Donald Pipkin?

Identifying the vulnerabilities that allowed the incident to occur and spread

Which of the following is a part of the incident recovery process?

Keeping the public informed about the event and the actions being taken

Which of the following is a responsibility of the crisis management team?

protect and forget (patch and proceed)

Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?

Determine mission/business processes and recover critically

Which of the following is the first major task in the BIA according to NIST SP 800-34, Rev. 1?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

Which of the following is true about a hot site?

Job rotation

Which of the following policies requires that every employee be able to perform the work of at least one other staff member?

Ticket Granting Service

Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?

Port-address translation

Which technology employs sockets to map internal private network addresses to a public address using a one-to-many mapping?

Port scanner

Which tool can best identify active computers on a network?

Anomaly-based

Which type of IDPS is also known as a behavior-based intrusion detection system?

Signature-based

Which type of IDPS work like antivirus software?

Dynamic packet filtering firewall

Which type of device can react to network traffic and crate or modify configuration rules to adapt?

Proxy server

Which type of device exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server?

Stateful packet inspection

Which type of firewall keeps track of each network connection established between internal and external systems?

reference monitor

Within TCB, a conceptual piece of the system that manages access controls—in other words, it mediates all access to objects by subjects.

contract employees

Workers typically hired to perform specific services for the organization and hired via a third-party organization are known as _________.

program review

_________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

threats, assets, vulnerabilities

_________ are a component of the "security triple".

Network connectivity RA

_________ is used to respond to network change request and network architectural design proposals.

. In which type of site are no computer hardware or peripherals provided? a. cold site b. warm site c. timeshare d. hot site

a

A private, secure network operated over a public and insecure network. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

a

A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection. a. scanning b. subrogation c. delegation d. targeting

a

A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________. a. weighted table analysis or weighted factor analysis b. threats-vulnerability-assets worksheet or TVA c. business impact assessment or BIA d. critical patch method assessment or CPMA

a

According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment? a. Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet. b. Determine mission/business processes and recovery criticality. c. Identify resource requirements. d. Identify recovery priorities for system resources.

a

Although COBIT was designed to be an IT __________ and management structure, it includes a framework to support InfoSec requirements and assessment needs. a. governance b. policy c. auditing d. awareness

a

Because even the implementation of new technologies does not necessarily guarantee an organization can gain or maintain a competitive lead, the concept of __________ has emerged as organizations strive not to fall behind technologically. a. competitive disadvantage b. future shock c. competitive advantage d. innovation hedge

a

Contingency planning is primarily focused on developing __________. a. plans for unexpected adverse events b. policies for breach notifications c. plans for normal operations d. policies for normal operation

a

Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following? a. benchmarking b. corporate espionage c. baselining d. due diligence

a

Employees new to an organization should receive an extensive InfoSec briefing that includes all of the following EXCEPT: a. signing the employment contract b. security policies c. security procedures d. access levels

a

Employees pay close attention to job __________, and including InfoSec tasks in them will motivate employees to take more care when performing these tasks. a. performance evaluations b. descriptions c. quarterly reports d. vacation requests

a

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a __________. a. framework b. security plan c. security standard d. blueprint

a

In which cipher method are values rearranged within a block to create the ciphertext? a. permutation b. Vernam c. substitution d. monoalphabetic

a

In which form of access control is access to a specific set of information contingent on its subject matter? a. content-dependent access controls b. constrained user interfaces c. temporal isolation d. none of these

a

Incorporating InfoSec components into periodic employee performance evaluations can __________. a. heighten InfoSec awareness b. frighten employees c. demotivate workers d. reduce compliance to policy

a

NIST's Risk Management Framework follows a three-tiered approach, with most organizations working from the top down, focusing first on aspects that affect the entire organization, such as __________. a. governance b. information and information flows c. policy d. environment of operation

a

One of the most widely referenced InfoSec management models, known as Information Technology—Code of Practice for Information Security Management, is also known as __________. a. ISO 27002 b. IEC 27100 c. NIST SP 800-12 d. IEEE 801

a

Organizations are required by privacy laws to protect sensitive or personal employee information, including __________. a. personally identifiable information (PII) b. corporate financial information c. internal business contact information d. employee salaries

a

The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm. a. over 40 percent of b. at least 60 percent of c. about 20 percent of d. two percent of

a

The ISO certification process takes approximately six to eight weeks and involves all of the following steps EXCEPT: a. rejection of the certification application based on lack of compliance or failure to remediate shortfalls b. initial assessment of the candidate organization's InfoSec management systems, procedures, policies, and plans c. writing of a manual documenting all procedural compliance d. presentation of certification by the certification organization

a

The Information Security __________ is a managerial model provided by an industry working group, National Cyber Security Partnership, which provides guidance in the development and implementation of organizational InfoSec structures and recommends the responsibilities that various members should have in an organization. a. Governance Framework b. Security Blueprint c. Risk Model d. Compliance Architecture

a

The Information Technology Infrastructure Library (ITIL) is a collection of methods and practices primarily for __________. a. managing the development and operation of IT infrastructures b. operation of IT control systems to improve security c. managing the security infrastructure d. developing secure Web applications

a

The NIST risk management approach includes all but which of the following elements? a. inform b. assess c. frame d. respond

a

The __________ Web site is home to the leading free network exploration tool, Nmap. a. insecure.org b. Packet Storm c. Security Focus d. Snort-sigs

a

The __________ is a statement of the boundaries of the RA. a. scope b. disclaimer c. footer d. head

a

The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network. a. intranet b. Internet c. LAN d. WAN

a

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks. a. wireless b. phone-in c. battle-dialing d. network

a

The benefits of ISO certification to an organization's employees include all of the following EXCEPT: a. reduced employee turnover due to misinterpreted security policies and practices b. lower risk of accidents and incidents associated with critical or sensitive information c. employee confidence in organizational security practices d. improved productivity and job satisfaction from more clearly defined InfoSec roles and responsibilities

a

The benefits of ISO certification to organizations include all of the following EXCEPT: a. increased opportunities for government contracts b. reduced costs associated with incidents c. smoother operations resulting from more clearly defined processes and responsibilities d. improved public image of the organization, as certification implies increased trustworthiness

a

The managerial tutorial equivalent of NIST SP 800-12, providing overviews of the roles and responsibilities of a security manager in the development, administration, and improvement of a security program, is NIST __________. a. SP 800-100: Information Security Handbook: A Guide for Managers (2007) b. SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems (2006) c. SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (1996) d. SP 800-110, Rev. 1: Manager's Introduction to Information Security (2016)

a

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is known as __________. a. cryptanalysis b. cryptology c. cryptography d. nonrepudiation

a

The steps in IR are designed to: a. stop the incident, mitigate incident effects, provide information for recovery from the incident b. control legal exposure, avoid unfavorable media attention, and minimize impact on stock prices c. delay the incident progress, backtrack the attack to its source IP, and apprehend the intruder d. stop the incident, inventory affected systems, and determine appropriate losses for insurance settlement

a

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________. a. maximum tolerable downtime (MTD) b. recovery point objective (RPO) c. work recovery time (WRT) d. recovery time objective (RTO)

a

This NIST publication provides information on the elements of InfoSec, key roles and responsibilities, an overview of threats and vulnerabilities, a description of the three NIST security policy categories, and an overview of the NIST RM Framework and its use, among other topics needed for a foundation in InfoSec. a. SP 800-12, Rev. 1: An Introduction to Information Security (2017) b. SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems (2006) c. SP 800-34, Rev. 1: Contingency Planning Guide for Federal Information Systems (2010) d. SP 800-55, Rev. 1: Performance Measurement Guide for Information Security (2008)

a

To evaluate the performance of a security system, administrators must establish system performance __________. a. baselines b. profiles c. maxima d. means

a

Treating risk begins with which of the following? a. an understanding of risk treatment strategies b. applying controls and safeguards that eliminate risk c. understanding the consequences of choosing to ignore certain risks d. rethinking how services are offered

a

Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following? a. access control list b. capabilities table c. access matrix d. sensitivity level

a

What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks? a. qualitative assessment of many risk components b. quantitative valuation of safeguards c. subjective prioritization of controls d. risk analysis estimates

a

What is the organized research and investigation of Internet addresses owned or controlled by a target organization? a. footprinting b. content filtering c. deciphering d. fingerprinting

a

What is the result of subtracting the postcontrol annualized loss expectancy and the annualized cost of the safeguard from the precontrol annualized loss expectancy? a. cost-benefit analysis b. exposure factor c. single loss expectancy d. annualized rate of occurrence

a

When a disaster renders the current business location unusable, which plan is put into action? a. business continuity b. crisis management c. incident response d. business impact analysis

a

When vulnerabilities have been controlled to the degree possible, what is the remaining risk that has not been completely removed, shifted, or planned for? a. residual risk b. risk appetite c. risk assurance d. risk tolerance

a

Which access control principle limits a user's access to the specific information required to perform the currently assigned task? a. need-to-know b. eyes only c. least privilege d. separation of duties

a

Which alternative risk management methodology is a process promoted by the Computer Emergency Response Team (CERT) Coordination Center (www.cert.org) that has three variations for different organizational needs, including one known as ALLEGRO? a. OCTAVE b. FAIR c. ANDANTE d. DOLCE

a

Which of the following determines how well the proposed InfoSec treatment alternatives will contribute to the efficiency, effectiveness, and overall operation of an organization? a. organizational feasibility b. political feasibility c. technical feasibility d. behavioral feasibility

a

Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding? a. sending DoS packets to the source b. terminating the network connection c. reconfiguring network devices d. changing the attack's content

a

Which of the following is NOT a phase in the NIST InfoSec performance measures development process? a. Identify relevant stakeholders and their interests in InfoSec measurement. b. Integrate the organization's process improvement activities across all business areas. c. Identify and document the InfoSec performance goals and objectives that would guide security control implementation for the InfoSec program. d. Review any existing measurements and data repositories that can be used to derive measurement data.

a

Which of the following is NOT one of the methods noted for selecting the best risk management model? a. Use the methodology most similar to what is currently in use. b. Study known approaches and adapt one to the specifics of the organization. c. Hire a consulting firm to provide a proprietary model. d. Hire a consulting firm to develop a proprietary model.

a

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin? a. unusual consumption of computing resources b. activities at unexpected times c. presence of hacker tools d. reported attacks

a

Which of the following is a generic model for a security program? a. framework b. methodology c. security standard d. blueprint

a

Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization? a. weighted table analysis b. BIA questionnaire c. recovery time organizer d. MTD comparison

a

Which of the following is a part of the incident recovery process? a. identifying the vulnerabilities that allowed the incident to occur and spread b. determining the event's impact on normal business operations and, if necessary, making a disaster declaration c. supporting personnel and their loved ones during the crisis d. keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise

a

Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions? a. protect and forget b. pre-action review c. transfer to local/state/federal law enforcement d. track, hack, and prosecute

a

Which of the following is the best example of a rapid-onset disaster? a. flood b. hurricane c. famine d. environmental degradation

a

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident? a. incident classification b. incident identification c. incident registration d. incident verification

a

Which of the following is true about symmetric encryption? a. It uses a secret key to encrypt and decrypt. b. It uses a private and public key. c. It is also known as public key encryption. d. It requires four keys to hold a conversation.

a

Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data? a. key b. plaintext c. cipher d. cryptosystem

a

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute? a. COBIT b. COSO c. NIST d. ISO

a

Which of the following provides an identification card of sorts to clients who request services in a Kerberos system? a. ticket granting service b. authentication server c. authentication client d. key distribution center

a

Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur? a. remote journaling b. electronic vaulting c. database shadowing d. timesharing

a

Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program? a. performance management b. baselining c. best practices d. standards of due care/diligence

a

Which type of device can react to network traffic and create or modify configuration rules to adapt? a. dynamic packet filtering firewall b. proxy server c. intrusion detection system d. application layer firewall

a

__________ is used to respond to network change requests and network architectural design proposals. a. Network connectivity RA b. Dialed modem RA c. Application RA d. Vulnerability RA

a

__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target. a. White box b. Black box c. Gray box d. Green box

a

__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker). a. Penetration testing b. Penetration simulation c. Attack simulation d. Attack testing

a

A framework or security model customized to an organization, including implementation details.

a. blueprint

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions.

a. collusion

A risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.

a. defense risk treatment strategy

The __________ risk treatment strategy indicates the organization is willing to accept the current level of residual risk.

acceptance

Best security practices balance the need for user __________ to information with the need for adequate protection while simultaneously demonstrating fiscal responsibility.

access

The selective method by which systems specify who may use a particular resource and how they may use it is called __________.

access control

A(n) __________ is an event with negative consequences that could threaten the organization's information assets or operations.

adverse event incident candidate

62. A(n) _________ is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.

alert message

A(n) __________ is a document containing contact information of the individuals to notify in the event of an actual incident.

alert roster

The goal of InfoSec is not to bring residual risk to zero; rather, it is to bring residual risk in line with an organization's risk __________.

appetite

The process of assigning financial value or worth to each information asset is known as __________.

asset valuation

A __________ is the recorded condition of a particular revision of a software or hardware configuration item. a. state b. version c. configuration d. baseline

b

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices. a. difference analysis b. traffic analysis c. schema analysis d. data flow assessment

b

After an incident, but before returning to its normal duties, the CSIRT must do which of the following? a. Create the incident damage assessment. b. Conduct an after-action review. c. Restore data from backups. d. Restore services and processes in use.

b

All of the following are rules of thumb for selecting a risk treatment strategy EXCEPT: a. When a vulnerability exists in an important asset, implement security controls to reduce the likelihood of a vulnerability being exploited. b. When the likelihood of an attack is high and the impact is great, outsource security efforts so that any resulting loss is fiscally someone else's responsibility. c. When a vulnerability can be exploited, apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack. d. When the potential loss is substantial, apply design principles, architectural designs, and technical and nontechnical protections to limit the extent of the attack, thereby reducing the potential for loss.

b

Also known as an economic feasibility study, the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization, is known as __________. a. annualized loss expectancy (ALE) b. cost-benefit analysis (CBA) c. single loss expectancy (SLE) d. annualized rate of occurrence (ARO)

b

An ATM that limits what kinds of transactions a user can perform is an example of which type of access control? a. content-dependent b. constrained user interface c. temporal isolation d. nondiscretionary

b

Application of training and education among other approach elements is a common method of which risk treatment strategy? a. mitigation b. defense c. acceptance d. transferal

b

By multiplying the asset value by the exposure factor, you can calculate which of the following? a. annualized cost of the safeguard b. single loss expectancy c. value to adversaries d. annualized loss expectancy

b

Contract employees—or simply contractors—should not be allowed to do what? a. Work on the premises. b. Wander freely in and out of facilities. c. Visit the facility without an escort. d. Be compensated based on hourly rates.

b

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported. a. escalation b. intelligence c. monitoring d. elimination

b

Each of the following is a commonly used quantitative approach for asset valuation EXCEPT: a. value to owners b. value to competitors c. value retained from past maintenance d. value to adversaries

b

Each of the following is a recommendation from the FDIC when creating a successful SLA EXCEPT: a. determining objectives b. forecasting costs c. defining requirements d. setting measurements

b

If a temporary worker (temp) violates a policy or causes a problem, what is the strongest action that the host organization can usually take, depending on the SLA? a. Nothing, the organization has no control over temps. b. Terminate the relationship with the individual and request that he or she be censured. c. Fine the temp or force the temp to take unpaid leave, like permanent employees. d. Sue the temp agency for cause, demanding reparations for the actions of the temp.

b

In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

b

In the event of an incident or disaster, which planning element is used to guide off-site operations? a. project management b. business continuity c. disaster recovery d. incident response

b

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred? a. desk check b. simulation c. structured walk-through d. parallel testing

b

InfoSec measurements collected from production statistics depend greatly on which of the following factors? a. types of performance measures developed b. number of systems and users of those systems c. number of monitored threats and attacks d. activities and goals implemented by the business unit

b

One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment. a. baselining b. difference analysis c. differentials d. revision

b

One of the fundamental challenges in InfoSec performance measurement is defining what? a. interested stakeholders b. effective security c. appropriate performance measures d. the proper assessment schedule

b

The InfoSec measurement development process recommended by NIST is divided into two major activities. Which of the following is one of them? a. development and selection of qualified personnel to gauge the implementation, effectiveness, efficiency, and impact of the security controls b. identification and definition of the current InfoSec program c. maintenance of the vulnerability management program d. comparison of organizational practices against similar organizations

b

The __________ commercial site focuses on current security tool resources. a. Nmap-hackerz b. Packet Storm c. Security Laser d. Snort-SIGs

b

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________. a. risk management b. contingency planning c. business impact d. disaster readiness

b

The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident is known as __________. a. probability estimate b. cost avoidance c. risk acceptance premium d. asset valuation

b

The goal of InfoSec is not to bring residual risk to __________; rather, it is to bring residual risk in line with an organization's risk appetite. a. de minimus b. zero c. its theoretical minimum d. below the cost-benefit break-even point

b

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device is known as the __________. a. reset error ratio b. false reject rate c. crossover error rate d. false accept rate

b

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory. a. 40 b. 60 c. 10 d. 100

b

Under the Common Criteria, which term describes the user-generated specifications for security requirements? a. Target of Evaluation (ToE) b. Protection Profile (PP) c. Security Target (ST) d. Security Functional Requirements (SFRs)

b

What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems? a. port scanner b. packet sniffer c. vulnerability scanner d. content filter

b

Which control category discourages an incipient incident—e.g., video monitoring? a. preventative b. deterrent c. remitting d. compensating

b

Which of the following access control processes confirms the identity of the entity seeking access to a logical or physical area? a. identification b. authentication c. authorization d. accountability

b

Which of the following can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility? a. residual risk b. risk appetite c. risk assurance d. risk termination

b

Which of the following determines acceptable practices based on consensus and relationships among the communities of interest? a. organizational feasibility b. political feasibility c. technical feasibility d. operational feasibility

b

Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets? a. incident report b. incident damage assessment c. information loss assessment d. damage report

b

Which of the following is NOT a category of access control? a. preventative b. mitigating c. deterrent d. compensating

b

Which of the following is NOT a common type of background check that may be performed on a potential employee? a. identity b. political activism c. motor vehicle records d. drug history

b

Which of the following is NOT a factor critical to the success of an information security performance program? a. strong upper-level management support b. high level of employee buy-in c. quantifiable performance measurements d. results-oriented measurement analysis

b

Which of the following is NOT a question to be used as a self-assessment for recommended security practices in the category of people? a. Do you perform background checks on all employees with access to sensitive data, areas, or access points? b. Are the user accounts of former employees immediately removed on termination? c. Would the typical employee recognize a security issue? d. Would the typical employee know how to report a security issue to the right people?

b

Which of the following is NOT a task that must be performed if an employee is terminated? a. former employee must return all media b. former employee's home computer must be audited c. former employee's office computer must be secured d. former employee should be escorted from the premises

b

Which of the following is a commonly used criterion for comparing and evaluating biometric technologies? a. false accept rate b. crossover error rate c. false reject rate d. valid accept rate

b

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence? a. baselining b. legal liability c. competitive disadvantage d. certification revocation

b

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1? a. Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet. b. Determine mission/business processes and recovery criticality. c. Identify resource requirements. d. Identify recovery priorities for system resources.

b

Which of the following policies requires that every employee be able to perform the work of at least one other staff member? a. collusion b. job rotation c. two-person control d. separation of duties

b

Which of the following policies requires that two individuals review and approve each other's work before the task is considered complete? a. task rotation b. two-person control c. separation of duties d. job rotation

b

Which piece of the Trusted Computing Base's security system manages access controls? a. trusted computing base b. reference monitor c. covert channel d. verification module

b

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"? a. Bell-LaPadula b. TCSEC c. ITSEC d. Common Criteria

b

Which tool can best identify active computers on a network? a. packet sniffer b. port scanner c. trap and trace d. honey pot

b

Which type of IDPS is also known as a behavior-based intrusion detection system? a. network-based b. anomaly-based c. host-based d. signature-based

b

Which type of device exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server? a. dynamic packet filtering firewall b. proxy server c. intrusion detection system d. application layer firewall

b

Which type of firewall keeps track of each network connection established between internal and external systems? a. packet filtering b. stateful packet inspection c. application layer d. cache server

b

Controls implemented at the discretion or option of the data user.

b. DAC

An assessment of the performance of some action or process against which future performance is assessed.

b. baseline

A risk treatment strategy that attempts to reduce the impact of the loss caused by a realized incident, disaster, or attack through effective contingency planning and preparation.

b. mitigation risk treatment strategy

A practice related to benchmarking is __________, which is a measurement against a prior assessment or an internal goal.

baselining

As part of the CBA, __________ is the value to the organization of using controls to prevent losses associated with a specific vulnerability

benefit

In information security, a framework or security model customized to an organization, including implementation details, is known as a(n) __________.

blueprint

In information security, a framework or security model customized to an organization, including implementation details.

blueprint

A(n) __________ process is a task performed by an organization or one of its units in support of the organization's overall mission.

business

The four components of contingency planning are the __________, the incident response plan, the disaster recovery plan, and the business continuity plan.

business impact analysis (BIA)

A time-release safe is an example of which type of access control? a. content-dependent b. constrained user interface c. temporal isolation d. nondiscretionary

c

An information attack that involves searching through a target organization's trash and recycling bins for sensitive information is known as __________. a. rubbish surfing b. social engineering c. dumpster diving d. trash trolling

c

At what point in the incident life cycle is the IR plan initiated? a. before an incident takes place b. after the DRP is activated c. when an incident is detected that affects the organization d. after the BCP is activated

c

Control __________ baselines are established for network traffic and for firewall performance and IDPS performance. a. system b. application c. performance d. environment

c

Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following? a. preventative b. deterrent c. corrective d. compensating

c

In an IDPS, a piece of software that resides on a system and reports back to a management server is known as a(n) __________. a. agent b. sensor c. Both of these are correct. d. Neither of these is correct.

c

NIST recommends the documentation of performance measurements in a standardized format to ensure ____________. a. the suitability of performance measure selection b. the effectiveness of performance measure corporate reporting c. the repeatability of measurement development, customization, collection, and reporting activities d. the acceptability of the performance measurement program by upper management

c

Once a control strategy has been selected and implemented, what should be done on an ongoing basis to determine its effectiveness and to estimate the remaining risk? a. analysis and adjustment b. review and reapplication c. monitoring and measurement d. evaluation and funding

c

Strategies to reestablish operations at the primary site after an adverse event threatens continuity of business operations are covered by which of the following plans in the mitigation control approach? a. incident response plan b. business continuity plan c. disaster recovery plan d. damage control plan

c

The Microsoft Risk Management Approach includes four phases; which of the following is NOT one of them? a. conducting decision support b. implementing controls c. evaluating alternative strategies d. measuring program effectiveness

c

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________. a. minimum tolerable downtime (MTD) b. recovery point objective (RPO) c. work recovery time (WRT) d. recovery time objective (RTO)

c

The bastion host is usually implemented as a __________, as it contains two network interfaces: one that is connected to the external network and one that is connected to the internal network, such that all traffic must go through the device to move between the internal and external networks. a. state-linked firewall b. screened-subnet firewall c. dual-homed host d. double bastion host

c

The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________. a. contingency planning management team (CPMT) b. disaster recovery planning team (DRPT) c. crisis management planning team (CMPT) d. incident response planning team (IRPT)

c

The intermediate area between trusted and untrusted networks is referred to as which of the following? a. unfiltered area b. semi-trusted area c. demilitarized zone d. proxy zone

c

The only use of the acceptance strategy that is recognized as valid by industry practices occurs when the organization has done all but which of the following? a. determined the level of risk posed to the information asset b. performed a thorough cost-benefit analysis c. determined that the costs to control the risk to an information asset are much lower than the benefit gained from the information asset d. assessed the probability of attack and the likelihood of a successful exploitation of a vulnerability

c

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________. a. contingency planning management team (CPMT) b. disaster recovery planning team (DRPT) c. computer security incident response team (CSIRT) d. incident response planning team (IRPT)

c

Was developed by Netscape in 1994 to provide security for online e-commerce transactions. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

c

What do you call the legal requirements that an organization must adopt a standard based on what a prudent organization should do, and then maintain that standard? a. certification and accreditation b. best practices c. due care and due diligence d. baselining and benchmarking

c

What is an application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion? a. port scanner b. sacrificial host c. honey pot d. content filter

c

Which NIST publication describes the philosophical guidelines that the security team should integrate into the entire InfoSec process, beginning with "Security supports the mission of the organization"? a. SP 800-12, Rev. 1: An Introduction to Information Security (2017) b. SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems (2006) c. SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (1996) d. SP 800-55, Rev. 1: Performance Measurement Guide for Information Security (2008)

c

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary? a. need-to-know b. eyes only c. least privilege d. separation of duties

c

Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident? a. Identify b. Detect c. Respond d. Protect

c

Which of the following biometric authentication systems is the most accepted by users? a. keystroke pattern recognition b. fingerprint recognition c. signature recognition d. retina pattern recognition

c

Which of the following determines how well the proposed InfoSec treatment alternatives will contribute to the efficiency, effectiveness, and overall operation of an organization? a. organizational feasibility b. political feasibility c. technical feasibility d. behavioral feasibility

c

Which of the following determines whether the organization already has or can acquire the technology necessary to implement and support the proposed treatment? a. organizational feasibility b. political feasibility c. technical feasibility d. operational feasibility

c

Which of the following is NOT a change control principle of the Clark-Wilson model? a. no changes by unauthorized subjects b. no unauthorized changes by authorized subjects c. no changes by authorized subjects without external validation d. the maintenance of internal and external consistency

c

Which of the following is NOT a question a CISO should be prepared to answer before beginning the process of designing, collecting, and using performance measurements, according to Kovacich? a. Why should these measurements be collected? b. Where will these measurements be collected? c. What affect will measurement collection have on efficiency? d. Who will collect these measurements?

c

Which of the following is NOT a valid rule of thumb on risk treatment strategy selection? a. When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited. b. When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack. c. When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or reduce the attacker's gain by using technical or operational controls. d. When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.

c

Which of the following is NOT among the three types of authentication mechanisms? a. something a person knows b. something a person has c. something a person says d. something a person can produce

c

Which of the following is NOT one of the administrative challenges to the operation of firewalls? a. training b. uniqueness c. replacement d. responsibility

c

Which of the following is NOT one of the types of InfoSec performance measures used by organizations? a. those that determine the effectiveness of the execution of InfoSec policy b. those that determine the effectiveness and/or efficiency of the delivery of InfoSec services c. those that evaluate the frequency with which employees access internal security documents d. those that assess the impact of an incident or other security event on the organization or its mission

c

Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys? a. authentication server b. authentication client c. key distribution center d. ticket granting service

c

Which of the following is a responsibility of the crisis management team? a. restoring the data from backups b. evaluating monitoring capabilities c. keeping the public informed about the event and the actions being taken d. restoring the services and processes in use

c

Which of the following is not a step in the FAIR risk management framework? a. identify scenario components b. evaluate loss event frequency c. assess control impact d. derive and articulate risk

c

Which of the following is the first component in the contingency planning process? a. business continuity training b. disaster recovery planning c. business impact analysis d. incident response planning

c

Which of the following is true about a hot site? a. It is an empty room with standard heating, air conditioning, and electrical service. b. It includes computing equipment and peripherals with servers but not client workstations. c. It duplicates computing resources, peripherals, phone systems, applications, and workstations. d. All communications services must be installed after the site is occupied.

c

Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs? a. task rotation b. mandatory vacations c. separation of duties d. job rotation

c

Which of the following risk treatment strategies describes an organization's attempt to shift risk to other assets, other processes, or other organizations? a. acceptance b. avoidance c. transference d. mitigation

c

Which of the following specifies the authorization level that each user of an information asset is permitted to access, subject to the need-to-know principle? a. discretionary access controls b. task-based access controls c. security clearances d. sensitivity levels

c

Which technology employs sockets to map internal private network addresses to a public address using one-to-many mapping? a. network-address translation b. screened-subnet firewall c. port-address translation d. private address mapping

c

Which technology has two modes of operation: transport and tunnel? a. Secure Hypertext Transfer Protocol b. Secure Shell c. IP Security Protocol d. Secure Sockets Layer

c

Which type of access controls can be role-based or task-based? a. constrained b. content-dependent c. nondiscretionary d. discretionary

c

Workers typically hired to perform specific services for the organization and hired via a third-party organization are known as __________. a. temporary workers b. consultants c. contract employees d. business partners

c

__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. a. System review b. Project review c. Program review d. Application review

c

A risk treatment strategy that indicates the organization is willing to accept the current level of risk, is making a conscious decision to do nothing to protect an information asset from risk, and accepts the outcome from any resulting exploitation.

c. acceptance risk treatment strategy

An attempt to improve information security practices by comparing an organization's efforts against practices of a similar organization or an industry-developed standard to produce results it would like to duplicate.

c. benchmarking

Controls access to a specific set of information based on its content.

c. content-dependent access controls

The process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident is known as incident __________.

classification

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions is known as __________.

collusion

Since even the implementation of new technologies does not necessarily guarantee an organization can gain or maintain a competitive lead, the concept of _________ has emerged as organizations strive not to fall behind technologically.

competitive disadvantage

An ATM which limits what kind of transactions a user can perform is an example of which type of access control?

constrained user interface

In which form of access control is access to a specific set of information contingent on its subject matter?

content-dependent access controls

In the COSO framework, __________ activities include those policies and procedures that support management directives.

control

The last phase in NIST performance measures implementation is to apply __________ actions, which closes the gap found in Phase 2.

corrective

The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident is known as __________.

cost avoidance

Each of the following is an item that affects the cost of a particular risk treatment strategy EXCEPT:

cost of IT operations (keeping systems operational during the period of treatment strategy development)

Also known as an economic feasibility study the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization is known as _________.

cost-benefit analysis (CBA)

A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists. a. Bugs b. Bugfix c. Buglist d. Bugtraq

d

A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle. a. revision b. update c. change d. configuration

d

An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

d

Common vulnerability assessment processes include: a. Internet VA b. wireless VA c. intranet VA d. all of these

d

Each of the following is an item that affects the cost of a particular risk treatment strategy EXCEPT: a. cost of maintenance (labor expense to verify and continually test, maintain, train, and update) b. cost of development or acquisition (hardware, software, and services) c. cost of implementation (installing, configuring, and testing hardware, software, and services) d. cost of IT operations (keeping systems operational during the period of treatment strategy development)

d

In information security, a framework or security model customized to an organization, including implementation details, is a _________. a. security standard b. methodology c. security policy d. blueprint

d

In the _________ firewall architecture, a single device configured to filter packets serves as the sole security point between the two networks. a. state-managed firewall b. screened-subnet firewall c. single-homed firewall d. single bastion host

d

In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals? a. desk check b. simulation c. structured walk-through d. full-interruption

d

In which technique does a group rate or rank a set of information, compile the results, and repeat until everyone is satisfied with the result? a. OCTAVE b. FAIR c. hybrid measures d. Delphi

d

Organizations must consider all but which of the following during development and implementation of an InfoSec measurement program? a. Measurements must yield quantifiable information. b. Data that supports the measures needs to be readily obtainable. c. Only repeatable InfoSec processes should be considered for measurement. d. Measurements must be useful for tracking non-compliance by internal personnel.

d

Problems with benchmarking include all but which of the following? a. Organizations don't often share information on successful attacks. b. Organizations being benchmarked are seldom identical. c. Recommended practices change and evolve, so past performance is no indicator of future success. d. Benchmarking doesn't help in determining the desired outcome of the security process.

d

The COSO framework is built on five interrelated components. Which of the following is NOT one of them? a. control environment b. risk assessment c. control activities d. InfoSec governance

d

The ISO 27005 Standard for Information Security Risk Management includes all but which of the following stages? a. risk assessment b. risk treatment c. risk communication d. risk determination

d

The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. a. US-CERT b. Bugtraq c. CM-CERT d. CERT/CC

d

The __________ mailing list includes announcements and discussion of a leading open-source IDPS. a. Nmap-hackers b. Packet Storm c. Security Focus d. Snort

d

The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization. a. ASP b. ISP c. SVP d. PSV

d

The combination of a system's TCP/IP address and a service port is known as a __________. a. portlet b. NAT c. packet d. socket

d

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________. a. maximum tolerable downtime (MTD) b. recovery point objective (RPO) c. work recovery time (WRT) d. recovery time objective (RTO)

d

The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________. a. IDE b. CERT c. ERP d. IRP

d

The process of assigning financial value or worth to each information asset is known as __________. a. probability estimate b. cost estimation c. risk acceptance premium d. asset valuation

d

What is most commonly used for the goal of nonrepudiation in cryptography? a. block cipher b. digital certificate c. PKI d. digital signature

d

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach? a. Identify resource requirements. b. Identify business processes. c. Determine mission/business processes and recovery criticality. d. Identify recovery priorities for system resources.

d

What is the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them? a. need-to-know b. eyes only c. least privilege d. separation of duties

d

What is the next phase of the pre-attack data gathering process after an attacker has collected all of an organization's Internet addresses? a. footprinting b. content filtering c. deciphering d. fingerprinting

d

When an information security team is faced with a new technology, which of the following is NOT a recommended approach? a. Determine if the benefits of the proposed technology justify the expected costs. b. Include costs for any additional risk control requirements that are mandated by the new technology. c. Consider how the proposed solution will affect the organization's risk exposure. d. Evaluate how the new technology will enhance employee skills.

d

When hiring security personnel, which of the following should be conducted before the organization extends an offer to any candidate, regardless of job level? a. new hire orientation b. covert surveillance c. organizational tour d. background check

d

Which international standard provides a structured methodology for evaluating threats to economic performance in an organization and was developed using the Australian/New Zealand standard AS/NZS 4360:2004 as a foundation? a. ISO 27001 b. ISO 27005 c. NIST SP 800-39 d. ISO 31000

d

Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)? a. Identify b. Detect c. Respond d. Protect

d

Which of the following affects the cost of a control? a. liability insurance b. CBA report c. asset resale d. maintenance

d

Which of the following biometric authentication systems is considered to be truly unique, suitable for use, and currently cost-effective? a. gait recognition b. signature recognition c. voice pattern recognition d. fingerprint recognition

d

Which of the following characteristics currently used for authentication purposes is the LEAST unique? a. fingerprints b. iris c. retina d. face geometry

d

Which of the following determines how well a proposed treatment will address user acceptance and support, management acceptance and support, and the system's compatibility with the requirements of the organization's stakeholders? a. behavioral feasibility b. political feasibility c. technical feasibility d. operational feasibility

d

Which of the following is NOT a consideration when selecting recommended best practices? a. threat environment is similar b. resource expenditures are practical c. organization structure is similar d. same certification and accreditation agency or standard

d

Which of the following is NOT a major component of contingency planning? a. incident response b. disaster recovery c. business continuity d. threat assessment

d

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)? a. Identify b. Detect c. Recover d. React

d

Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information? a. confidential b. secret c. top secret d. for official use only

d

Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections? a. database shadowing b. timesharing c. traditional backups d. electronic vaulting

d

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin? a. unusual system crashes b. reported attack c. presence of new accounts d. use of dormant accounts

d

Which of the following is the original purpose of ISO/IEC 17799? a. Use within an organization to obtain a competitive advantage b. Implementation of business-enabling information security c. Use within an organization to ensure compliance with laws and regulations d. To offer guidance for the management of InfoSec to individuals responsible for their organization's security programs

d

Which of the following is true about firewalls and their ability to adapt in a network? a. Firewalls can interpret human actions and make decisions outside their programming. b. Because firewalls are not programmed like a computer, they are less error prone. c. Firewalls are flexible and can adapt to new threats. d. Firewalls deal strictly with defined patterns of measured observation.

d

Which of the following risk treatment strategies describes an organization's efforts to reduce damage caused by a realized incident or disaster? a. acceptance b. avoidance c. transference d. mitigation

d

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones? a. Clark-Wilson b. Bell-LaPadula c. Common Criteria d. Biba

d

Which type of IDPS works like antivirus software? a. network-based b. anomaly-based c. host-based d. signature-based

d

__________ are a component of the "security triple." a. Threats b. Assets c. Vulnerabilities d. All of the above

d

Workers hired to perform specific services for the organization.

d. contract employees

Access is granted based on a set of rules specified by the central authority.

d. rule-based access controls

A risk treatment strategy that eliminates all risk associated with an information asset by removing it from service.

d. termination risk treatment strategy

Application of training and education among other approach elements is a common method of which risk treatment strategy?

defense

The __________ risk treatment strategy attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards in an effort to change the likelihood of a successful attack on an information asset.

defense

The approach known as the avoidance strategy is more properly known as the __________ risk treatment strategy.

defense

An information attack that involves searching through a target organization's trash and recycling bins for sensitive information is know as _________.

dumpster diving

Public key container files that allow PKI system components and end users to validate a public key and identify its owner. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

e

The actions that demonstrate that an organization has made a valid effort to protect others and that the implemented standards continue to provide the required level of protection.

e. due diligence

The quantity and nature of risk that organizations are willing to accept.

e. risk appetite

Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.

e. separation of duties

The bulk batch transfer of data to an off-site facility is known as __________.

electronic vaulting

When a vulnerability (flaw or weakness) exists in an important asset, implement security controls to reduce the likelihood of a vulnerability being __________.

exploited

A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

f

When the ISO 27002 standard was first proposed, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems; which of the following is NOT one of them? a. It was not as complete as other frameworks. b. The standard lacked the measurement precision associated with a technical standard. c. The standard was hurriedly prepared. d. It was feared it would lead to government intrusion into business matters.

f

The formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization.

f. cost-benefit analysis

The requirement that every employee be able to perform the work of at least one other employee.

f. job rotation

Ratings of the security level for a specified collection of information (or user) within a mandatory access control scheme.

f. sensitivity levels

Each of the following is a recommendation from the FDIC when creating a successful SLA EXCEPT:

forecasting costs

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as _________.

framework

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a(n) __________.

framework

In __________ testing of contingency plans, the individuals follow each and every procedure, including interruption of service, restoration of data from backups, and notification of appropriate individuals.

full interruption

A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

g

The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident.

g. cost avoidance

One of the TCSEC's covert channels, which communicate by modifying a stored object.

g. storage channel

The requirement that all critical tasks can be performed by multiple individuals.

g. task rotation

Although COBIT was designed to be an IT _________ and management structure, it includes a framework to support InfoSec requirements and assessment needs.

governance

NIST's Risk Management Framework follows a three-tiered approach with most organizations working from the top down, focusing first on aspects that affect the entire organization, such as _________.

governance

A cryptographic operation that involves simply rearranging the values within a block based on an established pattern. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

h

A process of assigning financial value or worth to each information asset.

h. asset valuation

A legal standard that requires an organization and its employees to act as a reasonable and prudent individual or organization would under similar circumstances.

h. standard of due care

A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.

h. task-based controls

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

i

An examination of how well a particular solution fits within the organization's strategic planning objectives and goals.

i. organizational feasibility

The data or the trends in data that may indicate the effectiveness of security countermeasures or controls—technical and managerial—implemented in the organization.

i. performance measurements

A TCSEC-defined covert channel, which transmits information by managing the relative timing of events.

i. timing channel

A(n) __________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions.

incident

The __________ plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.

incident response (IR)

ISO/IEC 27001 provides implementation details on how to implement ISO/IEC 27002 and how to set up a(n) __________.

information security management system (ISMS)

The organized research and investigation of Internet addresses owned or controlled by a target organization. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

j

Within TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security

j. TCB

The calculated value associated with the most likely loss from a single attack.

j. single loss expectancy

Workers brought in by organizations to fill positions for a short time or to supplement the existing workforce.

j. temporary workers

The requirement that every employee be able to perform the work of at least one other employee is known as __________.

job rotation

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is called __________.

least privilege

Which of the following affects the cost of a control?

maintenance

A requirement that all employees take time off from work, which allows the organization to audit the individual's areas of responsibility, is known as __________ vacation policy.

mandatory

Which of the following is NOT a category of access control?

mitigating

The risk treatment strategy that seeks to reduce the impact of a successful attack through the use of IR, DR, and BC plans is __________.

mitigation mitigate

The __________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

need to know

Which of the following determines how well a proposed treatment will address user acceptance and support, management acceptance and support, and the system's compatibility with the requirements of the organization's stakeholders?

operational feasibility

Which of the following determines how well the proposed InfoSec treatment alternatives will contribute to the efficiency, effectiveness, and overall operation of an organization?

organizational feasibility

Effective contingency planning begins with effective __________.

policy

What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?

qualitative assessment of many components

The __________ is the point in time before a disruption or system outage to which business process data can be recovered after the outage, given the most recent backup copy of the data.

recovery point objective (RPO)

Which piece of the Trusted Computing Base's security system manages access controls?

reference monitor

Within TCB, a conceptual piece of the system that manages access controls—in other words, it mediates all access to objects by subjects—is known as a __________.

reference monitor

When vulnerabilities have been controlled to the degree possible, there is often remaining risk that has not been complete removed, shifted, or planned for and is called _________.

residual risk

To keep up with the competition, organizations must design and create a __________ environment in which business processes and procedures can function and evolve effectively.

secure

To design a security program, an organization can use a(n) __________, which is a generic outline of the more thorough and organization-specific blueprint.

security model framework

What is the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them?

separation of duties

A(n) __________ is an agency that provides physical facilities for a fee, in the case of DR/BC planning.

service bureau

In a cost-benefit analysis, the calculated value associated with the most likely loss from an attack (impact) is known as __________. It is the product of the asset's value and the exposure factor.

single loss expectancy (SLE)

A goal of 100 percent employee InfoSec training as an objective for the training program is an example of a performance __________.

target measure metric

The requirement that all critical tasks can be performed by multiple individuals is known as __________.

task rotation

An examination of how well a particular solution is supportable given the organization's current technological infrastructure and resources is known as __________.

technical feasibility

. The __________ risk treatment strategy eliminates all risk associated with an information asset by removing it from service.

termination

The __________ risk treatment strategy attempts to shift the risk to other assets, processes, or organizations.

transference transfer

Under TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy is known as the __________.

trusted computing base (TCB)

The organization of a task or process so it requires at least two individuals to work together to complete is known as __________ control.

two person two man

Which of the following is NOT one of the methods noted for selecting the best risk management model?

use the methodology most similar to what is currently in use


Kaugnay na mga set ng pag-aaral

System Analysis and Design: Project Management Quiz 11 (CH10)

View Set

Chapter 1-I: Interest, Subrogation, and Claims

View Set

Combo with "MacroEconomics-Yukon Chapter 1, 6, 7, 8, 9, 10, 11, 12" and 14 others

View Set

AP Psychology Unit 1: History, Approaches, and Research Methods

View Set

5.11.F - Test: Latin America & the Caribbean

View Set

Priority Setting Frameworks Advanced Test

View Set

Unit 2: Algorithms, Variables & Data Types

View Set