itsy 2341 final

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

timing channel

A TCSEC-defined covert channel, which transmits information by managing the relative timing of events.

version

A __________ is the recorded condition of a particular revision of a software or hardware configuration item.

False

A bollard host is a device placed between an external, untrusted network and an internal, trusted network. __________

False

A company striving for "best security practices" makes every effort to establish security program elements that meet every minimum standard in their industry.

False

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions is known as racketeering. __________

collusion

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions.

asymmetric encryption

A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message.

transposition cipher

A cryptographic operation that involves simply rearranging the values within a block based on an established pattern.

Vernam cipher

A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it.

True

A firewall is any device that prevents a specific type of information from moving between the untrusted network and the trusted network.

task-based controls

A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.

blueprint

A framework or security model customized to an organization, including implementation details.

False

A general guideline for performance of hard drives suggests that when the amount of data stored on a particular hard drive averages 95% of available capacity for a prolonged period, you should consider an upgrade for the drive.

True

A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations.

standard of due care

A legal standard that requires an organization and its employees to act as a reasonable and prudent individual or organization would under similar circumstances.

False

A management model such as the ISO 27000 series deals with methods to maintain systems.

True

A packet filtering firewall is a networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules. __________

True

A password should be difficult to guess. __________

Bugtraq

A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.

VPN

A private, secure network operated over a public and insecure network.

traffic analysis

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.

True

A requirement that all employees take time off from work, which allows the organization to audit the individual's areas of responsibility, is known as a mandatory vacation policy. __________

False

A security clearance is an access control model in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access. __________

True

A security clearance is an access control model in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access. __________

False

A security metric is an assessment of the performance of some action or process against which future performance is assessed. __________

False

A security ​monitor is a conceptual piece of the system within the trusted computer base that manages access controls—in other words, it mediates all access to objects by subjects. __________

False

A semialphabetic substitution cipher is one that incorporates two or more alphabets in the encryption process.

True

A slow-onset disaster occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________

False

A smart chip is an authentication component, similar to a dumb card, that contains a computer chip to verify and validate several pieces of information instead of just a PIN. __________

content filter

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment.

scanning

A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.

temporal isolation

A time-release safe is an example of which type of access control?

weighted table analysis or weighted factor analysis

A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.

False

A user ticket is opened when a user calls about an issue. __________

False

A validity table is a tabular record of the state and context of each packet in a conversation between an internal and external user or system. __________

True

A wireless access point is a device used to connect wireless networking users and their devices to the rest of the organization's network(s). __________

configuration

A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle.

False

A(n) credit check can uncover past criminal behavior or other information that suggests a potential for future misconduct or a vulnerability that might render a job candidate susceptible to coercion or blackmail. __________

True

A(n) war game puts a subset of plans in place to create a realistic test environment. __________

False

A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. __________

rule-based access controls

Access is granted based on a set of rules specified by the central authority.

Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet.

According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment?

Conduct an after-action review.

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

True

All systems that are mission critical should be enrolled in platform security validation (PSV) measurement.

governance

Although COBIT was designed to be an IT __________ and management structure, it includes a framework to support InfoSec requirements and assessment needs.

constrained user interface

An ATM that limits what kinds of transactions a user can perform is an example of which type of access control?

False

An affidavit is used as permission to search for evidentiary material at a specified location and/or to seize items to return to an investigator's lab for examination after being signed by an approving authority. __________

False

An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. __________

baseline

An assessment of the performance of some action or process against which future performance is assessed.

benchmarking

An attempt to improve information security practices by comparing an organization's efforts against practices of a similar organization or an industry-developed standard to produce results it would like to duplicate.

False

An effective information security governance program requires constant change. __________

False

An effective information security governance program requires no ongoing review once it is well established.

True

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. __________

dumpster diving

An information attack that involves searching through a target organization's trash and recycling bins for sensitive information is known as __________.

PKI

An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.

False

An intranet vulnerability scan starts with the scan of the organization's default Internet search engine.

when an incident is detected that affects the organization

At what point in the incident life cycle is the IR plan initiated?

True

Biometrics are the use of physiological characteristics to provide authentication of an identification. __________

False

Boundary controls regulate the admission of users into trusted areas of the organization. __________

False

CERT stands for "computer emergency recovery team." __________

True

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. __________

False

Collusion is the requirement that every employee be able to perform the work of at least one other employee. __________

all of these

Common vulnerability assessment processes include:

plans for unexpected adverse events

Contingency planning is primarily focused on developing __________.

Wander freely in and out of facilities.

Contract employees—or simply contractors—should not be allowed to do what?

performance

Control __________ baselines are established for network traffic and for firewall performance and IDPS performance.

content-dependent access controls

Controls access to a specific set of information based on its content.

DAC

Controls implemented at the discretion or option of the data user.

corrective

Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?

benchmarking

Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?

False

Data or the trends in data that may indicate the effectiveness of security countermeasures or controls—technical and managerial—implemented in the organization are known as progress measurements. __________

intelligence

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

True

Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________

False

Documentation procedures are not required for configuration and change management processes.

False

Dumpster exploitation is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information. __________

signing the employment contract

Employees new to an organization should receive an extensive InfoSec briefing that includes all of the following EXCEPT:

performance evaluations

Employees pay close attention to job __________, and including InfoSec tasks in them will motivate employees to take more care when performing these tasks.

True

External monitoring entails forming intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization.

True

For configuration management and control, it is important to document the proposed or actual changes in the system security plan. __________

False

ISO 27001 certification is only available to companies that do business internationally.

Terminate the relationship with the individual and request that he or she be censured.

If a temporary worker (temp) violates a policy or causes a problem, what is the strongest action that the host organization can usually take, depending on the SLA?

True

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.

transport mode

In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses.

True

In a cold site there are only rudimentary services, with no computer hardware or peripherals.

False

In a lattice-based access control, a restriction table is the row of attributes associated with a particular subject (such as a user).​ __________

Both of these are correct.

In an IDPS, a piece of software that resides on a system and reports back to a management server is known as a(n) __________.

True

In an IDPS, a sensor is a piece of software that resides on a system and reports back to a management server. __________

False

In e-commerce situations, some cryptographic tools can be used for misrepresentation in order to assure that parties to the transaction are authentic, and that they cannot later deny having participated in a transaction. __________

blueprint

In information security, a framework or security model customized to an organization, including implementation details, is a _________.

False

In information security, a framework or security model customized to an organization, including implementation details, is known as a template. __________

True

In information security, a security blueprint is a framework or security model customized to an organization, including implementation details.

framework

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a __________.

False

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a blueprint. __________

False

In most organizations, the COO is responsible for creating the IR plan.

True

In some instances, risk is acknowledged as being part of an organization's business process.

False

In some organizations, asset management is the identification, inventory, and documentation of the current information system's status—hardware, software, and networking configurations. __________

single bastion host

In the _________ firewall architecture, a single device configured to filter packets serves as the sole security point between the two networks.

business continuity

In the event of an incident or disaster, which planning element is used to guide off-site operations?

permutation

In which cipher method are values rearranged within a block to create the ciphertext?

full-interruption

In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?

simulation

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

content-dependent access controls

In which form of access control is access to a specific set of information contingent on its subject matter?

cold site

In which type of site are no computer hardware or peripherals provided?

False

In wireless networking, the waveprint is the geographic area in which there is sufficient signal strength to make a network connection. __________

heighten InfoSec awareness

Incorporating InfoSec components into periodic employee performance evaluations can __________.

number of systems and users of those systems

InfoSec measurements collected from production statistics depend greatly on which of the following factors?

True

Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites.

False

Intense packet inspection is a firewall function that involves examining multiple protocol headers and even content of network traffic, all the way through the TCP/IP layers and including encrypted, compressed, or encoded data. __________

True

Inventory characteristics for hardware and software assets that record the manufacturer and versions are related to technical functionality, and should be highly accurate and updated each time there is a change.

True

Lattice-based access control specifies the level of access each subject has to each object, if any.

True

Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

the repeatability of measurement development, customization, collection, and reporting activities

NIST recommends the documentation of performance measurements in a standardized format to ensure ____________.

difference analysis

One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment.

storage channel

One of the TCSEC's covert channels, which communicate by modifying a stored object.

True

One of the critical tasks in the measurement process is to assess and quantify what will be measured and how it is measured. __________

effective security

One of the fundamental challenges in InfoSec performance measurement is defining what?

ISO 27002

One of the most widely referenced InfoSec management models, known as Information Technology—Code of Practice for Information Security Management, is also known as __________.

True

One question you should ask when choosing among recommended practices is "Can your organization afford to implement the recommended practice?"

personally identifiable information (PII)

Organizations are required by privacy laws to protect sensitive or personal employee information, including __________.

Measurements must be useful for tracking non-compliance by internal personnel.

Organizations must consider all but which of the following during development and implementation of an InfoSec measurement program?

True

Organizations should have a carefully planned and fully populated inventory of all their network devices, communication channels, and computing devices. __________

True

Over time, external monitoring processes should capture information about the external environment in a format that can be referenced across the organization as threats emerge and for historical use.

True

Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment.

True

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________

False

Performance measurements are seldom required in today's regulated InfoSec environment.

True

Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a current foundation for the information security program.

Benchmarking doesn't help in determining the desired outcome of the security process.

Problems with benchmarking include all but which of the following?

digital certificate

Public key container files that allow PKI system components and end users to validate a public key and identify its owner.

sensitivity levels

Ratings of the security level for a specified collection of information (or user) within a mandatory access control scheme.

True

Recommended or best practices are those security efforts that seek to provide a superior level of performance in the protection of information. __________

True

Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed.

True

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability.

separation of duties

Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.

True

Secure Shell (SSH) provides security for remote access connections over public networks by creating a secure and persistent connection.

False

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.

False

Specific warning bulletins are issued when developing threats and specific assets pose a measurable risk to the organization. __________

False

Standardization is an attempt to improve information security practices by comparing an organization's efforts against those of a similar organization or an industry-developed standard to produce results it would like to duplicate. __________

False

Technical controls alone, when properly configured, can secure an IT environment.

True

Temporary workers—often called temps—may not be subject to the contractual obligations or general policies that govern other employees.

False

The "something a person has" authentication mechanism takes advantage of something inherent in the user that is evaluated using biometrics.

True

The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. __________

InfoSec governance

The COSO framework is built on five interrelated components. Which of the following is NOT one of them?

over 40 percent of

The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.

rejection of the certification application based on lack of compliance or failure to remediate shortfalls

The ISO certification process takes approximately six to eight weeks and involves all of the following steps EXCEPT:

identification and definition of the current InfoSec program

The InfoSec measurement development process recommended by NIST is divided into two major activities. Which of the following is one of them?

Governance Framework

The Information Security __________ is a managerial model provided by an industry working group, National Cyber Security Partnership, which provides guidance in the development and implementation of organizational InfoSec structures and recommends the responsibilities that various members should have in an organization.

managing the development and operation of IT infrastructures

The Information Technology Infrastructure Library (ITIL) is a collection of methods and practices primarily for __________.

False

The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the development and operation of IT infrastructures. __________

False

The Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure.

True

The KDC component of Kerberos knows the secret keys of all clients and servers on the network.

False

The NIST SP 800-100 Information Security Handbook provides technical guidance for the establishment and implementation of an information security program.

insecure.org

The __________ Web site is home to the leading free network exploration tool, Nmap.

Packet Storm

The __________ commercial site focuses on current security tool resources.

CERT/CC

The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

scope

The __________ is a statement of the boundaries of the RA.

Snort

The __________ mailing list includes announcements and discussion of a leading open-source IDPS.

PSV

The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization.

intranet

The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

wireless

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

False

The action level is a predefined assessment level of an IDPS that triggers a predetermined response when surpassed. __________

contingency planning

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________.

due diligence

The actions that demonstrate that an organization has made a valid effort to protect others and that the implemented standards continue to provide the required level of protection.

work recovery time (WRT)

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.

True

The basic function of the external monitoring process is to monitor activity, report results, and escalate warnings. __________

dual-homed host

The bastion host is usually implemented as a __________, as it contains two network interfaces: one that is connected to the external network and one that is connected to the internal network, such that all traffic must go through the device to move between the internal and external networks.

reduced employee turnover due to misinterpreted security policies and practices

The benefits of ISO certification to an organization's employees include all of the following EXCEPT:

increased opportunities for government contracts

The benefits of ISO certification to organizations include all of the following EXCEPT:

True

The best method of remediation in most cases is to repair a vulnerability. __________

False

The biggest barrier to baselining in InfoSec is the fact that many organizations do not share information about their attacks with other organizations. __________

socket

The combination of a system's TCP/IP address and a service port is known as a __________.

False

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as required privilege. __________

performance measurements

The data or the trends in data that may indicate the effectiveness of security countermeasures or controls—technical and managerial—implemented in the organization.

True

The false accept rate is the rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. __________

False

The final process in the vulnerability assessment and remediation domain is the maintenance phase. __________

crisis management planning team (CMPT)

The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.

False

The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them is called isolationof duties. __________

demilitarized zone

The intermediate area between trusted and untrusted networks is referred to as which of the following?

False

The internal monitoring domain is the component of the maintenance model that focuses on identifying, assessing, and managing the physical security of assets in an organization.

False

The internal vulnerability assessment is usually performed against every device that is exposed to the Internet, using every possible penetration testing approach. __________

SP 800-100: Information Security Handbook: A Guide for Managers (2007)

The managerial tutorial equivalent of NIST SP 800-12, providing overviews of the roles and responsibilities of a security manager in the development, administration, and improvement of a security program, is NIST __________.

recovery time objective (RTO)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.

IRP

The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________.

footprinting

The organized research and investigation of Internet addresses owned or controlled by a target organization.

False

The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all the organization's networks, information systems, and information security defenses. __________

False

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as minimal access.

True

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know. __________

True

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called vulnerability assessment (VA). __________

cryptanalysis

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is known as __________.

false reject rate

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device is known as the __________.

task rotation

The requirement that all critical tasks can be performed by multiple individuals.

job rotation

The requirement that every employee be able to perform the work of at least one other employee.

True

The simplest kind of validation, the desk check, involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster.

stop the incident, mitigate incident effects, provide information for recovery from the incident

The steps in IR are designed to:

False

The systems development life cycle (SDLC) is the overall process of developing, implementing, and retiring information systems through a multistep approach—from initiation to use. __________

False

The target selection step of Internet vulnerability assessment involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed.

computer security incident response team (CSIRT)

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________.

maximum tolerable downtime (MTD)

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.

True

The vulnerability database, like the risk, threat, and attack database, both stores and tracks information.

SP 800-12, Rev. 1: An Introduction to Information Security (2017)

This NIST publication provides information on the elements of InfoSec, key roles and responsibilities, an overview of threats and vulnerabilities, a description of the three NIST security policy categories, and an overview of the NIST RM Framework and its use, among other topics needed for a foundation in InfoSec.

False

Threats cannot be removed without requiring a repair of the vulnerability.

False

To be put to the most effective use, the information that comes from the IDPS must be integrated into the inventory process. __________

baselines

To evaluate the performance of a security system, administrators must establish system performance __________.

60

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory.

False

Tracking monitoring involves assessing the status of the program as indicated by the database information and mapping it to standards established by the agency. __________

False

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.

False

Two-person control is the requirement that all critical tasks can be performed by multiple individuals. _________

False

US-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities. It is sponsored in part by SecurityFocus. __________

True

US-CERT is generally viewed as the definitive authority for computer emergency response teams.

access control list

Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following?

False

Under the Clark-Wilson model, internal consistency means that the system is consistent with similar data at the organization's competitors.

Protection Profile (PP)

Under the Common Criteria, which term describes the user-generated specifications for security requirements?

False

Using a practice called baselining, you are able to compare your organization's efforts to those of other organizations you feel are similar in size, structure, or industry.

False

WLAN stands for "wide local area network." __________

SSL

Was developed by Netscape in 1994 to provide security for online e-commerce transactions.

due care and due diligence

What do you call the legal requirements that an organization must adopt a standard based on what a prudent organization should do, and then maintain that standard?

honey pot

What is an application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion?

digital signature

What is most commonly used for the goal of nonrepudiation in cryptography?

Identify recovery priorities for system resources.

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

separation of duties

What is the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them?

fingerprinting

What is the next phase of the pre-attack data gathering process after an attacker has collected all of an organization's Internet addresses?

footprinting

What is the organized research and investigation of Internet addresses owned or controlled by a target organization?

packet sniffer

What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems?

business continuity

When a disaster renders the current business location unusable, which plan is put into action?

False

When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.

Evaluate how the new technology will enhance employee skills.

When an information security team is faced with a new technology, which of the following is NOT a recommended approach?

background check

When hiring security personnel, which of the following should be conducted before the organization extends an offer to any candidate, regardless of job level?

False

When performing full-interruption testing, normal operations of the business are not impacted.

PSV

When possible, major incident response plan elements should be rehearsed. __________

True

When possible, major incident response plan elements should be rehearsed. __________

It was feared it would lead to government intrusion into business matters.

When the ISO 27002 standard was first proposed, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems; which of the following is NOT one of them?

SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (1996)

Which NIST publication describes the philosophical guidelines that the security team should integrate into the entire InfoSec process, beginning with "Security supports the mission of the organization"?

need-to-know

Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

least privilege

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

deterrent

Which control category discourages an incipient incident—e.g., video monitoring?

Protect

Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?

Respond

Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?

authentication

Which of the following access control processes confirms the identity of the entity seeking access to a logical or physical area?

fingerprint recognition

Which of the following biometric authentication systems is considered to be truly unique, suitable for use, and currently cost-effective?

signature recognition

Which of the following biometric authentication systems is the most accepted by users?

face geometry

Which of the following characteristics currently used for authentication purposes is the LEAST unique?

incident damage assessment

Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?

mitigating

Which of the following is NOT a category of access control?

no changes by authorized subjects without external validation

Which of the following is NOT a change control principle of the Clark-Wilson model?

political activism

Which of the following is NOT a common type of background check that may be performed on a potential employee?

same certification and accreditation agency or standard

Which of the following is NOT a consideration when selecting recommended best practices?

high level of employee buy-in

Which of the following is NOT a factor critical to the success of an information security performance program?

threat assessment

Which of the following is NOT a major component of contingency planning?

sending DoS packets to the source

Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding?

Identify relevant stakeholders and their interests in InfoSec measurement.

Which of the following is NOT a phase in the NIST InfoSec performance measures development process?

What affect will measurement collection have on efficiency?

Which of the following is NOT a question a CISO should be prepared to answer before beginning the process of designing, collecting, and using performance measurements, according to Kovacich?

Are the user accounts of former employees immediately removed on termination?

Which of the following is NOT a question to be used as a self-assessment for recommended security practices in the category of people?

React

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?

former employee's home computer must be audited

Which of the following is NOT a task that must be performed if an employee is terminated?

something a person says

Which of the following is NOT among the three types of authentication mechanisms?

replacement

Which of the following is NOT one of the administrative challenges to the operation of firewalls?

for official use only

Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information?

those that evaluate the frequency with which employees access internal security documents

Which of the following is NOT one of the types of InfoSec performance measures used by organizations?

unusual consumption of computing resources

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin?

key distribution center

Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys?

electronic vaulting

Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?

crossover error rate

Which of the following is a commonly used criterion for comparing and evaluating biometric technologies?

use of dormant accounts

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin?

framework

Which of the following is a generic model for a security program?

weighted table analysis

Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?

identifying the vulnerabilities that allowed the incident to occur and spread

Which of the following is a part of the incident recovery process?

legal liability

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?

keeping the public informed about the event and the actions being taken

Which of the following is a responsibility of the crisis management team?

protect and forget

Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?

flood

Which of the following is the best example of a rapid-onset disaster?

business impact analysis

Which of the following is the first component in the contingency planning process?

Determine mission/business processes and recovery criticality.

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1?

To offer guidance for the management of InfoSec to individuals responsible for their organization's security programs

Which of the following is the original purpose of ISO/IEC 17799?

incident classification

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

Which of the following is true about a hot site?

Firewalls deal strictly with defined patterns of measured observation.

Which of the following is true about firewalls and their ability to adapt in a network?

It uses a secret key to encrypt and decrypt.

Which of the following is true about symmetric encryption?

key

Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data?

separation of duties

Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?

job rotation

Which of the following policies requires that every employee be able to perform the work of at least one other staff member?

two-person control

Which of the following policies requires that two individuals review and approve each other's work before the task is considered complete?

COBIT

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?

ticket granting service

Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?

remote journaling

Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?

security clearances

Which of the following specifies the authorization level that each user of an information asset is permitted to access, subject to the need-to-know principle?

performance management

Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program?

reference monitor

Which piece of the Trusted Computing Base's security system manages access controls?

Biba

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones?

TCSEC

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?

port-address translation

Which technology employs sockets to map internal private network addresses to a public address using one-to-many mapping?

IP Security Protocol

Which technology has two modes of operation: transport and tunnel?

port scanner

Which tool can best identify active computers on a network?

anomaly-based

Which type of IDPS is also known as a behavior-based intrusion detection system?

signature-based

Which type of IDPS works like antivirus software?

nondiscretionary

Which type of access controls can be role-based or task-based?

dynamic packet filtering firewall

Which type of device can react to network traffic and create or modify configuration rules to adapt?

proxy server

Which type of device exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server?

stateful packet inspection

Which type of firewall keeps track of each network connection established between internal and external systems?

False

Wireless vulnerability assessment begins with the planning, scheduling, and notification of all Internet connections, using software such as Wireshark.

TCB

Within TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy.

temporary workers

Workers brought in by organizations to fill positions for a short time or to supplement the existing workforce.

contract employees

Workers hired to perform specific services for the organization.

contract employees

Workers typically hired to perform specific services for the organization and hired via a third-party organization are known as __________.

False

You can document the results of the verification of a vulnerability by saving the results in what is called a(n) profile. __________

Program review

__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

All of the above

__________ are a component of the "security triple."

Network connectivity RA

__________ is used to respond to network change requests and network architectural design proposals.

White box

__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.

Penetration testing

__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker).

False

​A standard of due process is a legal standard that requires an organization and its employees to act as a "reasonable and prudent" individual or organization would under similar circumstances. __________


Kaugnay na mga set ng pag-aaral

Examples of Conduction, Convection, and Radiation, Earth Science - The Water Cycle

View Set

DODI 5040.02, VISUAL INFORMATION (VI)

View Set

Advertising & Promotions Study Guide - QUIZ 1

View Set

Module 7: Finance- TVM and Multiple Cash Flows

View Set