Securities Midterm
__________ of information is the quality or state of being genuine or original. - Accuracy - Authorization - Confidentiality - Authenticity
Authenticity
A technique used to gain unauthorized access; intruder assumes a trusted IP address.
Spoofing
It consists of code segments that attach to existing programs and take control of access to the targeted computer.
Virus
An attacker monitors the network packets, modifies them, and inserts them back into the network.
man-in-the-middle
What term is used to describe the quality or state of ownership or control of information? - confidentiality - possession - authenticity - integrity
possession
What is the subject of the Sarbanes-Oxley Act? - Privacy - Banking - Financial Reporting - Trade secrets
- Financial Reporting
Criminal or unethical _________ goes to the state of mind of the individual performing the act. - All of the above - intent - attitude - accident
- accident
A short-term interruption in electrical power availability is known as a _____. - fault - blackout - lag - brownout
- fault
Which of the following countries reported the least tolerant attitudes toward personal use of organizational computer resources? - Sweden - United States - Singapore - Australia
Singapore
Using a known or previously installed access mechanism is known as which of the following - hidden bomb - vector - spoof - back door
back door
gaining access to a system or network using known or previously unknown/newly discovered access mechanisim
back door
Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards. - de jure - de facto - de public - de formale
de jure
non-existent malware that employees waste time spreading awareness about
virus & worm hoaxes
Which of the following illustrates that each phase of the SDLC begins with the results and information gained from the previous phase? - waterfall model - methodology - software assurance - investigation
waterfall method
they replicate themselves until they completely fill available resources such as memory and hard drive space.
worms
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. - CISO - CIO - ISO - CTO
CISO
Ethics are the moral attitudes or customs of a particular group. - True - False
False
Network Security addresses the issues needed to protect items, objects, or areas. - True - False
False
The Security Education Training and Awareness (SETA) program is a control measure designed to reduce the instances of _____ security breaches by employees. - intentional - accidental - physical - external
accidental
Which type of attacker will hack systems to conduct terrorist activities via network or internet pathways? - cyberhackers - electronic terrorists - cyberterrorists - electronic hackers
cyberterrorists
The Domain Name Service (DNS) is a function of the World Wide Web that converts URL (Uniform Resource Locator) like www.course.com into the IP address of the Web server host. - True - False
true
Which type of security addresses the protection of all communications media, technology, and content? - Information - Network - Physical - Communcations
Communications
____________ is a strategy for the protection of information assets that uses multiple layers and different types of controls ( managerial, operations, and technical) to provide optimal protection. - Networking - Proxy - Defense in depth - Best-Effort
Defense in depth
a coordinated stream of requests is launched against a target from many locations simultaneously.
Distributed denial-of-service
The _______ is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts. - GSP - EISP - ISSP - SysSP
EISP
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications. - Electronic Communications Privacy Act - Economic Espionage Act - Sarbanes-Oxley Act - Financial Services Modernization Ac
Electronic Communications Privacy Act
A worm requires that another program is running before it can begin functioning. - True - False
False
Database shadowing duplicates data in real-time data storage, but does not backup the databases at the remote site. - True - False
False
In the context of information security, confidentiality is the right of the individual or group to protect themselves and their information from unauthorized access. - True - False
False
Information has redundancy when it is free from mistakes or errors and it has the value that he end user expects. - True - False
False
When dealing with computerized information, a breach of possession will result in a breach of confidentiality. - True - False
False
When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment ____________. - True - False
False
Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? - Financial Services Modernization Act - Communications Act - Health Insurance Portability and Accountability Act - Computer Security Act
Financial Services Modernization Act
Which type of security encompasses the protection of voice and data networking components, connections, and content? - Information - Network - Physical - Communications
Network
It attacks a browser's address bar to redirect users to an illegitimate side for the purpose of obtaining private information.
Pharming
____________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. - Personal - Object - Physical - Standard
Physical
What can occur when developers fail to properly validate user input before using it to query a relational database?
SQL injection
_____ is any technology that aids in gathering information about a person or organization without their knowledge. - Spyware - A bot - Worm - Trojan
Spyware
The ___________ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. - WWW - FTP - HTTP - TCP
TCP
What is another name for a man-in-the-middle attack? - TCP hijacking - mail bombing - spoofing - denial of service
TCP hijacking
malware disguised as helpful, interesting, or necessary pieces of software
Trojan horses
Computer hardware is seldom the most valuable asset possessed by an organization. - True - False
True
Cyberterrorism has thus far been largely limited to acts such as the defacement of NATO web pages during the war in Kosovo - True - False
True
If information has a state of being genuine or original and is not a fabrication it has the characteristic of authenticity. - True - False
True
Indirect attacks originate from a compromise system or resource that is malfunctioning or working under the control of a threat. - True - False
True
Individuals with authorization and privileges to information within the organization are often those who are most likely to cause harm or damage by accident. - True - False
True
The secret is changed with safeguarding the nation's financial infrastructure and payments systems to preserve the integrity of the economy. - False - True
True
The value of information comes from the characteristics it possesses. - True - False
True
To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date. - True - False
True
The _____ defines stiffer personalities for prosecution of terrorist crimes. - Sarbanes-Oxley Act - Gramm-Leach-Bliley Act - USA PATRIOT ACT - Economic Espionage Act
USA PATRIOT Act
A(n) _________ is a document containing contact information for the people to be notified in the even of an incident. - emergency notification system - call register - alert roster - phone list
alert roster
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data; or is sometimes physical, such as a person, computer system, hardware, or other tangible object. Collectively all of these things are known as a(n) __________. - exploit - asset - risk - access
asset
Which of the following is an application error that occurs when more data is sent to a program buffer than it is designed to handle? - buffer underrun - buffer overrun - heap overflow - heap attack
buffer overrun
___________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents. - hacking - infoterrorism - cyberterrorism - cracking
cyberterrorism
___________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information assets during or just following an incident. - incident response - strategy development - containment assessment - damage assessment
damage assessment
An attacker sends a large number of connection or information requests to a target. - the largest system becomes overloaded and cannot respond to legitimate requests for service - it may result in system crash or inability to perform ordinary functions
denial-of-service
In a ____________ attack, the attacker sends a large number of connection or information requests to disrupt a target from many locations at the same time. - distributed denial-of-service - virus - spam - denial-of-service
distributed denial-of-service
A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions. - true - false
false
Which of the following occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it? - information extortion - technological extortion - insider trading - information hording
information extortion
Which of the following phrases of the SDLC is often considered the longest and most expensive phase of the systems development life cycle. - investigation - logical design - maintenance and change - implementation
maintenance and change
In which phase of the NIST SDLC are the systems in place and operating, enhancements and/or modifications to the system are developed and tested, and hardware and/or software are added or replaced? - initiation - development and acquisition - implementation and assessment - operation and maintenance
operation and maintenance
it monitors data traveling over network; it can be used both for legitimate management purposes and for stealing information from a network.
packet sniffer
A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encypted password file is known as a(n) ___________. - crib - rainbow table - crack file - dictionary
rainbow table
Hackers of limited skill who use expertly written software to attack a system are known as which of the following? - cyberterrorists - script kiddies - jailbreakers - social engineers
script kiddies
"4-1-9" fraud is an example of a ___________ attack. - virus - worm - social engineering - spam
social engineering
which of the following examines the behavior of individuals as they interact with systems, whether societal systems or information systems? - community science - social science - societal science - interaction management
social science
it is considered more a nuisance than an attack, though is emerging as a vector for some attacks.
spam
When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow which approach? - executive led - trickle down - top-down - bottom-uo
top-down
A disaster recovery plan is a plan that shows the organization's intended efforts to restore operations at the original site in the aftermath of the disaster. - True - False
true
A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. - true - false
true
The person responsible for the storage, maintenance, and protection of the information is the data custodian. - true - false
true
Warnings of attacks that are not valid are usually called hoaxes - True - False
true