Sutherland Information security final

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Suppose an act of theft performed by a hacker was accompanied by defacement actions to delay discovery. The first act is obviously in the category of "theft" but the second act is another category—in this case it is a "force of nature."

False

A(n) _________ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

FCO

"Shoulder spying" is used is public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance.

False

A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. _________________________

False

A worm requires that another program is running before it can begin functioning.

False

Attacks conducted by scripts are usually unpredictable.

False

Computer assets are the focus of information security and are the information that has value to the organization, as well as the systems that store, process, and transmit the information. ____________

False

DoS attacks cannot be launched against routers.

False

Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost.

False

Media are items of fact collected by an organization and include raw numbers, facts, and words.

False

The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________

False

The macro virus infects the key operating system files located in the computer's start up sector.

False

The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________

False

Two watchdog organizations that investigate allegations of software abuse are the SIIA and NSA.

False

When electronic information is stolen, the crime is readily apparent.

False

When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. _________________________

False

The __________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security.

Freedom of Information

__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.

Fuzz

The __________ Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies.

Gramm-Leach-Bliley

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

HIDPSs

__________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.

Hash

__________ are decoy systems designed to lure potential attackers away from critical systems.

Honeypots

__________ is the unauthorized taking of personally identifiable information with the intent of committing fraud or another illegal or unethical purpose.

ID theft

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) __________.

PAC

__________ was developed by Phil Zimmermann and uses the IDEA cipher for message encoding.

PGP

The __________ Act seeks to improve the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies.

SOX

________often function as standards or procedures to be used when configuring or maintaining systems.

SysSPs

The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing.

Systems

A(n) __________ is an event that triggers an alarm when no actual attack is in progress.

false attack stimulus

Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.

fingerprinting

An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

framework

Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems.

True

Hackers are "persons who access systems and information without authorization and often illegally." _________________________

True

Intellectual property is defined as "the creation, ownership, and control of ideas as well as the representation of those ideas." _________________________

True

A(n) ____________________ is a formal approach to solving a problem by means of a structured sequence of procedures.

methodology

The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete.

milestone

Control __________ baselines are established for network traffic and for firewall performance and IDPS performance.

performance

The __________ is the difference between an organization's observed and desired performance.

performance gap

SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm.

160

Telnet protocol packets usually go to TCP port __________, whereas SMTP packets go to port __________.

23, 25

When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________.

standards of due care

A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

strategic

Tasks or action steps that come after the task at hand are called __________.

successors

A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption.

symmetric

Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) ​_________.

threat

_________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty.

Risk

The ______ understands financial risk assessment techniques, the value of organizational assets, and the security methods to be used.

Risk assessment specialist

Which of the following is not a major processing mode category for firewalls?

Router passthru

The former System Administration, Networking, and Security Organization is now better known as __________.

SANS

A(n) __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.

SPAN

The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.

SSL Record Protocol

__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.

Security technicians

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of duties

The __________ mailing list includes announcements and discussion of a leading open-source IDPS.

Snort

__________ inspection firewalls keep track of each network connection between internal and external systems.

Stateful

__________ filtering requires that the firewall's filtering rules for allowing and denying packets are developed and installed with the firewall.

Static

Which of the following versions of TACACS is still in use?

TACACS+

Kerberos __________ provides tickets to clients who request services.

TGS

__________ is the requirement that every employee be able to perform the work of another employee.

Task rotation

__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Temporary employees

Media as a subset of information assets are the systems and networks that store, process, and transmit information.

True

Much human error or failure can be prevented with effective training and ongoing awareness activities.

True

Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?

User

A(n) __________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

VPN

__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.

White box

__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.

Work factor

Bit stream methods commonly use algorithm functions like the exclusive OR operation (__________).

XOR

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees.

accidental

The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals?

accounting

A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.

alert roster

Common vulnerability assessment processes include:

all of these

The ____________________ phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.

analysis

In an organization, the value of ____________________ of information is especially high when it involves personal information about employees, customers, or patients.

confidentiality

A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle.

configuration

The Internet brought ____________________ to virtually all computers that could reach a phone line or an Internet-connected local area network.

connectivity

Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.

control

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.

correction

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

electronic vaulting

Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.

exit

The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________."

management

Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.

manager, technician

Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .

military personnel

In the __________ process, measured results are compared against expected results.

negative feedback loop

A(n) __________ IDPS is focused on protecting network information assets.

network-based

A computer is the ____________________ of an attack when it is the entity being targeted.

object

The ability to detect a target computer's __________ is very valuable to an attacker.

operating system

A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.

packet sniffer

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.

passive

Most network behavior analysis system sensors can be deployed in __________ mode only, using the same connection methods as network-based IDPSs.

passive

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

people

A __________ is usually the best approach to security project implementation.

phased implementation

During the early years, information security was a straightforward process composed predominantly of ____________________ security and simple document classification schemes.

physical

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.

pilot

Software license infringement is also often called software __________.

piracy

Guidelines that dictate certain behavior within an organization are known as __________.

policies

More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.

polyalphabetic

The ____________________ of information is the quality or state of ownership or control of some object or item.

possession

Family law, commercial law, and labor law are all encompassed by __________ law.

private

A frequently overlooked component of an information system, ____________________ are the written instructions for accomplishing a specific task.

procedures

By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce.

process of change

Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.

rainbow table

In most common implementation models, the content filter has two components: __________.

rating and filtering

Many public organizations must spend all budgeted funds within the fiscal year—otherwise, the subsequent year's budget is __________.

reduced by the unspent amount

RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.

redundant

The transfer of transaction data in real time to an off-site facility is called ____.

remote journaling

The probability of an unwanted occurrence, such as an adverse event or loss, is known as a(n) _________.

risk

The first phase of risk management is _________.

risk identification

Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host.

sacrificial

The __________ is a statement of the boundaries of the RA.

scope

The dominant architecture used to secure network access today is the __________ firewall.

screened subnet

The Payment Card Industry Data Security Standards (PCI DSS) are designed to enhance the __________ of customers' account data.

security

A _________ assigns a status level to employees to designate the maximum level of classified data they may access.

security clearance scheme

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.

signatures

The ____________________ component of an information system comprises applications, operating systems, and assorted command utilities.

software

In the ____________________ approach, the project is initiated by upper-level managers who issue policy, procedures, and processes, dictate the goals and expected outcomes, and determine accountability for each required action.

top-down

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.

traffic analysis

The __________ control strategy attempts to shift risk to other assets, other processes, or other organizations.

transference

In __________ mode, the data within an IP packet is encrypted, but the header information is not.

transport

Federal agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered "National Security Information," __________ data is the lowest-level classification.

unclassified

A potential weakness in an asset or its defensive control system(s) is known as a(n) ​_________.

vulnerability

In a(n) __________, assets or threats can be prioritized by identifying criteria with differing levels of importance, assigning a score for each of the criteria, and then summing and ranking those scores.

weighted factor analysis

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

wireless

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.

wrap-up

A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes __________.

All of the above

____________________ enables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format.

Availability

At the World Championships in Athletics in Helsinki in August 2005, a virus called Cabir infected dozens of __________, the first time this occurred in a public setting.

Bluetooth mobile phone

Each organization sets policy to choose one of two approaches when employing digital forensics. Select the statement that best identifies the options.

Both of these are approaches that might be chosen

According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.

Builders

A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan.

CBA

The formal decision-making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) __________.

CBA

The CNSS model of information security evolved from a concept developed by the computer security industry known as the ____________________ triad.

CIA

The _______ is usually considered the top security officer in an organization and typically reports to the chief information officer.

CISO

The __________ is typically considered the top information security officer in the organization.

CISO

The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.

CISSP

The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.

CISSP

In PKI, the CA periodically distributes a(n) _________ to all users that identifies all revoked certificates.

CRL

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?

Certified Computer Examiner (CCE) and Master Certified Computer Examiner (MCCE)

During the ____________________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks, so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers.

Cold

The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

EISP

The __________ Act of 1996 attempts to prevent trade secrets from being illegally shared.

Economic Espionage

The __________ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications.

Electronic Communications Privacy

__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.

Encryption

__________ is the action of luring an individual into committing a crime to get a conviction.

Entrapment

Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. _________________________

True

An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.

False

Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________

False

One form of e-mail attack that is also a DoS is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail.

False

Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. _________________________

False

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.

IDPS

__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet.

IPSec

The __________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization.

IR

The __________ is a nonprofit organization that focuses on the development and implementation of information security certifications and credentials.

ISC2

The _________ is a professional association that focuses on auditing, control, and security and whose membership comprises both technical and managerial professionals.

Information Systems Audit and Control Association

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________.

JAD

"Long arm __________" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems whenever it can establish jurisdiction.

Jurisdiction

The service within Kerberos that generates and issues session keys is known as __________.

KDC

__________ is the entire range of values that can possibly be used to construct an individual key.

Keyspace

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.

LFM

__________ are rules that mandate or prohibit certain behavior and are enforced by the government.

Laws

__________ is the legal obligation of an entity that extends beyond criminal or contract law.

Liability

_________ controls address personnel security, physical security, and the protection of production inputs and outputs.

Operational

__________ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.

Operational

_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.

PGP

__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.

PKI

The __________ commercial site focuses on current security tool resources.

Packet Storm

__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

Packet-filtering

__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker).

Penetration testing

If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors.

RFP

The __________ algorithm, developed in 1977, was the first public-key encryption algorithm published for commercial use.

RSA

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

Redundancy

The __________ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.

AH

__________ is the process of classifying IDPS alerts so that they can be more effectively managed.

Alarm filtering

The __________ layer of the bull's-eye model receives attention last.

Applications

Digital signatures should be created using processes and products that are based on the __________.

DSS

__________ are encrypted message components that can be mathematically proven to be authentic.

Digital signatures

A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.

MAC

_________ addresses are sometimes called electronic serial numbers or hardware addresses.

MAC

__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

MAC layer

________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

Managerial

__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.

NIDPSs

__________ is used to respond to network change requests and network architectural design proposals.

Network connectivity RA

The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly.

Policies

__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

Program review

Software is often under the constraints of ______ management, placing limits on time, cost, and manpower.

Project

__________ is an asset valuation approach that uses categorical or non-numeric values rather than absolute numerical measures.

Qualitive assessment

__________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.

RADIUS

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

Trap-and-trace

A mail bomb is a form of DoS attack.

True

A number of technical mechanisms—digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media—have been used to deter or prevent the theft of software intellectual property.

True

A sniffer program can reveal data transmitted on a network segment, including passwords, the embedded and attached files—such as word-processing documents—and sensitive data transmitted to or from applications.

True

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.

True

Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.

True

Software code known as a(n) cookie can allow an attacker to track a victim's activity on Web sites. _________________________

True

The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________

True

A(n) __________ is a simple project management planning tool.

WBS

The __________ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

acceptance

To evaluate the performance of a security system, administrators must establish system performance __________.

baselines

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________.

blueprint

A(n) _________ is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.

data classification scheme

Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.

de jure

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.

governance

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to __________.

identify and prioritize opportunities for improvement within the context of a continuous and repeatable process

The low overall degree of tolerance for __________ system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts.

illicit

The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.

tunnel mode

In TCP/IP networking, port __________ is not used.

0

DES uses a(n) ___________-bit block size.

64

Which of the following ports is commonly used for the HTTP protocol?

80

__________ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure.

AES

__________ is simply how often you expect a specific type of attack to occur.

ARO

__________ information is a form of collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group.

Aggregate

According to NIST SP 800-14's security principles, security should ________.

All of the above

Effective planning for information security involves:

All of the above

Management of classified data includes its storage and _________.

All of the above

Many who enter the field of information security are technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments.

All of the above

Redundancy can be implemented at a number of points throughout the security architecture, such as in ________.

All of the above

The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________.

All of the above

The Lewin change model includes __________.

All of the above

The information security function can be placed within the __________.

All of the above

The restrictions most commonly implemented in packet-filtering firewalls are based on __________.

All of the above

To use a packet sniffer legally, the administrator must __________.

All of the above

__________ are a component of the "security triple."

All of the above

The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages?

All of these are BIA stages

The __________ is a respected professional society that was established in 1947 as "the world's first educational and scientific computing society."

Association of Computing Machinery

____________________ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.

Authenticity

There are 12 general categories of threat to an organization's people, information, and systems. List at least six of the general categories of threat and identify at least one example of those listed.

Compromises to intellectual property Software attacks Deviations in quality of service Espionage or trespass Forces of nature Human error or failure Information extortion Sabotage or vandalism Theft Technical hardware failures or errors Technical software failures or errors Technological obsolescence

__________ are the fixed moral attitudes or customs of a particular group.

Cultural mores

The __________ is an intermediate area between a trusted network and an untrusted network.

DMZ

__________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.

DR

_________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.

Damage assessment

__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

Defense in depth

In digital forensics, all investigations follow the same basic methodology once permission for search and seizure has been obtained. Which of the following is NOT one of the elements of that process?

Determine whether to "apprehend and prosecute."

The __________ is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.

Digital Millennium Copyright Act

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?

The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. _________________________

True

With the removal of copyright protection mechanisms, software can easily be distributed and installed.

Ture

The __________ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.

USA PATRIOT

Risk _________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.

appetite

The application layer proxy firewall is also known as a(n) __________.

application firewall

Configuring firewall policies is viewed as much as a(n) __________ as it is a(n) __________.

art, science

A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.

bugtraq

The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.

bull's-eye

Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is __________.

education

A ____ site provides only rudimentary services and facilities.

cold

Known as the ping service, ICMP is a(n) __________ and should be ___________.

common method for hacker reconnaissance, turned off to prevent snooping

A(n) ____________________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.

community of interest

The history of information security begins with the concept of ____________________ security.

computer

Which of the following is NOT a described IDPS control strategy?

decentralized

The _________ control strategy attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.

defense

The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.

demilitarized

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.

destructive

One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment.

difference analysis

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date.

direct changeover

The concept of competitive _________ refers to falling behind the competition.

disadvantage

An X.509 v3 certificate binds a ___________, which uniquely identifies a certificate entity, to a user's public key.

distinguished name

Security __________ are the areas of trust within which users can freely communicate.

domains

Some people search trash and recycling bins—a practice known as _________—to retrieve information that could embarrass a company or compromise information security.

dumpster diving

A __________ filtering firewall can react to an emergent event and update or create rules to deal with the event.

dynamic

The senior technology officer is typically the chief ____________________ officer.

information

The model commonly used by large organizations places the information security department within the __________ department.

information technology

Information has ____________________ when it is whole, complete, and uncorrupted.

ingtegrity

Network behavior analysis system __________ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.

inline

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

intelligence

The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.

international laws

The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

intranet

During the ____________________ phase of the systems life cycle, the process begins by examining the event or plan that initiated the process. During this phase, the objectives, constraints, and scope of the project are specified.

investigation

A __________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.

key

__________ access control is a form of __________ access control in which users are assigned a matrix of authorizations for particular areas of access.

lattice-based, nondiscretionary

The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the __________.

loss frequency


Kaugnay na mga set ng pag-aaral

Rad 141-Elbow and Distal Humerus

View Set

Marketing Exam 1 - Ch 3/4 Quiz (BUS2 130(

View Set