Fundamental Information Security Chapter 12: Information Security Standards
Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs? 802.3 802.11 802.16 802.18
802.11
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with? Network and Session Session and Transport Application and Session Application and Transport
Application and Session
Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect? Health records Credit card information Educational records Trade secrets
Credit card information
Which element is NOT a core component of the ISO 27002 standard? Risk assessment Cryptography Asset management Access control
Cryptography
Which technology category would NOT likely be the subject of a standard published by the International Electrotechnical Commission (IEC)? Semiconductors Solar energy Encryption Consumer appliances
Encryption
Which organization creates information security standards that specifically apply within the European Union? International Telecommunication Union (ITU) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER) Institute of Electrical and Electronics Engineers (IEEE)
European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)
The International Standard Book Number (ISBN) is an IEEE standard. True False
False
The National Institute of Standards and Technology (NIST) is a nongovernmental organization whose goal is to develop and publish international standards. True False
False
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues. True False
False
The National Institute of Standards and Technology (NIST) publishes the IEEE 802 LAN/MAN standard family. True False
False
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out? NIST 800-53 IEEE 802.3 ANSI x.1199 ISO 17799
IEEE 802.3
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? ISO 17799 ISO 9000 ISO 27002 ISO 14001
ISO 27002
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI? Ocean Surveillance Information System (OSIS) International Organization for Standardization (ISO) National Institute of Standards and Technology (NIST) Information Systems Audit and Control Association (ISACA)
International Organization for Standardization (ISO)
Which organization promotes technology issues as an agency of the United Nations? International Telecommunication Union (ITU) Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) Internet Assigned Numbers Authority (IANA)
International Telecommunication Union (ITU)
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?" National Institute of Standards and Technology (NIST) Federal Communications Commission (FCC) Federal Trade Commission (FTC) National Aeronautics and Space Administration (NASA)
National Institute of Standards and Technology (NIST)
Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process? Proposed Standard (PS) Draft Standard (DS) Standard (STD) Best Current Practice (BCP)
Proposed Standard (PS)
ISO/IEC 27002 provides organizations with best-practice recommendations on information security management. True False
True
Payment Card Industry Data Security Standard (PCI DSS) version 3.2 defines 12 requirements for compliance, organized into six groups, called control objectives. True False
True
Standards provide guidelines to ensure that products in today's computing environments work together. True False
True
The Institute of Electrical and Electronics Engineers (IEEE) publishes or sponsors more than 13,000 standards and projects. True False
True
The International Electrotechnical Commission (IEC) is the predominant organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes. True False
True
The International Electrotechnical Commission (IEC) was instrumental in the development of standards for electrical measurements, including gauss, hertz, and weber. True False
True
The International Organization for Standardization (ISO) organizes its standards by both the International Classification for Standards (ICS) and the Technical Committee (TC) to which it assigns each standard. True False
True
The International Telecommunication Union (ITU) was formed in 1865 as the International Telegraph Union to develop international standards for the emerging telegraph communications industry. True False
True
Visa, MasterCard, and other payment card vendors helped to create the Payment Card Industry Data Security Standard (PCI DSS). True False
True
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities? 600 700 800 900
800
Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect? User interface Encryption Routing Signaling
Encryption
All request for comments (RFC) originate from the Internet Engineering Task Force (IETF). True False
False
Which organization created a standard version of the widely used C programming language in 1989? Institute of Electrical and Electronics Engineers (IEEE) International Organization for Standardization (ISO) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI)
American National Standards Institute (ANSI)
The Internet Architecture Board (IAB) is a subcommittee of the IETF. True False
True
The Internet Architecture Board (IAB) serves as an advisory body to the Internet Society (ISOC). True False
True
What type of publication is the primary working product of the Internet Engineering Task Force (IETF)? Special Publication (SP) Request for comment (RFC) ISO standard Public service announcement (PSA)
Request for comment (RFC)
What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)? Architecture for Internet protocols and procedures Editorial and publication procedures for requests for comments (RFCs) Confirmation of IETF chairs Subject matter expertise on routing and switching
Subject matter expertise on routing and switching
ANSI produces standards that affect nearly all aspects of IT. True False
True
American National Standards Institute (ANSI) was formed in 1918 through the merger of five engineering societies and three government agencies. True False
True
Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model? Network Application Physical Session
Network
Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information? International Electrotechnical Commission (IEC) National Institute of Standards and Technology (NIST) World Wide Web Consortium (W3C) Internet Engineering Task Force (IETF)
World Wide Web Consortium (W3C)