Info Security Santa Fe College

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.

False

Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks. True or False

False

Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

False

Qualitative risk analysis is a list of identified risks that results from the risk-identification process. True or False

False

Audits are necessary because of ________.

All of the above

Which of the following adequately defines continuous authentication?

An authentication method in which a user is authenticated at multiple times or event intervals.

When you apply an account-lockout policy, set the __________ to a high enough number that authorized users aren't locked out due to mistyped passwords.

Threshold

A computer virus is an executable program that attaches to, or infects, other executable programs.

True

Failing to prevent an attack all but invites an attack. True or False

True

SAS70 was officially retired in June 2011 and was superseded and enhanced by the Statement of Standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations. True or False

True

SOC 3 reports are intended for public consumption.

True

When security seems to get in the way of an employee's productivity, they'll often bypass security measures to complete their work more quickly.

True

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

True

Which of the following is the definition of packet-filtering firewall?

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.

In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations.

Compliance

"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned."This is a disadvantage to choosing the self-study option thatcan be labeled ________.

Procrastination

From the perspective of a _________ professional, configuration management evaluates the impact a modification might have on security.

Security

E-commerce systems and applications demand strict C-I-A ________

Security Controls

What fills security gaps and software weaknesses?

Testing and quality assurance

The primary difference between SOC 2 and SOC 3 reports is ________.

Their Audience

Decryption is the act of scrambling plaintext into ciphertext.

False

One of the OSI Reference Model layers, the Transport Layer, creates, maintains, and disconnects communications that take place between processes over the network. True or False

False

Opt-in (subscribe) features in spam messages can represent a new form of reconnaissance attack to acquire legitimate target addresses. True or False

False

Wardialers are becoming more frequently used given the rise of digitaltelephony and now IP telephony or Voice over IP (VoIP).

False

Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.

Integrity

Although wardialing is an old attack method, it is still useful for finding access points to computers because many computer networks and voice systems have modems attachedto phone lines.

True

Most often, passphrases are used for public and private key authentication.

True

Multiprotocol Label Switching (MPLS) is a WAN software feature that allows customers to maximize performance.

True

One of the most important parts of a FISMA information security program is that agencies test and evaluate it.

True

Qualitative risk analysis is a list of identified risks that results from the risk-identification process.

True

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas. True or False

True

The proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage, is exposure factor (EF).

True

The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

Today, one of the most common methods for identifying what skills a security professional possesses is his or herlevel of certification. True or False

True

Typically, the director of IT security ensures that the company meets WAN Domain security policies, standards, procedures, and guidelines.

True

Typically, the director of IT security ensures that the company meets WAN Domain security policies, standards, procedures, and guidelines. True or False

True

Loss of financial assets due to ________ is a worst-case scenario for all organizations.

Malicious attack

Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.

Worm

There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data mightbe.

Ciphertext-only attack (COA)

A method to restrict access to a network based on identity or other rules is the definition of ________.

network access control (NAC)

The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.

Continuing Education

________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk.

Quantitative risk analysis


Ensembles d'études connexes

AP US Chapter 19, 20 part 1, 20 part 2

View Set

Live Virtual Lab 12.1: Module 12 Authentication and Authorization Implementation Techniques

View Set

Upper and Lower Respiratory Drug Questions NUR 311 Week 9

View Set

Chapter 1 - Introduction to nursing

View Set

Describe CSF and its Circulation

View Set

Human Sexuality EXAM Study Guide

View Set

Chapter 10 Implementing Hard Drives

View Set

Exam 1 Study Sheet - BUSA 120: Introduction to Business

View Set