Quiz 10
Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?
Credit card information
A dedicated line that connects two remote computers typically uses an asynchronous modem.
False
Regarding TCP connections, a three-way handshake that doesn't complete because the client fails to send the final ACK to the server results in a closed connection.
False
The four main areas in NIST SP 800-50 are awareness, training, certification, and professional development.
False
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?
International Organization for Standardization (ISO)
Helen is an experienced information security professional who earned a four-year degree while a full-time student. She would like to continue her studies on a part-time basis. What is the next logical degree for Helen to earn?
Master's degree
What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)?
Subject matter expertise on routing and switching
Master of science (MS) degree programs prepare a student to enter the field of information security and perform the work of securing systems.
True
Nearly any college or university can offer an information systems security or cybersecurity-related degree program once it obtains accreditation for the curriculum from that state's board of education.
True
Social engineering relies on the tension between business objectives and security.
True
TCP and UDP provide data transport between hosts.
True
The Internet Architecture Board (IAB) serves as an advisory body to the Internet Society (ISOC).
True
The National Institute of Standards and Technology (NIST) publishes the IEEE 802 LAN/MAN standard family.
False
An effective line of defense against social engineering is authentication.
True
The National Institute of Standards and Technology (NIST) 800 Series publications cover all NIST-recommended procedures for managing information security.
True
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees?
Annually
Large-scale attacks consist of four phases: surveillance, infiltration, execution, and assessment.
False
ANSI produces standards that affect nearly all aspects of IT.
True
Standards provide guidelines to ensure that products in today's computing environments work together.
True
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.
True