Sutherland Information security final
Suppose an act of theft performed by a hacker was accompanied by defacement actions to delay discovery. The first act is obviously in the category of "theft" but the second act is another category—in this case it is a "force of nature."
False
A(n) _________ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
"Shoulder spying" is used is public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance.
False
A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. _________________________
False
A worm requires that another program is running before it can begin functioning.
False
Attacks conducted by scripts are usually unpredictable.
False
Computer assets are the focus of information security and are the information that has value to the organization, as well as the systems that store, process, and transmit the information. ____________
False
DoS attacks cannot be launched against routers.
False
Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost.
False
Media are items of fact collected by an organization and include raw numbers, facts, and words.
False
The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________
False
The macro virus infects the key operating system files located in the computer's start up sector.
False
The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________
False
Two watchdog organizations that investigate allegations of software abuse are the SIIA and NSA.
False
When electronic information is stolen, the crime is readily apparent.
False
When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. _________________________
False
The __________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security.
Freedom of Information
__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.
Fuzz
The __________ Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies.
Gramm-Leach-Bliley
__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
HIDPSs
__________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
Hash
__________ are decoy systems designed to lure potential attackers away from critical systems.
Honeypots
__________ is the unauthorized taking of personally identifiable information with the intent of committing fraud or another illegal or unethical purpose.
ID theft
In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) __________.
PAC
__________ was developed by Phil Zimmermann and uses the IDEA cipher for message encoding.
PGP
The __________ Act seeks to improve the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies.
SOX
________often function as standards or procedures to be used when configuring or maintaining systems.
SysSPs
The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing.
Systems
A(n) __________ is an event that triggers an alarm when no actual attack is in progress.
false attack stimulus
Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.
fingerprinting
An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.
framework
Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems.
True
Hackers are "persons who access systems and information without authorization and often illegally." _________________________
True
Intellectual property is defined as "the creation, ownership, and control of ideas as well as the representation of those ideas." _________________________
True
A(n) ____________________ is a formal approach to solving a problem by means of a structured sequence of procedures.
methodology
The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete.
milestone
Control __________ baselines are established for network traffic and for firewall performance and IDPS performance.
performance
The __________ is the difference between an organization's observed and desired performance.
performance gap
SHA-1 produces a(n) ___________-bit message digest, which can then be used as an input to a digital signature algorithm.
160
Telnet protocol packets usually go to TCP port __________, whereas SMTP packets go to port __________.
23, 25
When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________.
standards of due care
A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.
strategic
Tasks or action steps that come after the task at hand are called __________.
successors
A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption.
symmetric
Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) _________.
threat
_________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty.
Risk
The ______ understands financial risk assessment techniques, the value of organizational assets, and the security methods to be used.
Risk assessment specialist
Which of the following is not a major processing mode category for firewalls?
Router passthru
The former System Administration, Networking, and Security Organization is now better known as __________.
SANS
A(n) __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
SPAN
The __________ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
SSL Record Protocol
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
Security technicians
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
Separation of duties
The __________ mailing list includes announcements and discussion of a leading open-source IDPS.
Snort
__________ inspection firewalls keep track of each network connection between internal and external systems.
Stateful
__________ filtering requires that the firewall's filtering rules for allowing and denying packets are developed and installed with the firewall.
Static
Which of the following versions of TACACS is still in use?
TACACS+
Kerberos __________ provides tickets to clients who request services.
TGS
__________ is the requirement that every employee be able to perform the work of another employee.
Task rotation
__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Temporary employees
Media as a subset of information assets are the systems and networks that store, process, and transmit information.
True
Much human error or failure can be prevented with effective training and ongoing awareness activities.
True
Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?
User
A(n) __________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
VPN
__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.
White box
__________ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.
Work factor
Bit stream methods commonly use algorithm functions like the exclusive OR operation (__________).
XOR
The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees.
accidental
The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals?
accounting
A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.
alert roster
Common vulnerability assessment processes include:
all of these
The ____________________ phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.
analysis
In an organization, the value of ____________________ of information is especially high when it involves personal information about employees, customers, or patients.
confidentiality
A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle.
configuration
The Internet brought ____________________ to virtually all computers that could reach a phone line or an Internet-connected local area network.
connectivity
Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
control
Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
correction
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.
electronic vaulting
Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.
exit
The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________."
management
Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.
manager, technician
Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .
military personnel
In the __________ process, measured results are compared against expected results.
negative feedback loop
A(n) __________ IDPS is focused on protecting network information assets.
network-based
A computer is the ____________________ of an attack when it is the entity being targeted.
object
The ability to detect a target computer's __________ is very valuable to an attacker.
operating system
A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.
packet sniffer
A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.
passive
Most network behavior analysis system sensors can be deployed in __________ mode only, using the same connection methods as network-based IDPSs.
passive
The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.
people
A __________ is usually the best approach to security project implementation.
phased implementation
During the early years, information security was a straightforward process composed predominantly of ____________________ security and simple document classification schemes.
physical
In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.
pilot
Software license infringement is also often called software __________.
piracy
Guidelines that dictate certain behavior within an organization are known as __________.
policies
More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.
polyalphabetic
The ____________________ of information is the quality or state of ownership or control of some object or item.
possession
Family law, commercial law, and labor law are all encompassed by __________ law.
private
A frequently overlooked component of an information system, ____________________ are the written instructions for accomplishing a specific task.
procedures
By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce.
process of change
Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.
rainbow table
In most common implementation models, the content filter has two components: __________.
rating and filtering
Many public organizations must spend all budgeted funds within the fiscal year—otherwise, the subsequent year's budget is __________.
reduced by the unspent amount
RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.
redundant
The transfer of transaction data in real time to an off-site facility is called ____.
remote journaling
The probability of an unwanted occurrence, such as an adverse event or loss, is known as a(n) _________.
risk
The first phase of risk management is _________.
risk identification
Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host.
sacrificial
The __________ is a statement of the boundaries of the RA.
scope
The dominant architecture used to secure network access today is the __________ firewall.
screened subnet
The Payment Card Industry Data Security Standards (PCI DSS) are designed to enhance the __________ of customers' account data.
security
A _________ assigns a status level to employees to designate the maximum level of classified data they may access.
security clearance scheme
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.
signatures
The ____________________ component of an information system comprises applications, operating systems, and assorted command utilities.
software
In the ____________________ approach, the project is initiated by upper-level managers who issue policy, procedures, and processes, dictate the goals and expected outcomes, and determine accountability for each required action.
top-down
A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.
traffic analysis
The __________ control strategy attempts to shift risk to other assets, other processes, or other organizations.
transference
In __________ mode, the data within an IP packet is encrypted, but the header information is not.
transport
Federal agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered "National Security Information," __________ data is the lowest-level classification.
unclassified
A potential weakness in an asset or its defensive control system(s) is known as a(n) _________.
vulnerability
In a(n) __________, assets or threats can be prioritized by identifying criteria with differing levels of importance, assigning a score for each of the criteria, and then summing and ranking those scores.
weighted factor analysis
The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.
wireless
The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.
wrap-up
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes __________.
All of the above
____________________ enables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format.
Availability
At the World Championships in Athletics in Helsinki in August 2005, a virus called Cabir infected dozens of __________, the first time this occurred in a public setting.
Bluetooth mobile phone
Each organization sets policy to choose one of two approaches when employing digital forensics. Select the statement that best identifies the options.
Both of these are approaches that might be chosen
According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.
Builders
A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan.
CBA
The formal decision-making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) __________.
CBA
The CNSS model of information security evolved from a concept developed by the computer security industry known as the ____________________ triad.
CIA
The _______ is usually considered the top security officer in an organization and typically reports to the chief information officer.
CISO
The __________ is typically considered the top information security officer in the organization.
CISO
The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.
CISSP
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.
CISSP
In PKI, the CA periodically distributes a(n) _________ to all users that identifies all revoked certificates.
CRL
The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?
Certified Computer Examiner (CCE) and Master Certified Computer Examiner (MCCE)
During the ____________________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks, so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers.
Cold
The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.
EISP
The __________ Act of 1996 attempts to prevent trade secrets from being illegally shared.
Economic Espionage
The __________ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications.
Electronic Communications Privacy
__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
Encryption
__________ is the action of luring an individual into committing a crime to get a conviction.
Entrapment
Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. _________________________
True
An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.
False
Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________
False
One form of e-mail attack that is also a DoS is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail.
False
Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. _________________________
False
A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
IDPS
__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet.
IPSec
The __________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization.
IR
The __________ is a nonprofit organization that focuses on the development and implementation of information security certifications and credentials.
ISC2
The _________ is a professional association that focuses on auditing, control, and security and whose membership comprises both technical and managerial professionals.
Information Systems Audit and Control Association
Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________.
JAD
"Long arm __________" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems whenever it can establish jurisdiction.
Jurisdiction
The service within Kerberos that generates and issues session keys is known as __________.
KDC
__________ is the entire range of values that can possibly be used to construct an individual key.
Keyspace
Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.
LFM
__________ are rules that mandate or prohibit certain behavior and are enforced by the government.
Laws
__________ is the legal obligation of an entity that extends beyond criminal or contract law.
Liability
_________ controls address personnel security, physical security, and the protection of production inputs and outputs.
Operational
__________ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
Operational
_________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.
PGP
__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.
PKI
The __________ commercial site focuses on current security tool resources.
Packet Storm
__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
Packet-filtering
__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker).
Penetration testing
If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors.
RFP
The __________ algorithm, developed in 1977, was the first public-key encryption algorithm published for commercial use.
RSA
__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.
Redundancy
The __________ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
AH
__________ is the process of classifying IDPS alerts so that they can be more effectively managed.
Alarm filtering
The __________ layer of the bull's-eye model receives attention last.
Applications
Digital signatures should be created using processes and products that are based on the __________.
DSS
__________ are encrypted message components that can be mathematically proven to be authentic.
Digital signatures
A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
MAC
_________ addresses are sometimes called electronic serial numbers or hardware addresses.
MAC
__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.
MAC layer
________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
Managerial
__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
NIDPSs
__________ is used to respond to network change requests and network architectural design proposals.
Network connectivity RA
The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly.
Policies
__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.
Program review
Software is often under the constraints of ______ management, placing limits on time, cost, and manpower.
Project
__________ is an asset valuation approach that uses categorical or non-numeric values rather than absolute numerical measures.
Qualitive assessment
__________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.
RADIUS
__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
Trap-and-trace
A mail bomb is a form of DoS attack.
True
A number of technical mechanisms—digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media—have been used to deter or prevent the theft of software intellectual property.
True
A sniffer program can reveal data transmitted on a network segment, including passwords, the embedded and attached files—such as word-processing documents—and sensitive data transmitted to or from applications.
True
A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
True
Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.
True
Software code known as a(n) cookie can allow an attacker to track a victim's activity on Web sites. _________________________
True
The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________
True
A(n) __________ is a simple project management planning tool.
WBS
The __________ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
acceptance
To evaluate the performance of a security system, administrators must establish system performance __________.
baselines
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________.
blueprint
A(n) _________ is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.
data classification scheme
Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards.
de jure
Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.
governance
In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to __________.
identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
The low overall degree of tolerance for __________ system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts.
illicit
The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.
tunnel mode
In TCP/IP networking, port __________ is not used.
0
DES uses a(n) ___________-bit block size.
64
Which of the following ports is commonly used for the HTTP protocol?
80
__________ is the current federal information processing standard that specifies a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure.
AES
__________ is simply how often you expect a specific type of attack to occur.
ARO
__________ information is a form of collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group.
Aggregate
According to NIST SP 800-14's security principles, security should ________.
All of the above
Effective planning for information security involves:
All of the above
Management of classified data includes its storage and _________.
All of the above
Many who enter the field of information security are technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments.
All of the above
Redundancy can be implemented at a number of points throughout the security architecture, such as in ________.
All of the above
The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________.
All of the above
The Lewin change model includes __________.
All of the above
The information security function can be placed within the __________.
All of the above
The restrictions most commonly implemented in packet-filtering firewalls are based on __________.
All of the above
To use a packet sniffer legally, the administrator must __________.
All of the above
__________ are a component of the "security triple."
All of the above
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages?
All of these are BIA stages
The __________ is a respected professional society that was established in 1947 as "the world's first educational and scientific computing society."
Association of Computing Machinery
____________________ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.
Authenticity
There are 12 general categories of threat to an organization's people, information, and systems. List at least six of the general categories of threat and identify at least one example of those listed.
Compromises to intellectual property Software attacks Deviations in quality of service Espionage or trespass Forces of nature Human error or failure Information extortion Sabotage or vandalism Theft Technical hardware failures or errors Technical software failures or errors Technological obsolescence
__________ are the fixed moral attitudes or customs of a particular group.
Cultural mores
The __________ is an intermediate area between a trusted network and an untrusted network.
DMZ
__________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.
DR
_________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.
Damage assessment
__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.
Defense in depth
In digital forensics, all investigations follow the same basic methodology once permission for search and seizure has been obtained. Which of the following is NOT one of the elements of that process?
Determine whether to "apprehend and prosecute."
The __________ is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.
Digital Millennium Copyright Act
When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?
The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.
A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. _________________________
True
With the removal of copyright protection mechanisms, software can easily be distributed and installed.
Ture
The __________ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.
USA PATRIOT
Risk _________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.
appetite
The application layer proxy firewall is also known as a(n) __________.
application firewall
Configuring firewall policies is viewed as much as a(n) __________ as it is a(n) __________.
art, science
A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.
bugtraq
The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.
bull's-eye
Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is __________.
education
A ____ site provides only rudimentary services and facilities.
cold
Known as the ping service, ICMP is a(n) __________ and should be ___________.
common method for hacker reconnaissance, turned off to prevent snooping
A(n) ____________________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.
community of interest
The history of information security begins with the concept of ____________________ security.
computer
Which of the following is NOT a described IDPS control strategy?
decentralized
The _________ control strategy attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.
defense
The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.
demilitarized
Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.
destructive
One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment.
difference analysis
Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date.
direct changeover
The concept of competitive _________ refers to falling behind the competition.
disadvantage
An X.509 v3 certificate binds a ___________, which uniquely identifies a certificate entity, to a user's public key.
distinguished name
Security __________ are the areas of trust within which users can freely communicate.
domains
Some people search trash and recycling bins—a practice known as _________—to retrieve information that could embarrass a company or compromise information security.
dumpster diving
A __________ filtering firewall can react to an emergent event and update or create rules to deal with the event.
dynamic
The senior technology officer is typically the chief ____________________ officer.
information
The model commonly used by large organizations places the information security department within the __________ department.
information technology
Information has ____________________ when it is whole, complete, and uncorrupted.
ingtegrity
Network behavior analysis system __________ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
inline
Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.
intelligence
The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.
international laws
The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.
intranet
During the ____________________ phase of the systems life cycle, the process begins by examining the event or plan that initiated the process. During this phase, the objectives, constraints, and scope of the project are specified.
investigation
A __________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.
key
__________ access control is a form of __________ access control in which users are assigned a matrix of authorizations for particular areas of access.
lattice-based, nondiscretionary
The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the __________.
loss frequency