#6 CIS 525 - CyberSecurity - McMurtrey - Study for Final Exam

Which of the following is the definition of network address translation ?

A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

Which OSI Reference Model layer is responsible for the coding of data?

Presentation layer

Most certifications require certification holders to pursue additional education each year to keep their certifications current.

True

A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

a botnet

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

anomaly-based IDS?

The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.

continueing education

An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.

continuing education

A program that executes a malicious function of some kind when it detects certain conditions.

logic bomb

Telephony denial of service (TDoS) is a variation of a denial of service (DoS) attack, but is launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.

true

The ANSI produces standards that affect nearly all aspects of IT.

true

What name is given to a protocol to implement a VPN connection between two computers?

Point to Point tunneling protocol

A type of virus that infects other files and spreads in multiple ways.

What is meant by multiparite virus

________ is a document produced by the IETF thatcontains standards as well as other specifications or descriptive contents.

A request for comments (RFC)

Which of the following is the definition of continuing professional education (CPE)?

A standard unit of credit that equals 50 minutes of instruction.

A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

ANSI

The ________ is aU.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

American National Standards Institute

Which of the following is the definition of Vigenerecipher?

An encryption cipher that uses multiple encrytpion cschemes in succession.

Which OSI Reference Model layer includes all programs on a computer that interact with the network?

Application Layer

The term certificate authority refers to a trusted repository of all public keys.

false

The process of issuing keys to valid users of a cryptosystem so they can communicate.

key distribution

The number of possible keys to a cipher is a

keyspace

Whether software or hardwarebased, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.

keystroke logger

The ________ is aregulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.

minimum necessary rule

What is the process of using tools to determine the layout and services running on an organization's systems and networks?

network mapping

What is necessary because of potential liability, negligence, mandatory regulatory complicance?

Audits

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.

profesisonal development

________ attack countermeasures such as antivirus signature files or integrity databases.

retro virus

What name is given to an encryption cipher that rearranges characters or bits of data?

transposition cipher

One of the OSI Reference Model layers, the Network Layer, is responsible for the logical implementation of the network.

true

One of the most important parts of a FISMA information security program is that agencies test and evaluate it.

true

The current term for online study is distance learning

true

What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?

Data encryption standard

Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.

DataLink Layer

Which regulating agency has oversight for the Children's Internet Protection ACt?

FCC

Most educational institutions offer accelerated programs to complete PhD degree requirements in less than one year.

False

Students who have had their FERPA rights violated are allowed to sue a school for that violation.

False

The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.

Internation Telecommunication Union

The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.

International Electrotechnical Commission

A standards organization that develops and promotes Internet standards.

Internet Engineering Task Force

________ is asuite of protocols designed to connect sites securely using IP networks.

Internet Protocol Security (IPSec)

In a --- , the cryptanalyst possesses certain pieces of information before and after encryption

Known plaintext attack

In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.

Chosen-plaintext attack

A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."

NIST

________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.

DHCP

What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?

polymorphic virus

____________ is a person's right to control the use and disclosure of his or her own personal information.

privacy

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.

risk

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.

risk

Anorganization knows that arisk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.

risk acceptance

________ is arisk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls.

risk assessment

________ allows anorganization to transfer risk to another entity. Insurance is a common way to reduce risk.

risk assignment

A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.

risk avoidance

________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.

risk mitigation

What name is given to random characters that you can combine with an actual input key to create the encryption key?

salt key

What name is given to an encryption cipher that uniquely maps any letter to any other letter?

simple substitution cipher

What is the technique of matching network traffic with rules or signatures based on the apprearance of the traffic and its relationship to other packets?

stateful matching

What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?

stealth virus

A control that is carried out or managed by a computer system is the definition of ________.

technical control

A --- is an intent and method to exploit a vulnerability

threat source

Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.

trojan

A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor.

true

An auditing bechmark is the standard by which asystem is compared to determine whether it is securely configured

true

An information security safeguard is also called in informaiton security control

true

An organization seeks a balance between an acceptable level of a risk and the cost of reducing it.

true

AnSOC 1 report is commonly implemented for organizations that must complywith Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

true

Anomaly detection involves developing a network baseline profile of normal or acceptable activity, such as services or traffic patterns, and then measuring actual network traffic againstthis baseline.

true

Border firewalls simply seperate the protected network from the internet

true

Certifications that require additional education generally specity the number of credits each certificate requires

true

Defense in depth combines the capabilities of people, operations, and security technologies to establish multiple layers of protection, eliminating single lines of defense and effectively raising the cost of an attack.

true

ISO 17799 is an international security standard.

true

Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.

true

Ininformation technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.

true

Residual risk is the risk that remains after you have installed countermeasures and controls.

true

Symmetric key cryptography is a type of cryptography that cannot secure correspondence until after the two parties exchange keys.

true

The FTC Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. It also must describe the controls used to protect that data.

true

The Family Educational Rights and Privacy Act (FERPA) is the main federal law protecting the privacy of student information.

true

The Internet Architecture Board (IAB) is a subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet.

true

The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the NIST guidelines.

true

The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards.

true

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.

true

The following are al methods of collecting data: questionnaires, interviews, observation, and checklists.

true

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.

true

The primary characteristic of a virus is that it replicates and generally involves user action of some type

true

The term detective control refers to a control that determines that a threat has landed in your system.

true

The traceroute command displays the path that a particular packet follows so you can identify the source of potential network problems.

true

Under CIPA, a technology protection measure is any technology that can block or filter the objectionable content.

true

Unlike viruses, worms do not require a host program in order to survive and replicate.

true

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

true

A threate source can be a situation or a method that might accidentally trigger a

vulnerability

Security testing that is based on knowledge of the application's design and source code.

white box testing

Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.

worm

Social Security numbers, financial account numbers, credit card numbers, and date of birthare examples of __________ as stipulated under GLBA.

NPI

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.

NSA

________ provides information on what is happening as it happens.

Real-time monitoring

A ________ enables the virus to take control and execute before the computer can load most protective measures.

System infector

The regulating agency for the Sarbanes-Oxley Act is the ________.

Securities and Exchange Commission

Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information.

Timestamping

The regulating agency for the Family Educational Rights and Privacy Act is the ________.

U.S. department of eduacation

The --- framework defines the scope and content of threelevels of audit reports.

Service Organizaiton Control (SOC)

Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?

Session Layer

What term is used to describe the current encryption standard for wireless networks?

Wi- Fi protected access

________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.

accredited

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.

administrative control

How your organization responds to risk reflects the value it puts on its ___________.

assests

The primary differnece between SOC 2 and SOC 3 reports is thier...

audience

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

availability

A method of security testing that isn't based directly on knowledge of a programs architecture is the definition of ...

black-box testing

_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.

blowfish

_____________ are the main source of distributed denial of service (DDoS) attacks and spam.

botnets

Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.

brute-force attack

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.

buisness continuity plan

The output of a one-way algorithm; a mathematically derived numerical representation of some input.

check-sum

What do the letters of the C - I - A triad stand for?

confidential , integrety, availabilty

Information regulated under the GRamm Leach Bliey Act is

consumer financial information

What name is given to educational institueitons that meet specifif federal information assurance educational guidelines

continuing education centers

As your organization evolves and as threats mature, it is important to make sure your ... stil meets the risks you face today

controls

Information regulated under the sarbanes oxley act is

corporate financial information

Forensics and incident response are examples of ___________ controls.

corrective

A measure installed to counter or address a specific threat is the definition of ________.

countermeasure

What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity

digital signature

What name is given to patient health information that is computerbased?

electronic protected health information

A professional certification states that you have taken the course and completed the tasks and assignments.

false

GLBA distinguishes between customers and consumers for its notice requirements. A customer is any person who gets a consumer financial product or service from a financial institution.

false

In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.

false

In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration.

false

One of the OSI Reference Model layers,the Transport Layer, is responsible for maintaining communication sessions between computers.

false

SOX doesn't apply to publicly traded companies

false

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.

false

The goal of risk amangement is to eliminate risk.

false

The most difficult and slowest option for IT security training is studying materials yourself.

false

The standard bachelor's designation is a four-year diploma program.

false

Incorrectly identifying abnormal activity as normal

false negative

internet control message protocol is a method of IP address assignment that uses an alternate, public IP address to hide a systems real IP address

fasle

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).

file infector

A _____________ contains rules that define the types of traffic that can come and go through a network.

firewall

A stateful inspection firewall compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall.

flase

What is security testing that is based on limited knowledge of an application's design?

gray-box testing

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

hardend configuration

Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data.

hot site

A method to restrict access to a network based on identity or other rules is the definition of ________.

network access control

_______________ enables you to prevent a party from denying a previous statement or action.

non-repudiation

If knowing about an audit changes user behavior, an audit will

not be accurate

a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?

operating system fingerprinting

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.

packet-filtering firewall

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

pattern-based IDS

its essential to match your organizations required ... with its security structure

permission level

A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

phishing attack

What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?

Certificate of completion

The regulating agency for the Gramm Leach Bliley act is the

FTC

Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.

ISO

Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.

Personally identifiable information

Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?

Physical Layer

A process that creates the first secure communications session between a client and a server is the definition of ________.

SSL handshake

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.

SYN Flood attack

A ________ is oneof the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.

Vigenere cipher

The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.

W3C

Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.

integrety