InfoSec 3300 - Chapter 1

What do audit logs that track user activity on an information system provide?

Accountability

Force majeure includes

Acts of war, civil disorder, forces of nature

"4-1-9" is one form of a(n) _____ fraud

Advance fee

Force majeure DOES NOT include

Armed robbery

An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it

Attack

The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process?

Authentication

A process that defines what the user is permitted to do

Authorization

Approaches to password cracking

Brute force, dictionary attacks, social engineering attacks

NOT a step in the problem-solving process

Build support among management for the candidate solution

A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted is the _____ security model.

CNSS

According The the C.I.A. triad, what is the most desirable characteristic for privacy?

Confidenciality

A C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?

Confidentiality

A hacker who intentionally removes or bypasses software copyright protection designed to prevent unauthorized duplication or use is known as a(n)

Cracker

Attack that involves sending a large number of connection or information requests to a target

Denial-of-service (DoS)

An attack in which a coordinated stream of requests is launched against a target from many locations at the same time

Distributed denial-of-service

A technique used to compromise a system

Exploit

Which of the following is NOT among the "deadly sins of software security"?

Extortion sins

A short-term interruption in electrical power availability is known as a _____

Fault

The set of responsibilities and practices exercises by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise's resources are used responsibly

Governance

One form of online vandalism is _____, in which individuals interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

Hacktivism

The collection and analysis of information about an organization's business competitors, often through illegal or unethical means, to gain an unfair edge over them

Industrial espionage

The protection of confidentiality, integrity, and availability of data regardless of its location is known as

Information Security

C.I.A. characteristic that addresses the threat from corruption, damage, destruction, or other disruption of its authentic state

Integrity

In the _____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network

Man-in-the-middle

Communications security involves the protection of _____

Media, technology, and content

The protection of voice and data components, connections, and content is known as _____ security.

Network

The principle of management dedicated to the structuring of resources to support the accomplishment of objectives?

Organization

An information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems is known as _____

Penetration tester

Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?

People

NOT a primary function of Information Security Management

Performance

The principle of management that develops, creates, and implements strategies for the accomplishment of objectives

Planning

Primary functions of Information Security Management

Planning, protection, projects

Function of Information Security Management that seeks to dictate certain behavior within the organization through a set of organizational guidelines

Policy

Recognition that data used by an organization should only be used for the purposes stated by the information owner at the time it was collected

Privacy

The hash values for a wide variety of passwords can be stored in a database known as a(n) _____, which can be indexed and quickly searched using the hash value allowing the corresponding plaintext password to be determined.

Rainbow table

An attack that uses phishing techniques along with specialized forms of malware to encrypt the victim's data files

Ransomware

NOT an approach to password cracking

Ransomware

First step in the problem-solving process

Recognize and define the problem

Technology services are usually arranged with an agreement defining minimum service levels known as a(n) _____

SLA

"4-1-9" fraud is an example of a _____ attack.

Social engineering

The unauthorized duplication, installation, or distribution of copyrighted computer software, which is a violation of intellectual property called _____

Software piracy

Human error or failure often can be prevented with training and awareness programs, policy, and _____

Technical controls

Which of the 12 Categories of Threats best describes a situation where the adversary removes data from a victim's computer?

Theft

Any event or circumstance that has the potential to adversely affect operations and assets

Threat

Acts of _____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to access.

Trespass

Malware programs that hide their true nature, and reveal their designed behavior only when activated

Trojan horses

A potential weakness in an asset or its defensive control system(s)

Vulnerability

Which statement defines the differences between a computer virus and a computer worm?

Worms can make copies all by themselves but viruses need to attach to an existing program on the host computer to replicate