Intro to Cybersecurity Midterm Study guide: Part 1
1. Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse. a. True b. False
False
6. The EISP component of _____ provides information on the importance of information security in the organization and the legal and ethical obligation to protect critical information about customers, employees, and markets. a. Need for Information Security b. Statement of Purpose c. Information Security Elements d. Information Security Responsibilities and Roles
a. Need for Information Security
4. Some policies may also need a sunset clause indicating their expiration date. a. True b. False
a. True
8. A server would experience a(n) _____ attack when a hacker compromises it to acquire information via a remote location using a network connection. a. direct b. software c. indirect d. hardware
a. direct
8. The average amount of time until the next hardware failure is known as _____. a. mean time to failure (MTTF) b. mean time between failure (MTBF) c. mean time to repair (MTTR) d. mean time to diagnose (MTTD)
a. mean time to failure (MTTF)
9. A computer is the _____ of an attack when it is used to conduct an attack against another computer. a. subject b. object c. target d. facilitator
a. subject
1. Good security programs begin and end with policy. a. True b. False
a. true
2. Technical mechanisms like digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media have been used to deter or prevent the theft of software intellectual property. a. True b. False
a. true
1. The primary mission of information security is to ensure that systems and their content retain their confidentiality. a. True b. False
b. False
2. The security framework is a more detailed version of the security blueprint. a. True b. False
b. False
3. The operational plan documents the organization's intended long-term direction and efforts for the next several years. a. True b. False
b. False
3. With the removal of copyright protection mechanisms, software can be easily and legally distributed and installed. a. True b. False
b. False
4. An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms. a. True b. False
b. False
9. The _____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. a. HTTP b. TCP c. WWW d. FTP
b. TCP
10. SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security _____. a. plan b. blueprint c. policy d. standard
b. blueprint
5. A short-term interruption in electrical power availability is known as a _____. a. blackout b. fault c. lag d. brownout
b. fault
5. The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as _____. a. network security b. information security c. physical security d. communications security
b. information security
7. Individuals who control and are responsible for the security and use of a particular set of information are known as data _____. a. custodians b. owners c. users d. trustees
b. owners
9. The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the _____ side of the organization. a. technology b. people c. operational d. Internet
b. people
6. A table of hash values and their corresponding plaintext values used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n) _____. a. crib b. rainbow table c. dictionary d. crack file
b. rainbow table
10. _____ is any technology that aids in gathering information about a person or organization without their knowledge. a. A worm b. A Trojan c. Spyware d. A bot
c. Spyware
5. Which of these is NOT a unique function of information security management? a. planning b. programs c. hardware d. policy
c. hardware
6. The protection of tangible items, objects, or areas from unauthorized access and misuse is known as _____. a. communications security b. information security c. physical security d. network security
c. physical security
8. Redundancy can be implemented at a number of points throughout the security architecture, such as in _____. a. firewalls b. proxy servers c. access controls d. All of the above
d. All of the above
10. The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called _____. a. Information Security Management and Professionals b. Organizational Management and Professionals c. Executive Management d. Information Technology Management and Professionals
d. Information Technology Management and Professionals
7. _____ often function as standards or procedures to be used when configuring or maintaining systems. a. ESSPs b. ISSPs c. EISPs d. SysSPs
d. SysSPs
7. Human error or failure often can be prevented with training, ongoing awareness activities, and _____. a. threats b. paperwork c. hugs d. controls
d. controls
3. The bottom-up approach to information security has a higher probability of success than the top-down approach. a. True b. False
false
2. A breach of possession may not always result in a breach of confidentiality. a. True b. False
true
4. A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. a. True b. False
true