RQ SEC CH 01

__________ is a network project that preceded the Internet. (p. 5) NIST ARPANET FIPS DES

ARPANET

An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization. (p. 20) software hardware data All of the above

All of the above

__________ of information is the quality or state of being genuine or original. (p. 14-15) Authenticity Spoofing Confidentiality Authorization

Authenticity

E-mail spoofing involves sending an e-mail message with a harmful attachment. True False

False

Information security can be an absolute. (p. 23) True False

False

Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks. (p. 21) True False

False Data is often to most valuable asset of an organization and therefore the main target of intentional attacks.

The bottom-up approach to information security has a higher probability of success than the top-down approach. (p. 24) True False

False The bottom up approach seldom works because it lacks critical features such as participant support and organizational staying power.

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC). (p. 28) True False

False The maintenance and change phase is the longest and most expensive of the process.

The possession of information is the quality or state of having value for some purpose or end. (p. 15-16) True False

False The utility of information describes how data has value or usefulness for an end purpose.

Using a methodology will usually have no effect on the probability of success. (p. 26) True False

False Using a methodology ensures a rigorous process with a clearly defined goal and increases the probabilitiy of success.

When a computer is the subject of an attack, it is the entity being attacked. (p. 13) True False

False. The computer being attacked is the object of the attack where the computer being used to attack is the subject.

__________ was the first operating system to integrate security as one of its core functions. (p. 8) UNIX DOS MULTICS ARPANET

MULTICS

__________ has become a widely accepted evaluation standard for training and education related to the security of information systems. (p. 19) NIST SP 800-12 (p. 32) NSTISSI No. 4011 IEEE 802.11(g) ISO 17788

NSTISSI No. 4011

__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. (p. 21) Physical Personal Object Standard

Physical

A breach of possession may not always result in a breach of confidentiality. (p. 18) True False

True

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. True False

True

Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse. True False

True

The investigation phase of the SDLC involves specification of the objectives, constraints, and scope of the project. (p. 28) True False

True

The value of information comes from the characteristics it possesses. (p. 15) True False

True

To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats. (p. 23) True False

True

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value. (p. 17) result smashing hash code

hash

A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection. (p. 12-13) indirect direct software hardware

indirect

A computer is the __________ of an attack when it is used to conduct an attack against another computer. (p. 13) subject object target facilitator

subject

A methodology and formal development strategy for the design and implementation of an information system is referred to as a __________. (p. 25-26) systems design development life project systems development life cycle systems schema

systems development life cycle or SDLC

The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security. (p. 5) bugs vulnerabilities malware maintenance hooks

vulnerabilities