****

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

43. __________ of information is the quality or state of being genuine or original

. Authenticity

47. Standards may be published, scrutinized, and ratified by a group, as in formal or _____ standards.

. de jure

45. The actions taken by management to specify the intermediate goals and objectives of the organization are _____.

. tactical planning

Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) longer than ______ characters in Internet Explorer 4.0, the browser will crash.

256

________ is a network project that preceded the Internet

ARPANET

48. The ______ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

CISO

In 1993, the first ______ conference was held in Las Vegas. Originally, it was established as a gathering for people interested in information security, including authors, lawyers, government employees, and law enforcement officials

Defcon

_____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

Managerial

The protection of tangible items, objects, or areas from unauthorized access and misuse is known as

Physical

______ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse

Physical

Which of the following functions does information security perform for an organization?

Protecting the organization's ability to function. b. Enabling the safe operation of applications implemented on the organization's IT systems. c. Protecting the data the organization collects and uses.

The goals of information security governance include all but which of the following?

Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

The ______ data file contains the hashed representation of the user's password.

SAM

41. Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____.

SLA

50. People with the primary responsibility for administering the systems that house the information used by the organization performs the role of ____.

System administrators

. The ______ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.

TCP

. Which of these best defines information security governance?

The application of the principles and practices of corporate governance to the information security function.

When ISO 17799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?

The standard was hurriedly prepared, given the tremendous impact its adoption could have on industry information security controls.

The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called ______.

a. Information Technology Management and Professionals

. The EISP component of _____ provides information on the importance of information security in the organization and the legal and ethical obligation to protect critical information about customers, employees, and markets.

a. Need for Information Security

Redundancy can be implemented at a number of points throughout the security architecture, such as in _____.

a. firewalls b. proxy servers c. access controls

38. A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ________

access

The SETA program is a control measure designed to reduce the instances of _____ security breaches by employees

accidental

49. Which of the following is a valid type of role when it comes to data ownership?

all of the above

. An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) _

asset

44. __________ has become a widely accepted evaluation standard for training and education related to the security of information systems and is hosted by CNSS

b. NSTISSI No. 4011

44. A long-term interruption (outage) in electrical power availability is known as a(n) ______.

blackout

34. __________ was the first operating system to integrate security as one of its core functions.

c. MULTICS

64. The average amount of time until the next hardware failure is known as ______.

c. mean time to failure (MTTF)

43. When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting ______.

competitive intelligence

Human error or failure often can be prevented with training, ongoing awareness activities, and ______

controls

Which of these is not one of the general categories of security policy?

csp

. ______ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.

cyberterriosm

________ often function as standards or procedures to be used when configuring or maintaining systems.

d. SysSPs

The process of maintaining the confidentiality, integrity, and availability of data managed by a DBMS is known as ______ security.

database security

. _____ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

defense in depth

57. In a ______ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.

denial of service

A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.

direct

. A ______ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time

distrubted denial of service

Security _____ are the areas of trust within which users can freely communicate

domains

The _____is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

enterprise info system

1. A technique used to compromise a system is known as a(n) _______

exploit

42. A short-term interruption in electrical power availability is known as a ____.

fault

An information security _____ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

framework

48. Nonmandatory recommendations the employee may use as a reference is known as a _____.

guidelines

. One form of online vandalism is ______ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

hacktivist

55. Which of the following is an example of a Trojan horse program?

happy99.exe

Which of these is NOT a unique function of information security management?

hardware

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value

hash

56. As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ______.

hoaxes

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to _____.

identify and prioritize opportunities for improvement within the context of a continuous and repeatable process

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as

information technology

0. In the ______ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.

man in the middle

The stated purpose of ISO/IEC 27002:2013 is to give guidelines for organizational information security standards and information security

management

63. The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures, is known as ______.

mean time between failure (MTBF)

45. Hackers can be generalized into two skill groups: expert and ______.

novice

0. A computer is the __________ of an attack when it is used to conduct an attack against another compute

object

_____ controls address personnel security, physical security, and the protection of production inputs and outputs

operational

44. The actions taken by management to specify the short-term goals and objectives of the organization are _____.

operational planning

51. Individuals who control, and are therefore ultimately responsible for, the security and use of a particular set of information are known as data _________

owners

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the _______ side of the organization

people

. The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as ______.

pharming

Which of the following was not an identified fundamental problem with ARPANET security?

phone numbers for access were closely held and distributed on a need-to-know basis

A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n) ______.

rainbow table

. _____ is a strategy of using multiple types of controls that prevent the failure of one system from compromising the security of information.

redundancy

50. Advance-Fee fraud is an example of a ______ attack.

social engineering

. An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.

software, hardware, and data

53. ____ is any technology that aids in gathering information about a person or organization without their knowledge.

spyware

. SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security _____

standard

46. A detailed statement of what must be done to comply with management intent is known as a _____.

standards

A(n) _____ plan is a plan for the organization's intended efforts over the next several years (long-term).

strategical

40. A computer is the __________ of an attack when it is used to conduct an attack against another computer.

subject

. According to NIST SP 800-14's security principles, security should ______

support the mission of the organization, require a comprehensive and integrated approach , be cost-effective

. Acts of ______ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

trespass

. ______ are malware programs that hide their true nature and reveal their designed behavior only when activated

trojan horse

52. Individuals who are assigned the task of managing a particular set of information and coordinating its protection, storage, and use are known as data ________

trustees

The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security.

vulnerabilities

. ______ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack

zombies


Set pelajaran terkait

Research Methods in Psychology chapter 2

View Set

CIS 1010 Cyber Security Exam 2021 - HB Quizlet PDF

View Set

10 (CNTRCT): Formation of Sales and Lease Contracts

View Set

ECN 212 - CH 14 competitive firms

View Set

Mastering Biology HHMI: Got Lactase?

View Set