#1 - #5 Combo - CIS 525 - CyberSecurity - McMurtrey - Study for Final Exam
_____________ are the main source of distributed denial of service (DDoS) attacks and spam.
botnets
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
brute-force attack
A ___________ gives priorities to the functions an organization needs to keep going.
business continuity plan (BCP)
A ___________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.
business impact analysis (BIA)
What do the letters of the C - I - A triad stand for?
confidential , integrety, availabilty
What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system?
denial of service
What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity
digital signature
--- is rapidly becoming an increasingly important aspect of enterprisecomputing
disaster recovery
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ...
emergency operations group
One of the OSI Reference Model layers,the Transport Layer, is responsible for maintaining communication sessions between computers.
false
SOX doesn't apply to publicly traded companies
false
Security controls do not need to be implemented to secure VoIP and SIP on LANs andWANs.
false
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.
false
The goal of risk amangement is to eliminate risk.
false
What is security testing that is based on limited knowledge of an application's design?
gray-box testing
The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
hardend configuration
A protocol analyzer or ____________ is a software program that enablesa computer to monitor and capture network traffic.
packet sniffer
a ---- is an authentication credential that is generally longer and more complex than a password
passphrase
its essential to match your organizations required ... with its security structure
permission level
An attack that seeks to obtain personal or private financial information through domain spoofing
pharming
What name is given to random characters that you can combine with an actual input key to create the encryption key?
salt key
________ is the difference between the security controls you have in place and the controls you'd to have in place in order to address all vulnerabilities.
security gap
The --- is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems
security kernel
What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?
stealth virus
What term is used to describe communication that doesn't happen in real time but rather consists of messages that are stored on a server and downloaded to endpoint devices?
store-and-forward communications
What name is given to an encryption cipher that rearranges characters or bits of data?
transposition cipher
Initiating changes to avoid expected problems is the definition of proactive change managment
true
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.
true
The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.
true
The term detective control refers to a control that determines that a threat has landed in your system.
true
The term remediation refers to fixing something before it is broken, defective, of vulnerable.
true
The term risk management describes the process of identifying, assessing, prioritizing and addressing risks
true
The traceroute command displays the path that a particular packet follows so you can identify the source of potential network problems.
true
Under CIPA, a technology protection measure is any technology that can block or filter the objectionable content.
true
Unlike viruses, worms do not require a host program in order to survive and replicate.
true
Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.
true
spoofing means a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
true
As users upgrade LANs to GigE or 10GigE, switches must support ________and data IP traffic.
voice
A --- is a weakness that allows a threat to be realized
vulnerability
A threate source can be a situation or a method that might accidentally trigger a
vulnerability
Security testing that is based on knowledge of the application's design and source code.
white box testing
A security awareness program includes
...
A(n) ________ is an intent and method to exploit a vulnerability. A. impact B. incident C. threat source D. safeguard
...
What is the difference between a BCP and a DRP?
...
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
...
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium? A. Data Link Layer B. Transport Layer C. Session Layer D. Physical Layer
...
Which of the following is not a type of authentication?
...
A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost. A. risk B. control C. event D. response
A
The ___________ framework defines the scope and contents of three levels of audit reports. A. Service Organization Control (SOC) B. permission-level C. real-time monitoring D. zone transfer
A
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________. A. emergency operations group B. security event team C. guideline control D. security administration
A
___________ refers to the amount of harm a threat can cause by exploiting a vulnerability. A. Impact B. Threat C. Risk D. Incident
A
What is meant by risk register?
A list of identified risks that results from the risk-identification process
What is meant by risk register?
A list of identified risks that results from the risk-identification process.
Which of the following is the definition of network address translation ?
A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
Which of the following is the definition of guideline?
A recommendation to purchase or how to used a product or system
________ is a document produced by the IETF thatcontains standards as well as other specifications or descriptive contents.
A request for comments (RFC)
What is necessary because of potential liability, negligence, mandatory regulatory complicance?
Audits
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today. A. configuration B. controls C. monitoring D. settings
B
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules? A. baseline B. waterfall model C. agile development D. sprint
C
What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens private data and have proper security controls in place?
Federal Information Security Management Act
____ is type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
Hijacking
Social Security numbers, financial account numbers, credit card numbers, and date of birthare examples of __________ as stipulated under GLBA.
NPI
________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.
Need-to-know
In a ________, the attacker sends a large number of packets requesting connections to the victim computer
SYN flood
In a ________, the attacker sends a large number of packets requesting connections to the victim computer.
SYNflood
The regulating agency for the Sarbanes-Oxley Act is the ________.
Securities and Exchange Commission
---- is the process of dividing up tasks into a series of unique activities
Separation of duties
Most certifications require certification holders to pursue additional education each year to keep their certifications current.
True
The weakest link in the security of an IT infrastructure is the user
True
The regulating agency for the Family Educational Rights and Privacy Act is the ________.
U.S. department of eduacation
Which of the following describes the Family Educational Rights and Private ACT?
a law that protects the private data of students
Biometrics is another --- method for identifying subjects
access control
A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.
administrative control
The formal process of monitoring and controlling risk focuses on --- new risks.
analyzing
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
anomaly-based IDS?
How your organization responds to risk reflects the value it puts on its ___________.
assests
The first step in risk analysis is to determine what and where the organizations --- are located
assets
The primary differnece between SOC 2 and SOC 3 reports is thier...
audience
Which of the following is the definition of continuing professional education (CPE)?
A standard unit of credit that equals 50 minutes of instruction.
The regulating agency for the Gramm Leach Bliley act is the
FTC
In a --- , the cryptanalyst possesses certain pieces of information before and after encryption
Known plaintext attack
This represents the fourth layer of defense for a typical IT infrastructure
LAN - to - WAN Domain
A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.
Layer 3 switch
the likelyhood that something bad happens to an asset is
Risk
A process that creates the first secure communications session between a client and a server is the definition of ________.
SSL handshake
A ________ enables the virus to take control and execute before the computer can load most protective measures.
System infector
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
baseline
The total number of errors divided by the total number of bits transmitted is the definition of
bit error rate
A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.
black-hat hacker
_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.
blowfish
The software in a phone system that performs the call switching from an inboundtrunk to a phone extension
call control
The technical evaluation of a system to provide assurance that you have implemented the system correctly
certification
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?
certifier
The output of a one-way algorithm; a mathematically derived numerical representation of some input.
check-sum
What name is given to a software-based application like WebEx that supports audio conferencing and sharing of documents (text, spreadsheets, presentations, etc.) for real-time discussions with team members or colleagues?
collaboration
Information security activities directly support several common businessdrivers, including ________ and efforts to protect intellectual property.
compliance
A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.
disaster recovery plan (DRP)
What name is given to patient health information that is computerbased?
electronic protected health information
For all the technical solutions you can devise to secure your systems, the --- remains your greatest challenge.
human element
_______ means only authorized users can change information and deals with the validity and accuracy of data.
integrety
Connecting your computers or devices to the ---- immediately exposes them to attack
internet
_______________ enables you to prevent a party from denying a previous statement or action.
non-repudiation
If knowing about an audit changes user behavior, an audit will
not be accurate
A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.
operating system (OS)
a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?
operating system fingerprinting
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.
packet-filtering firewall
A --- is a tool used to scan IP host devices for open ports that have been enabled
port scanner
If VoIP traffic needs to traverse through a WAN with congestion, you need
quality of service (QOS)
The goal of --- is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high impact risks and develop plans based on risks
quantitative risk analysis
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
standard
What term is used to describe a device used as a log on authenticator for remote users of a network?
synchronous token
A control that is carried out or managed by a computer system is the definition of ________.
technical control
A method of restricting resource access to specific periods of time is called ---
temporal isolation
A --- is any action that could damage an asset that can be natural and or human iduced
threat
A --- is an intent and method to exploit a vulnerability
threat source
Today, people working in cyberspace must deal with new and constantlyevolving ________.
threats
Network devices can implement ___________ to better support VoIP and SIP IP packets and reduce dropped calls and delays.
traffic prioritization
One of the OSI Reference Model layers, the Network Layer, is responsible for the logical implementation of the network.
true
One of the most important parts of a FISMA information security program is that agencies test and evaluate it.
true
Residual risk is the risk that remains after you have installed countermeasures and controls.
true
Singe loss expectancy(SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE = Resource Value x EF
true
Symmetric key cryptography is a type of cryptography that cannot secure correspondence until after the two parties exchange keys.
true
Telephony denial of service (TDoS) is a variation of a denial of service (DoS) attack, but is launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.
true
The ANSI produces standards that affect nearly all aspects of IT.
true
In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.
Chosen-plaintext attack
Which of the following adequately defines continuous authentication?
An authentication method in which a user is authenticated at multiple times or event intervals.
Which of the following is the definition of Vigenerecipher?
An encryption cipher that uses multiple encrytpion cschemes in succession.
How your organization responds to risk reflects the value it puts on its ___________. A. environment B. assets C. technology D. vulnerability
B
What is meant by certification? A. The formal acceptance by the authorizing official of the risk of implementing the system. B. A strategy to minimize risk by rotating employees between various systems or duties. C. The technical evaluation of a system to provide assurance that you have implemented the system correctly. D. A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies.
C
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?
Physical Layer
________ provides information on what is happening as it happens.
Real-time monitoring
A compliance liaison works with each department to ensure that it understands, implements, and monitors compliance in accordance with the organization's policies.
True
What term is used to describe streamlining processes with automation or simplified steps?
business process engineering
internet control message protocol is a method of IP address assignment that uses an alternate, public IP address to hide a systems real IP address
fasle
A protocol analyzer or --- is a software program that enables a computer to monitor and capture network traffic
packet sniffer
________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.
risk mitigation
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security --- and awareness program
training
Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information. A. Ownership B. Timestamping C. Revocation D. Message authentication
...
The number of possible keys to a cipher is a ___________. A. checksum B. cryptosystem C. keyspace D. key directory
...
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely? A. hash B. key distribution C. asymmetric key cryptography D. symmetric key cryptography
...
____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
Recovery time objective (RTO)
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
Clean desk/clear screen policy
Which of the following best describes quantitative risk analysis?
A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.
A threat source can be a situation or method that might accidentally trigger a(n) ____________. A. event B. incident C. vulnerability D. control
C
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. A. controls B. management C. standards D. plan
C
Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. A. security B. privacy C. nonrepudiation D. reliability
C
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________. A. critical business function B. disaster plan C. business continuity plan D. risk management plan
C
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. A. applications B. mitigation activities C. configurations D. recommendations
C
The process of managing the baseline settings of a system device is called ________. A. guideline B. baseline C. configuration control D. sprint
C
The ________ is aU.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
American National Standards Institute
Which of the following describes an asynchronous token?
An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.
Which OSI Reference Model layer includes all programs on a computer that interact with the network?
Application Layer
---- is an authorization method in which access to resources is decided by the user's formal status.
Authority - level policy
A(n) ________ is a measurable occurrence that has an impact on the business. A. corrective control B. event C. cost D. critical business function
B
An attacker or event that might exploit a vulnerability is a(n) ____________. A. incident B. threat source C. cost D. Hacker
B
It's essential to match your organization's required __________ with its security structure. A. monitoring B. permission level C. operating system D. recommendations
B
Which of the following is the definition of anomaly-based IDS? A. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. B. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. C. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. D. Using tools to determine the layout and services running on an organization's systems and networks.
B
Ininformation technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.
true
Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.
true
The tunnel can be created between a remote workstation using the public internet and VPN router and a --- web site
(SSL - VPN)
Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
...
Which OSI Reference Model layer includes all programs on a computer that interact with the network? A. Presentation Layer B. Session Layer C. Network Layer D. Application Layer
...
Which OSI Reference Model layer is responsible for the coding of data? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
...
Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address. A. Data Link Layer B. Presentation Layer C. Transport Layer D. Session Layer
...
Which of the following is the definition of hub? A. A device that connects two or more networks and selectively interchanges packets of data between them. B. A network device that connects network segments, echoing all received traffic to all other ports. C. A firewall device that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet. D. A suite of protocols designed to connect sites securely using IP networks.
...
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________. A. decryption B. breaking codes C. brute-force attack D. cryptanalysis
...
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job. A. Internet Protocol Security (IPSec) B. Dynamic Host Configuration Protocol (DHCP) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Control Message Protocol (ICMP)
...
________ is a one-way calculation of information that yields a result usually much smaller than the original message. A. Caesar cipher B. Checksum C. Hash D. Symmetric key
...
________ is a suite of protocols designed to connect sites securely using IP networks. A. Dynamic Host Configuration Protocol (DHCP) B. Network access control (NAC) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Protocol Security (IPSec)
...
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies. A. Real-time monitoring B. Gray-box testing C. SAS 70 D. White-box testing
...
_______________ enables you to prevent a party from denying a previous statement or action. A. Authentication B. Integrity C. Nonrepudiation D. Confidentiality
...
What is the project Management Body of Knowledge ?
A collection of the knowledge and best practices of the project management profession
What is the Project Management Body of Knowledge (PMBOK)?
A collection of the knowledge and best practices of the project management profession.
What is meant by authorizing official (AO)? A. An individual to enact changes in response to reported problems. B. The process of managing changes to computer/device configuration or application software. C. A senior manager who reviews a certification report and makes the decision to approve the system for implementation. D. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
C
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products? A. configuration control B. functional policy C. baseline D. authorizing official (AO)
C
Which of the following is the definition of guideline? A. A method of developing software that is based on small project iterations, or sprints, instead of long project schedules. B. Recorded information from system events that describes security-related activity. C. A recommendation to purchase or how to use a product or system. D. A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
C
________ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization. A. Penetration testing B. Real-time monitoring C. An audit D. Vulnerability testing
C
________ is the process of managing changes to computer/device configuration or application software. A. Sprint B. Procedure control C. Change control D. Proactive change management
C
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation. A. Procedure management B. Emergency operations policy C. Clean desk/clear screen policy D. Security administration policy
C
What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?
Data encryption standard
Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.
DataLink Layer
Which regulating agency has oversight for the Children's Internet Protection ACt?
FCC
Most educational institutions offer accelerated programs to complete PhD degree requirements in less than one year.
False
Students who have had their FERPA rights violated are allowed to sue a school for that violation.
False
The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.
Internation Telecommunication Union
The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
International Electrotechnical Commission
A standards organization that develops and promotes Internet standards.
Internet Engineering Task Force
________ is asuite of protocols designed to connect sites securely using IP networks.
Internet Protocol Security (IPSec)
A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."
NIST
A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. A. threat B. impact C. risk D. vulnerability
D
Audits are necessary because of ________. A. potential liability B. negligence C. mandatory regulatory compliance D. all of the above
D
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system? A. remediation B. certifier C. compliance liaison D. system owners
D
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.
DHCP
What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?
polymorphic virus
What term is used to describe a strategy that uses a device to provide electrical power for IP phones from the RJ-45 8-pin jacks directly to the workstation outlet?
power over Ethernet (Poe)
____________ is a person's right to control the use and disclosure of his or her own personal information.
privacy
Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.
probability
What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?
procedure
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
profesisonal development
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
promiscuous mode
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
risk
Anorganization knows that arisk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.
risk acceptance
________ is arisk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls.
risk assessment
________ allows anorganization to transfer risk to another entity. Insurance is a common way to reduce risk.
risk assignment
A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.
risk avoidance
What name is given to an access control method that bases access control approvals on the jobs the user is assigned?
role-based access control
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compormised
rootkit
An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________.
secure shell (SSH)
The world needs people who understand computer-systems ________ and who can protect computers and networksfrom criminals and terrorists.
security
The--- team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event.
security administration
What name is given to an encryption cipher that uniquely maps any letter to any other letter?
simple substitution cipher
What is the technique of matching network traffic with rules or signatures based on the apprearance of the traffic and its relationship to other packets?
stateful matching
Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.
trojan
A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.
true
A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor.
true
A way to protect your organization from personnel - related security violations is to use job rotation.
true
An auditing bechmark is the standard by which asystem is compared to determine whether it is securely configured
true
An information security safeguard is also called in informaiton security control
true
An organization must comply with rules on two levels. regulatory compliance and organizational compliance.
true
An organization seeks a balance between an acceptable level of a risk and the cost of reducing it.
true
AnSOC 1 report is commonly implemented for organizations that must complywith Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
true
Anomaly detection involves developing a network baseline profile of normal or acceptable activity, such as services or traffic patterns, and then measuring actual network traffic againstthis baseline.
true
Border firewalls simply seperate the protected network from the internet
true
Certifications that require additional education generally specity the number of credits each certificate requires
true
Defense in depth combines the capabilities of people, operations, and security technologies to establish multiple layers of protection, eliminating single lines of defense and effectively raising the cost of an attack.
true
ISO 17799 is an international security standard.
true
Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.
true
The Family Educational Rights and Privacy Act (FERPA) is the main federal law protecting the privacy of student information.
true
The Internet Architecture Board (IAB) is a subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet.
true
The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the NIST guidelines.
true
The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards.
true
The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.
true
The current term for online study is distance learning
true
The following are al methods of collecting data: questionnaires, interviews, observation, and checklists.
true
The primary characteristic of a virus is that it replicates and generally involves user action of some type
true
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.
worm
This appliance examines IP data streams for common attack and malicious intent patterns
(IDS)
A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
ANSI
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. A. Backup B. Incident C. Risk D. Preventive control
C
______ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
Brute-force password atack
Gives priorities to the functions an organization needs to keep going
Businees Continuity Plan
____________ is the practice of hiding data and keeping it away from unauthorized users.
Cryptography
Software vendors must protect themselves from liabilities of their own vulnerabilities with a
End-User License Agreement (
_______ is the proportion of value of a particular asset likely to be destroyed by a given risk,expressed as a percentage.
Exposure factor (EF)
What is meant by annual rate of occurrence (ARO)?
The annual probability that a stated threat will be realized.
What is ment by application convergence?
The integration of applications to enhance productivity
What is meant by application convergence?
The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integratesrecorded voice messages into e-mail so that voice messages are retrievable via e-mail.
The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.
W3C
A type of virus that infects other files and spreads in multiple ways.
What is meant by multiparite virus
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
Which of the following is the definition of access control?
What term is used to describe the current encryption standard for wireless networks?
Wi- Fi protected access
A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.
a botnet
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
continueing education
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.
continuing education
The process of issuing keys to valid users of a cryptosystem so they can communicate.
key distribution
The number of possible keys to a cipher is a
keyspace
Whether software or hardwarebased, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.
keystroke logger
A program that executes a malicious function of some kind when it detects certain conditions.
logic bomb
A mechanism that limits access to computer systems and network resources is ________,
logical access control
Loss of financial assets due to ________ is a worst-case scenario for all organizations.
malicious attacks
What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?
man-in-the-middle attack
The ________ is aregulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.
minimum necessary rule
Medical practices and hospitals realized early on that ________ provide(s) the ability toprovide access to the necessary information without having to invest in many computersand network infrastructure
mobile devices
When you accept a --- you take no further steps to resolve
negative risk
A network utility program that reads from and writes to network connections.
netcat
A method to restrict access to a network based on identity or other rules is the definition of ________.
network access control
What is the process of using tools to determine the layout and services running on an organization's systems and networks?
network mapping
Enacting changes in response to reported problems is called
reactive change managment
What name is given to any risk that exists but has a defined response?
residual risk
________ attack countermeasures such as antivirus signature files or integrity databases.
retro virus
A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.
risk
The FTC Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. It also must describe the controls used to protect that data.
true
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
NSA
____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
Recover time objective
What is ment by constrained user interface?
Software that allows users to enter only specific information.
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
SYN Flood attack
Which of the following is the definition of system owner?
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
Which of the following is an accurate description of cloud computing?
The practice of using computing services that are delivered over a network.
Which of the following is the definition of access control?
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
When an information security breach occurs in your organization, a --- helps determine what happened to the system and when.
Security event log
What is meant by call control?
The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.
Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information.
Timestamping
A communication protocol that is connectionless and is popular for exchanging small amounts of data or messages is called ---
User Datagram Protocol (UDP)
The --- framework defines the scope and content of threelevels of audit reports.
Service Organizaiton Control (SOC)
________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.
Session Initiation Protocal (SIP)
--- is the basis for unified communication and is the protocol used by real-time applications such as IM chat, conferencing and collaboration
Session Initiation Protocol (SIP)
Voice an unified communications are --- applications that use 64 byte IP packets
Session Initiation Protocol (SIP)
Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?
Session Layer
one of the most popular types of attacks on computer systems involves--- . These attack deceive or use people to get around security controls.
Social engineering
________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
accredited
What name is given to a method of developing software that is based on small project iteration, or sprints, instead of long project schedules?
agile development
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
agile development
A common DSL service is ________,where the bandwidth is different for downstream and upstream traffic.
asymmetric digital subscriber line (ADSL)
An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.
asynchronous token?
What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video , or data communications?
asynchronous transfer mode (ATM)
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.
availability
When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.
backdoor
The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.
bit error rate
The total number of errors divided by the total number of bits transmitted is the definition of __________.
bit error rate
A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.
black- hat -hacker
A method of security testing that isn't based directly on knowledge of a programs architecture is the definition of ...
black-box testing
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
buisness continuity plan
What term is used to describe guarding information from everyone except those who have rights to it?
confidentiality
The Bell-La Padula access control model focuses primarily on ---
confidentiality of data and control of access to classified information
Information regulated under the GRamm Leach Bliey Act is
consumer financial information
What name is given to educational institueitons that meet specifif federal information assurance educational guidelines
continuing education centers
As your organization evolves and as threats mature, it is important to make sure your ... stil meets the risks you face today
controls
Information regulated under the sarbanes oxley act is
corporate financial information
Forensics and incident response are examples of ___________ controls.
corrective
A measure installed to counter or address a specific threat is the definition of ________.
countermeasure
A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.
cracker
The goal and objective of a --- is to provide a consistent definition for how an organization should handle and secure different types of data
data classification standard
The recover point objective (RPO) identifies the amount of ---- that is acceptable
data loss
A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.
decentralized access control
What name is given to an exterior network that acts as a buffer zone between the public internet and the organizations IT?
demilitarized zone
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________.
emergency operations group
A professional certification states that you have taken the course and completed the tasks and assignments.
false
Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.
false
GLBA distinguishes between customers and consumers for its notice requirements. A customer is any person who gets a consumer financial product or service from a financial institution.
false
In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.
false
In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration.
false
The most difficult and slowest option for IT security training is studying materials yourself.
false
The standard bachelor's designation is a four-year diploma program.
false
The term certificate authority refers to a trusted repository of all public keys.
false
Wiretapping is an application incorporating known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.
false
Incorrectly identifying abnormal activity as normal
false negative
A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).
file infector
A _____________ contains rules that define the types of traffic that can come and go through a network.
firewall
A program or dedicated hardware device that inspects network traffic passing though it
firewall
A stateful inspection firewall compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall.
flase
What term is used to describe a packet- based WAN service capable of supporting one-to-many and many-to-many WAN connections?
frame relay
Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data.
hot site
A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.
password cracker
A ___________ is a software program that performs one of two functions: brute-forcepassword attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.
password cracker
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
pattern-based IDS
A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
phishing attack
A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A. A. Caesar cipher B. Vigenère cipher C. transposition cipher D. product cipher
...
A risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them.
...
This defines how a business gets back on its feet after a major disaster like a hurricane
Disaster Recovery Pla (DRP)
A___________ primarily addresses the processes, resources, equipment,and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.
...
E-commerce changed how businesses sell, and the --- change how they market
...
Malicious software can be hidden in a
...
Network ________ is gathering information about a network for use in a future attack. A. reconnaissance B. eavesdropping C. denial of service D. surveying
...
One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle. A. audit B. security C. benchmark D. monitoring
...
The most scrutinized cipher in history is the ________. A. Data Encryption Standard (DES) B. keyword mixed alphabet cipher C. transposition cipher D. Vigenère cipher
...
The requirement to keep information private or secret is the definition of
...
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?
Certificate of completion
Which OSI Reference Model layer is responsible for the coding of data?
Presentation layer
Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.
ISO
Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.
Personally identifiable information
An organization's facilities manager is often responsible for ---
Physical Access Control
What name is given to a protocol to implement a VPN connection between two computers?
Point to Point tunneling protocol
A ________ is oneof the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
Vigenere cipher
Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.
integrety