CIST 1601 Chapter 1

Which of the following is a valid type of role when it comes to data ownership? a. Data owners b. Data custodians c. Data users d. All of the above

All of the above

An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as __________. a. SDLC b. JAD/RAD c. DevOps d. SecOps

DevOps

E-mail spoofing involves sending an e-mail message with a harmful attachment. True False

False

The physical design is the blueprint for the desired solution. True False

False

Using a methodology will usually have no effect on the probability of success. True False

False

__________ has become a widely accepted evaluation standard for training and education related to the security of information systems. a. ISO 17788 b. NSTISSI No. 4011 c. IEEE 802.11(g) d. NIST SP 800-12

NSTISSI No. 4011

A breach of possession may not always result in a breach of confidentiality. True False

True

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. True False

True

A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________. a. risk b. access c. exploits d. assets

access

A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection. a. direct b. indirect c. software d. hardware

direct

A technique used to compromise a system is known as a(n) ___________. a. risk b. access method c. exploit d. asset

exploit

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________. a. ​information security b. ​network security c. ​physical security d. ​communications security

information security

The __________ design phase of an SDLC methodology is implementation independent, meaning that it contains no reference to specific technologies, vendors, or products. a. integral b. conceptual c. physical d. logical

logical

During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases. a. investigation b. physical design c. analysis d. implementation

physical design

The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security. a. bugs b. vulnerabilities c. malware d. maintenance hooks

vulnerabilities