COSC 316 Exam One
buffer overrun
A ______________ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.
man-in-the-middle
Another name for TCP hijacking is _________.
False, Department of Homeland Security
True or False: The National Security Agency (NSA) is responsible for the security of all national critical infrastructure.
waterfall model
A formal approach to solving a problem based on a structured sequence of procedures is called a _________.
integer bug
An ___________ can result when a programmer does not validate the inputs to a calculation to verify that the integers are of the expected size.
Possession
Ownership or control of information is called the characteristic of ___________.
DMCA (Digital Millennium Copyright Act)
The American contribution to an effort to improve copyright protection internationally is called the ______________.
SDLC methodology
The ____________ illustrates that each phase of the SDLC begins with the resuts and information gained from the previous phase.
Confidentiality
The characteristic of information that deals with preventing disclosure is __________.
copyright
The generally recognized term for the government protection afforded to intellectual property (written and electronic) is ____________.
FOIA (Freedom of Information Act of 1966)
The law that provides any person with the right to request access to federal agency records is the ___________.
HIPAA
The law that regulates the role of the health-care industry in protecting the privacy of individuals is the ____________.
True
True of False: The Domain Name Server (DNS) is a function of the World Wide Web that converts a URL (Uniform Resource Locator) like www.course.com into the IP address of the Web server host.
True
True or False : The cornerstone of many current federal computer-related criminal laws is the Computer Fraud and Abuse Act of 1986.
True
True or False: A computer worm consists of segments of code that perform malicious actions.
True
True or False: Cyberterrorism has thus far been largely limited to acts such as the defacement of NATO Web pages during the war in Kosovo.
False, SSL (Secure Socket Layer)
True or False: HTTP is a protocol programmers use to transfer sensitive data, such as credit card numbers and other personal information, between a client and a server.
True
True or False: If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity.
True
True or False: Information security programs that begin at a grassroots level by system administrators to improve security are often called a bottom-up approach.
False, Physical Security
True or False: Network security address the issues needed to protect items, objects, or areas.
False, NSA
True or False: The Federal Bureau of Investigation (FBI) is the federal agency responsible for signal intelligence and information system security of classified systems.
True
True or False: Warnings of attacks that are not valid are usually called hoaxes.
False, brute force attack
True or False: When a program tries to reverse-calculate passwords, this is known as a brute force spoof.
Back door
Using a known or previously installed access mechanism is called using a __________.
Criminal law
What is a type of law that addresses violations harmful to society and that is enforced by prosecution by the state?
Civil law
What is a type of law that represents all of the laws that apply to a citizen (or subject) of a jurisdiction?
Dictionary attack
When a program tries using all commonly used passwords, this is known as a _______________.
Top-down
When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow a ____________ approach.
Stage 6
Which SecSDLC phase keeps the security systems in a high state of readiness?
Communication Security
_______ addresses the protection of all communications media, technology, and content.
Script-Kiddies
_______ are hackers of limited skill who use expertly written software to attack a system.
Ethics
________ define socially acceptable behaviors.
Public law
_________ is a type of law that regulates the structure and administration of government agencies.
Network Security
__________ encompasses the protection of voice and data networking components, connections, and content.
Cyberterrorists
__________ hack systems to conduct terrorist activities via network or Internet pathways.
Civil law
__________ is a type of law that regulates the relationship between an individual and an organization.
International Information Systems Security Certification Consortium
___________ is a nonprofit organization that focuses on the development and implementation of information security certifications.
Pharming
____________ is the "redirection of legitimate Web traffic to an illegitimate site for the purpose of obtaining private information".
SQL injection
____________ occurs when developers fail to properly validate user input before using it to query a relational database.
Aggregate information
_____________ is created by combining pieces of nonprivate data—often collected during software updates, and via cookies—that when combined may violate privacy.
ACM (Association of Computing Machinery)
______________ is a respected professional society founded in 1947 as "the world's first educational and scientific computing society."
Information extortion
______________ occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it.
