Intro to Computer Security Review

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years. What is the single loss expectancy for this scenario?

$10,000,000

You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?

$2,700,000

You are concerned about the risk that a hurricane poses to your corporate headquarters in South Florida. The building itself is values at $15 million. After consulting with the National Weather Service, you determine that there is a 10 percent likelihood that a hurricane will strike over the course of a year. You hired a team of architects and engineers who determined that the average hurricane would destroy approximately 50 percent of the building. What is the annualized loss expectancy (ALE).

$750,000

What is the output value of the mathematical function 18 mod 3

0

Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?

160 bits

What is the standard duration of patent protection in the United States?

20 years from the application date

How many encryption keys are required to fully implement an asymmetric algorithm with 10 participants?

20. Each participant needs two keys

How many possible keys exist in a 5-bit key space?

32. 2^n used to find

If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be?

4,096 bits

What is the ideal humidity range for a computer room?

40-60 percent

How many keys are required to fully implement a symmetric algorithm with 10 participants?

45. (n*(n-1))/2

What is the length of the cryptographic key used in the Data Encryption Standard (DES) cryptosystem?

56 bits

Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?

ALE

How is the value of a safeguard to a company calculated?

ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard

If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can _____ the data, objects, and resources

Access

Which one of the following data roles is most likely to assign permissions to grant users access to data?

Administrator

You've performed a basic quantitative risk analysis on a specific threat/vulnerability/risk relation. You select a possible countermeasure. When performing the calculations again, which of the following factors will change?

Annualized rate of occurrence

Which of the following is not a valid definition for risk?

Anything that removes a vulnerability or protects against one or more specific threats

How is single loss expectancy (SLE) calculated?

Asset value ($) * exposure factor

Toby is attempting to log in to a secure system. He provides his username at the prompt and then is asked to provide a password. What stage of the access control process is taking place at that moment?

Authentication

What is the primary purpose of Kerberos?

Authentication

Accountability requires all of the following items except one. Which item is not required for accountability?

Authorization

Which of the following is a principle of the CIA Triad that means authorized subjects are granted timely and uninterrupted access to objects?

Availability

What industry is most directly impacted by the provisions of the Gramm‐Leach‐Bliley Act?

Banking

Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?

Block cipher

What is the first step that individuals responsible for the development of a business continuity plan should perform?

Business organization analysis

Of the individuals listed, who would provide the best endorsement for a business continuity plan's statement of importance?

Chief executive officer

Which criminal law was the first to implement penalties for the creators of viruses, worms, and other types of malicious code that cause harm to computer system(s)?

Computer Fraud and Abuse Act

Which law first required operators of federal interest computer systems to undergo periodic training in computer security issues?

Computer Security Act

Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property protection. Which type of protection is best suited to his needs?

Copyright

When seeking to hire new employees, what is the first step?

Create a job description

What method can be used to map out the needs of an organization for a new facility?

Critical path analysis

You are selecting an encryption algorithm for use in exchanging sensitive information over the Internet. Which one of the following algorithms would NOT be acceptable for use

DES

While performing a risk analysis, you identify a threat of fire and a vulnerability because there are no fire extinguishers. Based on this information, which of the following is a possible risk?

Damage to equipment

Which one of the following identifies the primary a purpose of information classification processes?

Define the requirements for protecting sensitive data

How can a group reach an anonymous consensus while all members of that group are in the same room?

Delphi technique

What technique is most effective for removing data stored on an SSD device

Destruction

Which of the following is the most secure method of deleting data on a DVD

Destruction

Which of the following authentication, authorization, and accounting (AAA) protocols is based on RADIUS and supports Mobile IP and Voice over IP?

Diameter

Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?

Diffie-Hellman

When an employee is to be terminated, which of the following should be done?

Disable the employee's network access just as they are informed of the termination

What type of plan outlines the procedures to follow when a disaster interrupts the normal operations of a business?

Disaster recovery plan

What is the term for the percentage of loss an asset's value would experience in the event that a threat becomes realized

Exposure factor

What kind of attack makes the Caesar cipher virtually unusable?

Frequency analysis attack

Which of the following is NOT considered a violation of confidentiality

Hardware destruction

What is the most important goal of all security solutions?

Human safety

Which of the following is the weakest element in any security solution?

Humans

Which of the following best defines "rules of behavior" established by a data owner?

Identifying appropriate use and protection of data

Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying on?

It is a one-way function.

What is the most common and inexpensive form of physical access control device?

Key locks

Data classifications are used to focus security controls over all but which of the following?

Layering

Which of the following is typically not a culprit in causing damage to computer equipment in the event of a fire and a triggered suppression?

Light

What is the most common form of perimeter security devices or mechanisms?

Lighting

Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?

M of N Control

What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization

MTD

What are the two common data classification schemes?

Military and private sector

John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message?

Nonrepudiation

What ensures that the subject of an activity or event cannot deny that the event occurred?

Nonrepudiation

Which one of the following cannot be achieved by a secret key cryptosystem?

Nonrepudiation

What is the minimum number of cryptographic keys required for secure two-way communications in symmetric key cryptography?

One

When correctly implemented, what is the only cryptosystem known to be unbreakable?

One-time pad

Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won't spoil results throughout the communication?

Output Feedback (OFB)

What compliance obligation relates to the processing of credit card information?

PCI DSS

What is the most common cause of failure for a water-based fire suppression system?

People

Which resource should you protect first when designing continuity plan provisions and processes?

People

What will be the major resource consumed by the BCP process during the BCP phase

Personnel

Which of the following statements correctly identifies a problem with sanitization methods?

Personnel can perform sanitization steps improperly

Which of the following is the most important aspect of security?

Physical security

Which of the following is not considered an example of data hiding?

Preventing an authorize reader of an object from deleting that object

What is the primary goal of change management?

Preventing security compromises

Which of the following is not a typical type of alarm that can be triggered for physical security?

Preventive

What do the principles of notice, choice, onward transfer, and access closely apply to?

Privacy

______ refers to keeping information confidential that is personally identifiable or which might cause harm, embarrassment, or disgrace to someone if revealed

Privacy

What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances?

Privacy Act

In which business continuity planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team?

Provisions and processes

Which of the following choices is the most reliable method of destroying data on a solid state drive?

Purging

Which would an administrator do to classified media before reusing it in a less secure environment?

Purging

Which of the following does not erase data?

Remanence

What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key?

Running key cipher

What is the formula used to compute the single loss expectancy for a risk scenario

SLE = AV * EF

Which of the following storage media would not be affected by a degausser

SSD

Which one of the following would administrators use to connect to a remote server securely for administration?

Secure Shell (SSH)

Which of the following is NOT an element of the risk analysis process?

Selecting appropriate safeguards and implementing them

What security control is directly focused on preventing collusion?

Separation of duties

Which of the following is an example of a Type 2 authentication factor?

Something you have

Which task of BCP bridges the gap between the business impact assessment and the continuity planning phases?

Strategy development

If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?

Sue's public key

Your organization issues devices to employees. These devices generate one-time passwords every 60 seconds. A server hosted within the organization knows what this password is at any given time. What type of device is this?

Synchronous token

What is the broadest category of computer systems protected by the Computer Fraud and Abuse Act, as amended?

Systems used in interstate commerce

What element of data categorization management can override all other forms of access control?

Taking ownership

Which of the following contains the primary goals and objectives of security

The CIA triad

Within the context of the European Union (EU) Data Protection law, what is a data processor?

The entity that processes personal data on behalf of the data controller

Which one of the following is not a requirement that Internet service providers must satisfy in order to gain protection under the "transitory activities" clause of the Digital Millennium Copyright Act?

The service provider and the originator of the message must be located in different states.

Mary recently read about a new hacking group that is using advanced tools to break into the database servers of organizations running public websites. In risk management language, how would she describe this group of hackers

Threat

Mary is the co founder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. TO keep the formula secret, Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property protection best suits their needs

Trade secret

What type of cipher relies on changing the location of characters within a message to achieve confidentiality?

Transposition cipher

A biometric system has falsely rejected a valid user, indicating that the user is not recognized. What type of error is this?

Type 1 error

What law formalizes many licensing arrangements used by the software industry and attempts to standardize their use from state to state?

Uniform Computer Information Transactions Act

Which of the following would generally not be considered an asset in a risk analysis?

Users' personal files

What infrastructure component is often located in the same position across multiple floors in order to provide a convenient means of linking floor-based networks together?

Wiring closet


Set pelajaran terkait

15. SWG Endocrine Exam 2: Pancreas Physiology - Bi (P900/IC)

View Set

Parts of a Flower Identification

View Set

Unit 17: Policy Underwriting, Insurance, and Delivery

View Set

Engineering Final Study Guide Questions

View Set

David Zepeda Maryland Real Estate Exam

View Set

Psych 21A Ch. 5 Review Questions

View Set

Chapter 4: Plumbing Fixtures and Fixture Fittings

View Set

Schizophrenia Spectrum and Other Psychotic Disorders

View Set