#4 CIS 525 - CyberSecurity - McMurtrey - Study for Final Exam

procrastination

"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned."This is a disadvantage to choosing the self-study option that can be labeled ________.

Systems Security Certified Practitioner

(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security.

Certified Secure Software Lifecycle Professional

(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.

system infector

A ________ enables the virus to take control and execute before the computer can load most protective measures.

file infector

A ________ is a type of virus that primarily infects executable programs.

firewall

A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.

logic bomb

A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.

phishing attack

A ____________ tricks users into providing log-on information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

packet-filtering firewall

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________.

two

A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree.

attacks against productivity and performance

Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like,consuming computing resources and reducing user productivity. These are known as ________.

7 billion

As of 2013, Cisco estimated that there were more than________ devices connected to the Internet.

entry-level information security certification of choice for IT professionals

Comp TIA's Security+ certification provides ________.

True

Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance.

smurf attack

In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.

True

Information technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.

availability

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

reconnaissance

Network ________ is gathering information about a network for use in a future attack.

NSA

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.

True

The ANSI produces standards that affect nearly all aspects of IT.

True

The Gauss is a measurement of a magnetic field.

True

The Info tech Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure.

American National Standards Institute (ANSI)

The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

World Wide Web Consortium (W3C)

The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.

IAB

The ________ provides oversight for architecture for Internet protocols and procedures, processes used to create standards, editorial and publication procedures for RFCs, and confirmation of IETF chair and technical area directors. It also provides much of the high-level management and validation of the processes of conducting IETF business.

CISSP-ISSMP®

The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.

CISSP-ISSEP®

The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.

Hollings Manufacturing Extension Partnership

The ____________ is a network of centers around the United States that offers technical and business assistance to small- and medium-sized manufacturers.

Certified Authorization Professional

The best fits for (ISC)2's_____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.

True

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.

professional development

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.

True

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.

True

The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.

four-year

The standard bachelor's degree is a __________ program.

ANSI

Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.

Point-to-Point Tunneling Protocol (PPTP)

What name is given to a protocol to implement a VPN connection between two computers?

National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)

What name is given to educational institutions that meet specific federal information assurance educational guidelines?

Network address translation (NAT)

What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address?

Wi-Fi Protected Access (WPA)

What term is used to describe the current encryption standard for wireless networks?

True

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

Architect

Which is Cisco's highest level of certification?

A standard unit of credit that equals 50 minutes of instruction.

Which of the following is the definition of continuing professional education (CPE)?

A network device that connects network segments, echoing all received traffic to all other ports.

Which of the following is the definition of hub?

no standard time frame

With university doctoral programs, completing the degree requirements takes ________.

file infector

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).

firewall

A _____________ contains rules that define the types of traffic that can come and go through a network.

network access control (NAC)

A method to restrict access to a network based on identity or other rules is the definition of ________.

SYN flood attack

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.

False

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.