Ch.1 CNt4406

Ace your homework & exams now with Quizwiz!

the value of information comes from the characteristics it possesses. True False

True

List the four important organizational functions an information security program performs.

1. Protects the organization's ability to function 2. Enables the safe operation of applications implemented on the organization's IT systems 3. Protects the data the organization collects and uses 4. Safeguards the technology assets in use at the organization

___ means that information is free from mistakes or errors. a. Accuracy b. Integrity c. Confidentiality d. Availability

A. Accuracy

The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____. a. confidentiality, integrity, and availability b. confidentiality, information, and availability c. communication, information, and asset d. confidentiality, integrity, and asset

A. Confidentiality, integrity, and availability

An individual who hacks the public telephone network to make free calls or disrupt services is called a ____. a. phreaker b. cyberterrorist c. hactivist d. packet monkey

A. Phreaker

Information is free from mistakes or errors.

Accuracy

There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. authenticity control lists b. access control lists c. application control lists d. assessment control lists

B. Access control lists

Which resource is a physical asset? a. Information b. Computer system c. Data d. Web site

B. Computer system

A data ____ might be a specifically identified role or part of the duties of a systems administrator. a. owner b. custodian c. user d. manager

B. Custodian

End users are ____. a. often considered data custodians b. a part of the security project team c. not important to the security of an organization d. all risk assessment specialists

B. a part of the security project team

In a ____ attack, the attacker sends a large number of connection or information requests to a target in an attempt to overwhelm its capacity and make it unavailable for legitimate users. a. sniffer b. denial-of-service (DoS) c. dictionary d. man-in-the-middle

B. denial-of-service (DoS)

Component in a system that allows the attacker to access the system at will, bypassing standard login controls.

Back door

Involves operating an information system that meets the high level of availability sought by system users as well as the confidentiality and integrity needs of system owners and security professionals

Balance

Responsible for the storage, maintenance, and protection of the information.

Data custodian

Organizations must minimize ____ to match their risk appetite. a. access b. loss c. risk d. threats

C. Risk

Responsible for the security and use of a particular set of information.

Data owner

The ____________________ is primarily responsible for advising the chief executive officer, president, or company owner on the strategic planning that affects the management of information in the organization.

CIO chief information officer (CIO) chief information officer

____ refers to multiple layers of security controls and safeguards is called. a. A security perimeter b. Layered redundancy c. A DMZ d. Defense in depth

D. Defense in depth

In information security, ____ exists when a vulnerability known to an attacker is present. a. risk b. threat c. loss d. exposure

D. Exposure

A(n) ____ is a weakness or fault in the mechanisms that are intended to protect information and information assets from attack or damage. a. risk b. threat c. exploit d. vulnerability

D. Vulnerability

Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency? a. Phreaker b. Packet monkey c. Cyberterrorist d. Hacktivist

D. hacktivist

An indirect attack involves a hacker using a personal computer to break into a system. True False

False

Discuss the layered implementation of security.

Layered security establishes multiple layers of security controls and safeguards, which can be organized into policy, training and education, and technology.

According the to CSI/FBI Computer Crime and Security Survey, the most dominant type of attack for the last decade was ____.

Malware attacks

What are the responsibilities of a data custodian?

They are responsible for storage, maintenance, and protection of the information

Software programs that reveals its designed behavior only when activated.

Trojan Horse

A(n) ____________________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world.

Security perimeter

A(n) ____________________ is a program or device that monitors data traveling over a network.

Sniffer

____________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages whose IP addresses indicate to the recipient that the messages are coming from a trusted host.

Spoofing

Information is protected from disclosure or exposure to unauthorized individuals or systems.

confidentiality

Information remains whole, complete, and uncorrupted.

integrity

How does a distributed denial-of-service (DDoS) attack work and why are they so dangerous?

launches a coordinated stream of requests against a target from many locations at thesame time.DDoS attacks are the most difficult to defend against, and there arepresently no controls that any single organization can apply

Malicious program that replicates itself constantly.

worm


Related study sets

ICC Residential Electrical 2021 Study Questions E1

View Set

Module 2: Introduction to Psychology - Chapter 1 Quiz

View Set

MS1 CH 45 Neurological Disorders PrepU

View Set

Principles of Liberty: Defense (Presentation Text)

View Set

Chapter 3: Health, illness, and disparities.

View Set

Chapter 22 World War II (U.S. History)

View Set