Chapter 1 - ITSY 1300, Chapter 2 - ITSY 1300, Chapter 3 - ITSY 1300, Chapter 4 - ITSY 1300

Ace your homework & exams now with Quizwiz!

Laws, policies and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught. Select one: True False

True

Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied. _________________________ Select one: True False

True

Many industry observers claim that ISO/IEC 17799, the precursor to ISO/IEC 27001, is not as complete as other frameworks. Select one: True False

True

Many states have implemented legislation making certain computer-related activities illegal. Select one: True False

True

Much human error or failure can be prevented with effective training and ongoing awareness activities. Select one: True False

True

NIST 800-14's Principles for Securing Information Technology Systems, can be used to make sure the needed key elements of a successful effort are factored into the design of an information security program and to produce a blueprint for an effective security architecture. Select one: True False

True

NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans, and provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size. Select one: True False

True

Of the two approaches to information security implementation, the top-down approach has a higher probability of success. _________________________ Select one: True False

True

Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords. Select one: True False

True

Privacy is the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality._________________________ Select one: True False

True

Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely. Select one: True False

True

Since it was established in January 2001, every FBI field office has established an InfraGard program to collaborate with public and private organizations and the academic community. Select one: True False

True

Software code known as a(n) cookie can allow an attacker to track a victim's activity on Web sites. _________________________ Select one: True False

True

Some policies may also need a(n) sunset clause indicating their expiration date. _________________________ Select one: True False

True

Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group. Select one: True False

True

Technical controls are the tactical and technical implementations of security in the organization. _________________________ Select one: True False

True

The Computer Security Resource Center at NIST provides several useful documents free of charge in its special publications area. _________________________ Select one: True False

True

The Department of Homeland Security (DHS) works with academic campuses nationally, focusing on resilience, recruitment, internationalization, growing academic maturity and academic research. Select one: True False

True

The Digital Millennium Copyright Act is the American law created in response to Directive 95/46/EC, adopted in 1995 by the European Union. _________________________ Select one: True False

True

The Economic Espionage Act of 1996 protects American ingenuity, intellectual property, and competitive advantage. _________________________ Select one: True False

True

Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____________________ characters in Internet Explorer 4.0, the browser will crash. Select one: a. 256 b. 64 c. 128 d. 512

a. 256

__________ is a network project that preceded the Internet. Select one: a. ARPANET b. DES c. NIST d. FIPS

a. ARPANET

According to NIST SP 800-14's security principles, security should ________. Select one: a. All of the above b. support the mission of the organization c. require a comprehensive and integrated approach d. be cost-effective

a. All of the above

Redundancy can be implemented at a number of points throughout the security architecture, such as in ________ Select one: a. All of the above b. proxy servers c. access controls d. firewalls

a. All of the above

Which of the following is a valid type of role when it comes to data ownership? Select one: a. All of the above b. Data owners c. Data custodians d. Data users

a. All of the above

hich of the following functions does information security perform for an organization? Select one: a. All of the above. b. Enabling the safe operation of applications implemented on the organization's IT systems. c. Protecting the organization's ability to function. d. Protecting the data the organization collects and uses.

a. All of the above.

__________ law comprises a wide variety of laws that govern a nation or state. Select one: a. Civil b. Private c. Criminal d. Public

a. Civil

Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses? Select one: a. Computer Fraud and Abuse Act of 1986 b. Freedom of Information Act (FOIA) of 1966 c. Electronic Communications Privacy Act of 1986 d. Federal Privacy Act of 1974

a. Computer Fraud and Abuse Act of 1986

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? Select one: a. Electronic Communications Privacy Act b. Financial Services Modernization Ac c. Sarbanes-Oxley Act d. Economic Espionage Act

a. Electronic Communications Privacy Act

Which of the following is an example of a Trojan horse program? Select one: a. Happy99.exe b. MyDoom c. Netsky d. Klez

a. Happy99.exe

_________ was the first operating system to integrate security as its core functions. Select one: a. MULTICS b. ARPANET c. DOS d. UNIX

a. MULTICS

__________ has become a widely accepted evaluation standard for training and education related to the security of information systems. Select one: a. NSTISSI No. 4011 b. ISO 17788 c. NIST SP 800-12 d. IEEE 802.11(g)

a. NSTISSI No. 4011 b.

__________ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Select one: a. Public b. Civil c. Criminal d. Private

a. Public

The ____________________ data file contains the hashed representation of the user's password. Select one: a. SAM b. FBI c. SNMP d. SLA

a. SAM

____ is any technology that aids in gathering information about a person or organization without their knowledge. Select one: a. Spyware b. A bot c. Trojan d. Worm

a. Spyware

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees. Select one: a. accidental b. physical c. intentional d. external

a. accidental

A(n) _________ is a document containing contact information for the people to be notified in the event of an incident. Select one: a. alert roster b. emergency notification system c. call register d. phone list

a. alert roster

In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources. Select one: a. denial-of-service b. virus c. distributed denial-of-service d. spam

a. denial-of-service

Criminal or unethical __________ goes to the state of mind of the individual performing the act. Select one: a. intent b. attitude c. ignorance d. accident

a. intent

The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________." Select one: a. management b. implementation c. accreditation d. certification

a. management

Hackers can be generalized into two skill groups: expert and ____________________. Select one: a. novice b. journeyman c. packet monkey d. professional

a. novice

"4-1-9" fraud is an example of a ____________________ attack. Select one: a. social engineering b. spam c. virus d. worm

a. social engineering

A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years. Select one: a. strategic b. operational c. standard d. tactical

a. strategic

_______ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. Select one: a. Operational b. Technical c. Managerial d. Informational

c. Managerial

__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. Select one: a. Object b. Personal c. Physical d. Standard

c. Physical

Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. Select one: a. MIN b. MSL c. SLA d. SSL

c. SLA

The __________ of 1999 provides guidance on the use of encryption and provides protection from government intervention. Select one: a. Economic Espionage Act b. USA PATRIOT Act c. Security and Freedom through Encryption Act d. Prepper Act

c. Security and Freedom through Encryption Act

A fundamental difference between a BIA and risk management is that risk management focuses on identifying the threats, vulnerabilities, and attacks to determine which controls can protect the information, while the BIA assumes __________. Select one: a. controls have proven ineffective b. controls have failed c. controls have been bypassed d. All of the above

d. All of the above

"Shoulder spying" is used in public or semipublic settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance. _________________________ Select one: True False

False

A breach of possession always results in a breach of confidentiality. Select one: True False

False

A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements. Select one: True False

False

A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffers. _________________________ Select one: True False

False

Confidentiality ensures that only those with the rights and privileges to access information are able to do so. _________________________ Select one: True False

True

Criminal laws addresses activities and conduct harmful to society and is categorized as private or public. Select one: True False

True

Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. _________________________ Select one: True False

True

Due care and due diligence require that an organization make a valid effort to protect others and continually maintain this level of effort, ensuring these actions are effective. Select one: True False

True

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. Select one: True False

True

Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems. Select one: True False

True

Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they are usually occur with very little warning and are beyond the control of people. Select one: True False

True

Hackers are "persons who access systems and information without authorization and often illegally." _________________________ Select one: True False

True

Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _________________________ Select one: True False

True

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Select one: True False

True

Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach. _________________________ Select one: True False

True

Information security safeguards the technology assets in use at the organization. Select one: True False

True

A worm requires that another program is running before it can begin functioning. Select one: True False

False

According to the CNSS, networking is "the protection of information and its critical elements." _________________________ Select one: True False

False

An act of theft performed by a hacker falls into the category of "theft," but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of "forces of nature." Select one: True False

False

An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms. Select one: True False

False

An e-mail virus involves sending an e-mail message with a modified field. Select one: True False

False

Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction. Select one: True False

False

Attacks conducted by scripts are usually unpredictable. Select one: True False

False

Civil law addresses activities and conduct harmful to society and is actively enforced by the state. _________________________ Select one: True False

False

Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. Select one: True False

False

Cultural differences can make it difficulty to determine what is ethical and is not ethical between cultures, except when it comes to the use of computers, where ethics are considered universal. Select one: True False

False

Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. _________________________ Select one: True False

False

DoS attacks cannot be launched against routers. Select one: True False

False

Employees are not deterred by the potential loss of certification or professional accreditation resulting from a breach of a code of conduct as this loss has no effect on employees' marketability and earning power. Select one: True False

False

Ethics are the moral attitudes or customs of a particular group. _________________________ Select one: True False

False

For policy to become enforceable it only needs to be distributed, read, understood, and agreed to. Select one: True False

False

Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Select one: True False

False

In a study on software license infringement, those from United States were significantly more permissive than those from the Netherlands and other countries. _________________________ Select one: True False

False

In the context of information security, confidentiality is the right of the individual or group to protect themselves and their information from unauthorized access. Select one: True False

False

Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects. _________________________ Select one: True False

False

Information security can be an absolute. Select one: True False

False

Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost. Select one: True False

False

Intellectual privacy is recognized as a protected asset in the United States. _________________________ Select one: True False

False

Key end users should be assigned to a developmental team, known as the united application development team. _________________________ Select one: True False

False

Key studies reveal that legal penalties are the overriding factor in leveling ethical perceptions within a small population. Select one: True False

False

MULTICS stands for Multiple Information and Computing Service. _________________________ Select one: True False

False

Network security focuses on the protection of the details of a particular operation or series of activities. Select one: True False

False

Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________ Select one: True False

False

One form of e-mail attack that is also a DoS is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. _________________________ Select one: True False

False

One of the basic tenets of security architectures is the layered implementation of security, which is called defense in redundancy. _________________________ Select one: True False

False

Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. _________________________ Select one: True False

False

Policies are detailed written instructions for accomplishing a specific task. _________________________ Select one: True False

False

Risk evaluation is the process of identifying, assessing, and evaluating the levels of risk facing the organization, specifically the threats to the organization's security and to the information stored and processed by the organization. _________________________ Select one: True False

False

Systems-specific security policies, commonly referred to as a fair and responsible use policy, are used to control constituents' use of a particular resource, asset, or activity. _________________________ Select one: True False

False

The Analysis phase of the SecSDLC begins the methodology initiated by a directive from upper management. _________________________ Select one: True False

False

The Computer Security Act of 1987 is the cornerstone of many computer-related federal laws and enforcement efforts; it was originally written as an extension and clarification of the Comprehensive Crime Control Act of 1984, Select one: True False

False

The Council of Europe Convention on Cyber-Crime has not been well received by advocates of intellectual property rights because it de-emphasizes prosecution for copyright infringement, but has been well received by supporters of individual rights in the U.S. Select one: True False

False

The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, the resources. Select one: True False

False

The Department of Homeland Security was created in 2003 by the 9/11 Memorial Act of 2002. _________________________ Select one: True False

False

The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release information about national security without permission. _________________________ Select one: True False

False

Intellectual property is defined as "the creation, ownership, and control of ideas as well as the representation of those ideas." _________________________ Select one: True False

True

The Graham-Leach-Bliley Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. _________________________ Select one: True False

False

The ISSP sets out the requirements that must be met by the information security blueprint or framework. Select one: True False

False

The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system. _________________________ Select one: True False

False

The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________ Select one: True False

False

The bottom-up approach to information security has a higher probability of success than the top-down approach. Select one: True False

False

The difference between a policy and a law is that ignorance of a law is an acceptable defense. Select one: True False

False

The global information security community has universally agreed with the justification for the code of practices as identified in the ISO/IEC 17799. Select one: True False

False

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC). Select one: True False

False

The key components of the security perimeter include firewalls, DMZs (demilitarized zones), Web servers, and IDPSs. _________________________ Select one: True False

False

The macro virus infects the key operating system files located in a computer's boot sector. _________________________ Select one: True False

False

The operational plan documents the organization's intended long-term direction and efforts for the next several years. _________________________ Select one: True False

False

The physical design is the blueprint for the desired solution. Select one: True False

False

The possession of information is the quality or state of having value for some purpose or end. Select one: True False

False

The security framework is a more detailed version of the security blueprint. Select one: True False

False

The security model is the basis for the design, selection, and implementation of all security program elements including such things as policy implementation and ongoing policy and program management. _________________________ Select one: True False

False

Within security perimeters the organization can establish security redundancies, each with differing levels of security, between which traffic must be screened. _________________________ Select one: True False

False

​An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement. Select one: True False

False

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. Select one: True False

True

A mail bomb is a form of DoS attack. Select one: True False

True

A number of technical mechanisms-digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media-have been used to deter or prevent the theft of software intellectual property. Select one: True False

True

A sniffer program can reveal data transmitted on a network segment including passwords, the embedded and attached files-such as word-processing documents-and sensitive data transmitted to or from applications. Select one: True False

True

A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Select one: True False

True

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. _________________________ Select one: True False

True

A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. _________________________ Select one: True False

True

As an organization grows it must often use more robust technology to replace the security technologies it may have outgrown. Select one: True False

True

The Federal Bureau of Investigation's National InfraGard Program serves its members in four basic ways: Maintains an intrusion alert network using encrypted e-mail; Maintains a secure Web site for communication about suspicious activity or intrusions; Sponsors local chapter activities; Operates a help desk for questions. _________________________ Select one: True False

True

The code of ethics put forth by (ISC)2 focuses on four mandatory canons: "Protect society, the commonwealth, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession.". _________________________ Select one: True False

True

The communications networks of the United States carry more funds than all of the armored cars in the world combined. _________________________ Select one: True False

True

The investigation phase of the SecSDLC begins with a directive from upper management. Select one: True False

True

The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________ Select one: True False

True

The policy administrator is responsible for the creation, revision, distribution, and storage of the policy. Select one: True False

True

The process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. _________________________ Select one: True False

True

The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. _________________________ Select one: True False

True

The roles of information security professionals are almost always aligned with the goals and mission of the information security community of interest. Select one: True False

True

The stated purpose of ISO/IEC 27002, as derived from its ISO/IEC 17799 origins, is to offer guidelines and voluntary directions for information security management. _________________________ Select one: True False

True

To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards. Select one: True False

True

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date. Select one: True False

True

To remain viable, security policies must have a responsible manager, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and revision date.. _________________________ Select one: True False

True

You can create a single comprehensive ISSP document covering all information security issues. Select one: True False

True

aws and policies and their associated penalties only deter if which of the following conditions is present? Select one: a. Probability of penalty being administered b. All of the above c. Fear of penalty d. Probability of being caught

b. All of the above

The __________ attempts to prevent trade secrets from being illegally shared. Select one: a. Electronic Communications Privacy Act b. Economic Espionage Act c. Sarbanes-Oxley Act d. Financial Services Modernization Act

b. Economic Espionage Act

The Health Insurance Portability and Accountability Act Of 1996, also known as the __________ Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange. Select one: a. HITECH b. Kennedy-Kessebaum c. Privacy d. Gramm-Leach-Bliley

b. Kennedy-Kessebaum

_________ controls address personnel security, physical security, and the protection of production inputs and outputs. Select one: a. ​Managerial b. Operational c. ​Technical d. ​Informational

b. Operational

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information. Select one: a. Domaining b. Redundancy c. Firewalling d. Hosting

b. Redundancy

A variation of n SDLC that can be used to implement information security solutions in an organizations with little or no formal security in place is the __________. Select one: a. CLSecD b. SecSDLC c. LCSecD d. SecDSLC

b. SecSDLC

Which of the following countries reported the least tolerant attitudes toward personal use of organizational computing resources? Select one: a. United States b. Singapore c. Australia d. Sweden

b. Singapore

_______often function as standards or procedures to be used when configuring or maintaining systems. Select one: a. ISSPs b. SysSPs c. ESSPs d. EISPs

b. SysSPs

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems Select one: a. It was not as complete as other frameworks. b. The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799. c. The standard lacked the measurement precision associated with a technical standard. d. The standard was hurriedly prepared given the tremendous impact its adoption could have on industry information security controls.

b. The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.

A methodology for the design and implementation of an information system that is a formal development strategy is referred to as a __________. Select one: a. development life project b. systems development life cycle c. systems design d. systems schema

b. systems development life cycle

____________________ are malware programs that hide their true nature, and reveal their designed behavior only when activated. Select one: a. Worms b. Trojan horses c. Spam d. Viruses

b. Trojan horses

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage __________. Select one: a. with malice b. by accident c. with negligence d. with intent

b. by accident

A ____ site provides only rudimentary services and facilities. Select one: a. commercial b. cold c. warm d. hot

b. cold

Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________. Select one: a. threats b. controls c. hugs d. paperwork

b. controls

____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. Select one: a. infoterrorism b. cyberterrorism c. hacking d. cracking

b. cyberterrorism

Incident _________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident. Select one: a. containment strategy b. damage assessment c. incident response d. disaster assessment

b. damage assessment

Standards may be published, scrutinized, and ratified by a group, as in formal or ________standards. Select one: a. de facto b. de jure c. de formale d. de public

b. de jure

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____. Select one: a. remote journaling b. electronic vaulting c. off-site storage d. database shadowing

b. electronic vaulting

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____________________. Select one: a. false alarms b. hoaxes c. polymorphisms d. urban legends

b. hoaxes

During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases. Select one: a. investigation b. physical design c. analysis d. implementation

b. physical design

Organizations are moving toward more __________-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product. Select one: a. accessibility b. security c. availability d. reliability

b. security

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________. Select one: a. blueprint b. standard c. policy d. plan

b. standard

According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except __________. Select one: a. for purposes of commercial advantage b. to harass c. for private financial gain d. in furtherance of a criminal act

b. to harass

​Security __________ are the areas of trust within which users can freely communicate. Select one: a. ​layers b. ​domains c. ​rectangles d. ​perimeters

b. ​domains

Complete loss of power for a moment is known as a ____. Select one: a. ​brownout b. ​fault c. ​lag d. ​blackout

b. ​fault

The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? Select one: a. Determine mission/business processes and recovery criticality b. Identify recovery priorities for system resources c. All of these are BIA stages d. Identify resource requirements

c. All of these are BIA stages

The National Information Infrastructure Protection Act of 1996 modified which Act? Select one: a. Computer Security Act b. USA PATRIOT Improvement and Reauthorization Act c. Computer Fraud and Abuse Act d. USA PATRIOT Act

c. Computer Fraud and Abuse Act

__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection. Select one: a. Best-effort b. Proxy c. Defense in depth d. Networking

c. Defense in depth

What is the subject of the Sarbanes-Oxley Act? Select one: a. Trade secrets b. Privacy c. Financial Reporting d. Banking

c. Financial Reporting

The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. Select one: a. Violence b. Usage c. Fraud d. Theft

c. Fraud

The Council of Europe adopted the Convention of CyberCrime in 2001 to oversee a range of security functions associated with __________ activities. Select one: a. electronic commerce b. online terrorist c. Internet d. cyberactivist

c. Internet

People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role. Select one: a. Security professionals b. Security policy developers c. System administrators d. End users

c. System administrators

The ____________________ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. Select one: a. WWW b. FTP c. TCP d. HTTP

c. TCP

____________________ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. Select one: a. Drones b. Servants c. Zombies d. Helpers

c. Zombies

A server would experience a __________ attack when a hacker compromises it to acquire information from it from a remote location using a network connection. Select one: a. hardware b. software c. direct d. indirect

c. direct

One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. Select one: a. hackcyber b. cyberhack c. hacktivist d. phreak

c. hacktivist

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value. Select one: a. smashing b. result c. hash d. code

c. hash

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework that intends to allow organization to __________. Select one: a. assess progress toward a recommended target state b. communicate among local, state and national agencies about cybersecurity risk c. identify and prioritize opportunities for improvement within the context of a continuous and repeatable process d. None of these

c. identify and prioritize opportunities for improvement within the context of a continuous and repeatable process

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization. Select one: a. operational b. Internet c. people d. technology

c. people

Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. Select one: a. theft b. security c. trespass d. bypass

c. trespass

A type of SDLC where each phase has results that flow into the next phase is called the __________ model. Select one: a. Method 7 b. pitfall c. waterfall d. SA&D

c. waterfall

An information system is the entire set of __________, people, procedures, and networks that make possible the use of information resources in the organization. Select one: a. data b. software c. hardware d. All of the above

d. All of the above

__________ of information is the quality or state of being genuine or original. Select one: a. Confidentiality b. Authorization c. Spoofing d. Authenticity

d. Authenticity

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. Select one: a. CIO b. CTO c. ISO d. CISO

d. CISO

The ________is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts. Select one: a. ISSP b. GSP c. SysSP d. EISP

d. EISP

What is the subject of the Computer Security Act? Select one: a. Telecommunications Common Carriers b. Cryptography Software Vendors c. Banking Industry d. Federal Agency Information Security

d. Federal Agency Information Security

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? Select one: a. Computer Security Act b. Communications Act c. Health Insurance Portability and Accountability Act d. Financial Services Modernization Act

d. Financial Services Modernization Act

Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what immediate steps are taken when an attack occurs. Select one: a. Security response b. Continuity planning c. Disaster recovery d. Incident response

d. Incident response

The __________ defines stiffer penalties for prosecution of terrorist crimes. Select one: a. Gramm-Leach-Bliley Act b. Economic Espionage Act c. Sarbanes-Oxley Act d. USA PATRIOT Act

d. USA PATRIOT Act

The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security. Select one: a. Bugs b. Maintenance hooks c. Malware d. Vulnerabilities

d. Vulnerabilities

A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Select one: a. virus b. spam c. denial-of-service d. distributed denial-of-service

d. distributed denial-of-service

A security ________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization. Select one: a. model b. plan c. policy d. framework

d. framework

Which of the following phases is often considered the longest and most expensive phase of the systems development life cycle? Select one: a. investigation b. implementation c. logical design d. maintenance and change

d. maintenance and change

In the well-known ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. Select one: a. server-in-the-middle b. zombie-in-the-middle c. sniff-in-the-middle d. man-in-the-middle

d. man-in-the-middle

The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any __________ purposes. Select one: a. customer service b. billing c. troubleshooting d. marketing

d. marketing

RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure. Select one: a. resistant b. replicated c. random d. redundant

d. redundant

A computer is the __________ of an attack when it is used to conduct an attack against another computer. Select one: a. object b. target c. facilitator d. subject

d. subject


Related study sets

introduction to sociology chapter 4-5 questions

View Set

12345678910,123456789,12345678,1234567,123456,12345,1234,123,12,1

View Set

Chapter 18: Creating Competitive Advantage

View Set

AP US History Chapter 5 vocabulary 1754-1776

View Set

Ecology and Ecosystems Final Bio Test

View Set

A&P II: Ch. 18 Discussion & Quiz

View Set