CINS 3044 Exam 1
A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted is the __________ security model.
CNSS
Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past?
Descriptive ethics
Access control lists regulate who, what, when, where, and why authorized users can access a system. (T/F?)
False
Information ambiguation occurs when pieces of nonprivate data are combined to create information that violates privacy. (T/F?)
False
It is the responsibility of InfoSec professionals to understand state laws and bills. (T/F?)
False
The "Authorized Uses" section of an ISSP specifies what the identified technology cannot be used for. (T/F?)
False
The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. (T/F?)
False
The first step in solving problems is to gather facts and make assumptions. (T/F?)
False
To protect intellectual property and competitive advantage, Congress passed the Entrepreneur Espionage Act (EEA) in 1996. (T/F?)
False
Values statements should be ambitious; after all, they are meant to express the aspirations of an organization. (T/F?)
False
When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. (T/F?)
False
Which law addresses privacy and security concerns associated with the electronic transmission of PHI?
Health Information Technology for Economic and Clinical Health Act
security
A state of being secure and free from danger or harm.
asset
An organizational resource that is being protected.
Which of the following is a C.I.A. triad characteristic that addresses the threat from corruption, damage, destruction, or other disruption of its authentic state?
integrity
A detailed outline of the scope of the policy development project is created during which phase of the SDLC?
investigation
Which phase of the SDLC should get support from senior management?
investigation
IT's focus is the efficient and effective delivery of information and administration of information resources, while InfoSec's primary focus is the __________ of all information assets.
protection
The individual accountable for ensuring the day-to-day operation of the InfoSec program, accomplishing the objectives identified by the CISO, and resolving issues identified by technicians is known as a(n) ____________.
security manager
Which level of planning breaks down each applicable strategic goal into a series of incremental objectives?
tactical
Digital forensics can be used for two key purposes: ________ or _________.
to investigate allegations of digital malfeasance; to perform root cause analysis
In which SDLC model does the work product from each phase transition into the next phase to serve as its starting point while allowing movement back to a previous phase should the project require it?
waterfall
information security (InfoSec)
Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology
informational asset
The focus of information security; information that has value to the organization, and the systems that store, process, and transmit the information.
The basic outcomes of InfoSec governance should include all but which of the following?
Time management by aligning resources with personnel schedules and organizational objectives
A clearly directed strategy flows from top to bottom rather than from bottom to top. (T/F?)
True
A maintenance model is intended to focus ongoing maintenance efforts so as to keep systems usable and secure. (T/F?)
True
Policies must specify penalties for unacceptable behavior and define an appeals process. (T/F?)
True
The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. (T/F?)
True
Today's InfoSec systems need constant monitoring, testing, modifying, updating, and repairing. (T/F?)
True
Due diligence requires that an organization make a valid and ongoing effort to protect others. (T/F?)
True
Information security policies are designed to provide structure in the workplace and explain the will of the organization's management. (T/F?)
True
What are the two general approaches for controlling user authorization for the use of a technology?
access control lists and capability tables
A risk assessment is performed during which phase of the SDLC?
analysis
The most complex part of an investigation is usually __________.
analysis for potential EM
Force majeure includes all of the following EXCEPT:
armed robbery
Which of the following is a C.I.A. triad characteristic that ensures only those with sufficient privileges and a demonstrated need may access certain information?
confidentiality
The process of integrating the governance of the physical security and information security efforts is known in the industry as __________.
convergence
Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies, and technical controls.
deterrence
A __________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
distributed denial of service
Writing a policy is not always as easy as it seems. However, the prudent security manager always scours available resources for __________ that may be adapted to the organization.
examples
Laws, policies, and their associated penalties only provide deterrence if three conditions are present. Which of these is NOT one of them?
frequency of review
One form of online vandalism is __________, in which individuals interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
hacktivism
This collaborative support group began as a cooperative effort between the FBI's Cleveland field office and local technology professionals with a focus of protecting critical national infrastructure.
InfraGard