CIST 1601 Chapter 1
Which of the following is a valid type of role when it comes to data ownership? a. Data owners b. Data custodians c. Data users d. All of the above
All of the above
An emerging methodology to integrate the effort of the development team and the operations team to improve the functionality and security of applications is known as __________. a. SDLC b. JAD/RAD c. DevOps d. SecOps
DevOps
E-mail spoofing involves sending an e-mail message with a harmful attachment. True False
False
The physical design is the blueprint for the desired solution. True False
False
Using a methodology will usually have no effect on the probability of success. True False
False
__________ has become a widely accepted evaluation standard for training and education related to the security of information systems. a. ISO 17788 b. NSTISSI No. 4011 c. IEEE 802.11(g) d. NIST SP 800-12
NSTISSI No. 4011
A breach of possession may not always result in a breach of confidentiality. True False
True
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. True False
True
A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________. a. risk b. access c. exploits d. assets
access
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection. a. direct b. indirect c. software d. hardware
direct
A technique used to compromise a system is known as a(n) ___________. a. risk b. access method c. exploit d. asset
exploit
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________. a. information security b. network security c. physical security d. communications security
information security
The __________ design phase of an SDLC methodology is implementation independent, meaning that it contains no reference to specific technologies, vendors, or products. a. integral b. conceptual c. physical d. logical
logical
During the __________ phase, specific technologies are selected to support the alternatives identified and evaluated in the prior phases. a. investigation b. physical design c. analysis d. implementation
physical design
The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security. a. bugs b. vulnerabilities c. malware d. maintenance hooks
vulnerabilities