CSC - 321 FINAL
Which of the following is NOT a consideration when selecting recommended best practices?
Same certification and accreditation agency or standard
Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle?
Security clearances
Data classification schemes should categorize information assets based on which of the following?
Sensitivity and security needs
Which of the following biometric authentication systems is the most accepted by users?
Signature recognition
In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?
Simulation
Which of the following functions needed to implement the information security program evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness?
Systems testing
Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?
TCSEC
Which of the following is NOT one of the three types of performance measures used by organizations?
Those that evaluate the compliance of non-security personnel in adhering to InfoSec policy
The basic outcomes of InfoSec governance should include all but which of the following?
Time management by aligning resources with personnel schedules and organizational objectives
A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for pre-configured signatures.
True
Due care and due diligence occur when an organization adopts a certain minimum level of security—that is, what any prudent organization would do in similar circumstances. ____________
True
If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.
True
Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset.
True
Which of the following is a possible indicator of an actual incident?
Unusual consumption of computing resources
Which of the following is a definite indicator of an actual incident?
Use of dormant accounts
Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?
User-specific security policies
Which of the following is true about symmetric encryption?
Uses a secret key to encrypt and decrypt
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?
Violations of Policy
Which of the following is a mathematical tool that can be useful in assessing relative importance while resolving the issue of what business function is the most critical?
Weighted analysis
When dealing with an incident, the incident response team must conduct a(n) ____________________, which entails a detailed examination of the events that occurred from first detection to final recovery.
after action review
Common vulnerability assessment processes include:
all of these
In which phase of the SecSDLC does the risk management task occur?
analysis
In addition to specifying the penalties for unacceptable behavior, what else must a policy specify?
appeals process
According to the C.I.A. triad, which of the following is a desirable characteristic for computer security?
availability
A practice related to benchmarking is ____________, which is a measurement against a prior assessment or an internal goal.
baseline
To evaluate the performance of a security system, administrators must establish system performance _____________________.
baselines
The purpose of SETA is to enhance security in all but which of the following ways?
by adding barriers
Which of the following is a disadvantage of the individual policy approach to creating and managing ISSPs?
can suffer from poor policy dissemintation, enforcement, and review
Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation?
centralized authentication
The individual responsible for the assessment, management, and implementation of information-protection activities in the organization is known as a(n) ____________.
chief information security officer
In which form of access control is access to a specific set of information contingent on its subject matter?
content-dependent access controls
Which of the following describes the financial savings from using the defense risk control strategy to implement a control and eliminate the financial ramifications of an incident?
cost avoidance
What is the result of subtracting the post-control annualized loss expectancy and the ACS from the pre-control annualized loss expectancy?
cost-benefit analysis
Individuals who control, and are therefore responsible for, the security and use of a particular set of information are known as ____________.
data owners
Internal and external stakeholders such as customers, suppliers, or employees who interact with the information in support of their organization's planning and operations are known as ____________.
data users
Application of training and education is a common method of which risk control strategy?
defense
Which control category discourages an incipient incident?
deterrent
What should each information asset-threat pair have at a minimum that clearly identifies any residual risk that remains after the proposed strategy has been executed?
documented control strategy
____________________ encompasses a requirement that the implemented standards continue to provide the required level of protection.
due diligence
Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________.
education
Ethics carry the sanction of a governing authority.
false
ISACA is a professional association with a focus on authorization, control, and security. ___________
false
Strategies to limit losses before and during a realized adverse event is covered by which of the following plans in the mitigation control approach?
incident response plan
Which type of security policy is intended to provide a common understanding of the purposes for which an employee can and cannot use a resource?
issue-specific
Which of the following is true about a company's InfoSec awareness Web site?
it should be tested with multiple browsers
Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct?
managerial controls
Which of the following describes an organization's efforts to reduce damage caused by a realized incident or disaster?
mitigation
Which access control principle limits a user's access to the specific information required to perform the currently assigned task?
need-to-know
Which type of access controls can be role-based or task-based?
nondiscretionary
The three levels of planning are strategic planning, tactical planning, and ____________________ planning.
operational
Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives?
organization
Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?
people
Which function needed to implement the information security program includes researching, creating, maintaining, and promoting information security plans?
planning
Which of the following is the principle of management that develops, creates, and implements strategies for the accomplishment of objectives?
planning
The set of organizational guidelines that dictates certain behavior within the organization is called ____________________.
policy
Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?
policy
Which of the following is NOT one of the basic rules that must be followed when shaping a policy?
policy should be agreed upon by all employees and management
What is the SETA program designed to do?
reduce the occurence of accidental security breaches
Which piece of the Trusted Computing Base's security system manages access controls?
reference monitor
Which of the following is compensation for a wrong committed by an employee acting with or without authorization?
restitution
By multiplying the asset value by the exposure factor, you can calculate which of the following?
single loss expectancy
Which type of document is a more detailed statement of what must be done to comply with a policy?
standard
Advanced technical training can be selected or developed based on which of the following?
technology product
A time-release safe is an example of which type of access control?
temporal isolation
A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.
traffic analysis
InfraGard began as a cooperative effort between the FBI's Cleveland field office and local intelligence professionals. ___________
true
The Gramm-Leach-Bliley (GLB) Act (also known as the Financial Services Modernization Act of 1999) contains a number of provisions that affect banks, securities firms, and insurance companies. ___________
true
The Secret Service is charged with the detection and arrest of any person committing a U.S. federal offense relating to computer fraud, as well as false identification crimes.
true
Which of the following is a key advantage of the bottom-up approach to security implementation?
utilizes the technical expertise of the individual administrators
A __________ is the recorded condition of a particular revision of a software or hardware configuration item.
version
ISO 27014:2013 is the ISO 27000 series standard for ____________.
Governance of Information Security
A set of security tests and evaluations that simulate attacks by a malicious external source is known as ____________.
penetration testing
The process of identifying and documenting specific and provable flaws in the organization's information asset environment is known as ____________.
vulnerability assessment
Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals.
(ISC)2
What is the range of the well-known ports used by TCP and UDP?
0-1023
__________ are a component of the "security triple."
All of the above
Which type of IDPS is also known as a behavior-based intrusion detection system?
Anomaly-based
Which of the following is the last phase in the NIST process for performance measures implementation?
Apply corrective actions
Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk identification process?
Assigning a value to each information asset
Problems with benchmarking include all but which of the following?
Benchmarking doesn't help in determining the desired outcome of the security process
Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.
Biba
Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?
Bull's-eye model
When a disaster renders the current business location unusable, which plan is put into action?
Business continuity
The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
CERT/CC
According to NIST SP 800-37, which of the following is the first step in the security controls selection process?
Categorize the information system and the information processed
Which document must be changed when evidence changes hands or is stored?
Chain of custody
Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?
Confidentiality
Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event?
Contingency planning
Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?
Cost of prevention
Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics?
Deontological ethics
Which of the following ethical frameworks is the study of the choices that have been made by individuals in the past; attempting to answer the question, what do others think is right?
Descriptive ethics
What is most commonly used for the goal of nonrepudiation in cryptography?
Digital signature
Which policy is the highest level of policy and is usually created first?
EISP
Having an established risk management program means that an organization's assets are completely protected.
False
The defense risk control strategy may be accomplished by outsourcing to other organizations.
False
Using a practice called baselining, you are able to develop policy based on the typical practices of the industry in which you are working.
False
What is the next phase of the preattack data gathering process after an attacker has collected all of an organization's Internet addresses?
Fingerprinting
Which of the following is true about firewalls and their ability to adapt in a network?
Firewalls deal strictly with defined patterns of measured observation
Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them?
HIPAA
Which technology has two modes of operation: transport and tunnel?
IP Security
Which of the following is the first step in the process of implementing training?
Identify program scope, goals, and objectives
What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?
Identify recovery priorities for system resources
In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed first in a digital forensics investigation?
Identify relevant items of evidentiary value (EM)
Each manager in the organization should focus on reducing risk. This is often done within the context of one of the three communities of interest, which includes all but which of the following?
Legal management must develop corporate-wide standards
What is the final step in the risk identification process?
Listing assets in order of importance
Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?
Manufacturer's model or part number
InfoSec measurements collected from production statistics depend greatly on which of the following factors?
Number of systems and users of those systems
Which of the following variables is the most influential in determining how to structure an information security program?
Organizational culture
Which of the following is an example of a technological obsolescence threat?
Outdated servers
The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization.
PSV
The __________ commercial site focuses on current security tool resources.
Packet Storm
Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?
Policy Review and Modification
Which tool can best identify active computers on a network?
Port scanner
__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.
Program review
Under the Common Criteria, which term describes the user-generated specifications for security requirements?
Protection Profile (PP)
The identification and assessment of levels of risk in an organization describes which of the following?
Risk analysis
Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk?
Risk assessment
The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.
Risk assessment estimate factors
__4__A comprehensive assessment of a system's technical and nontechnical protection strategies, as specified by a particular set of requirements. __8__A legal standard that requires an organization and its employees to act as a reasonable and prudent individual or organization would under similar circumstances. __6__Those security efforts that are considered among the best in the industry. __9__The data or the trends in data that may indicate the effectiveness of security countermeasures or controls—technical and managerial—implemented in the organization. __2__An assessment of the performance of some action or process against which future performance is assessed. __5__The actions that demonstrate that an organization has made a valid effort to protect others a requirement and that the implemented standards continue to provide the required level of protection. __7__Those procedures that provide a superior level of security for an organization's information. __10__A common approach to a Risk Management Framework (RMF) for InfoSec practice. __1__The authorization of an IT system to process, store, or transmit information. __3__An attempt to improve information security practices by comparing an organization's efforts against practices of a similar organization or an industry-developed standard to produce results it would like to duplicate.
1.accreditation 2.baseline 3.benchmarking 4.certification 5.due diligence 6.best security practices 7.recommended business practices 8.standard of due care 9.performance measurements 10.NIST SP 800-37
Which port number is commonly used for the Simple Mail Transfer Protocol service?
25