CYB 155 Test 2
The _____ is a respected professional society that was established in 1947. Today it is "the world's largest educational and scientific computing society.
Association for Computing Machinery
According to Schwartz, "_____" are the real techies who create and install security solutions.
Builders
The _____ is the title most commonly associated with the top information security officer in the organization.
CISO
The (ISC)2 _____ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's common body of knowledge.
CISSP
The breadth and depth covered in each of the domains makes the _____ one of the most difficult-to-attain certifications on the market.
CISSP
In some organizations, the CISO's position may be combined with physical security responsibilities or may even report to a security manager who is responsible for both logical (information) security and physical security and such a position is generally referred to as a _____.
CSO
_____ law comprises a wide variety of laws pertaining to relationships among individuals and organizations.
Civil
The Cybersecurity Analyst+ certification from _____ is an intermediate certification with both knowledge-based and performance-based assessment.
CompTIA
The National Information Infrastructure Protection Act of 1996 modified which act?
Computer Fraud and Abuse Act
Which of the following acts defines and formalizes laws to counter threats from computer-related acts and offenses?
Computer Fraud and Abuse Act of 1986
_____ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.
Damage Assessment
Payment Card Industry _____ Standards are designed to enhance the security of customers' payment card account data.
Data Security
The _____ attempts to prevent trade secrets from being illegally shared.
Economic Espionage Act
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?
Electronic Communications Privacy Act
_____ use allows copyrighted materials to be used to support news reporting, teaching, scholarship, and similar activities, if the use is for educational or library purposes, is not for profit, and is not excessive.
Fair
A business influence analysis (BIA) is an investigation and assessment of adverse events that can affect the organization.
False
A business policy is a task performed by an organization or one of its units in support of the organization's overallmission and operations. _____
False
A cold site provides many of the same services and options of a hot site, but at a lower cost.
False
A disaster recovery plan shows the organization's intended efforts to establish operations at an alternate site in the aftermath of a disaster.
False
A key difference between a policy and a law is that ignorance of a law is an acceptable defense.
False
A planning check is a testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster. _____
False
A rapid-onset disaster is one that gradually degrades the capacity of an organization to withstand their effects.
False
A recovery time objective (RTO) is the total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption.
False
A(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. _____
False
A(n) alarming event is an event with negative consequences that could threaten the organization's information assets or operations._____
False
A(n) disaster is any adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization. _____
False
An affidavit is permission to search for evidentiary material at a specified location or to seize items to return to an investigator's lab for examination.
False
An after-action re-assessment is an opportunity for everyone who was involved in an incident or disaster to sit down and discuss what happened. _____
False
An after-action review is an opportunity for everyone who was involved in planning for an incident or disaster to sit down and discuss what will happen when the plan is implemented.
False
An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement.
False
An external event is an event with negative consequences that could threaten the organization's information assets or operations; also referred to as an incident candidate.
False
An incident is an adverse event that could result in a loss of information assets and threatens the viability of the entire organization.
False
Changes to systems logs are a possible indicator of an actual incident.
False
CompTIA offers a vendor-specific certification program called the Security+ certification.
False
Crisis response is an organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.
False
Cultural differences can make it difficult to determine what is ethical and not ethical between cultures, except when it comes to the use of computers, where ethics are considered universal.
False
Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site.
False
Existing information security-related certifications are typically well understood by those responsible for hiring in organizations.
False
Incident detail assessment is used to determine the impact from a breach of confidentiality, integrity, and availabilityon information and information assets. _____
False
Organizations are not required by law to protect employee information that is sensitive or personal.
False
Procedures are planned for each identified incident scenario with incident handling procedures established for before and during the incident.
False
Reported attacks are a definite indicator of an actual incident. ____
False
Root cause analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting.
False
The (ISC)2 CISSP concentrations are available for currently certified CISSP professionals to demonstrate knowledge that is part of the CISSP common body of knowledge.
False
The (ISC)2 CISSP-ISSEP concentrationfocuses on the knowledge area including systems lifecycle management, threat intelligence and incident managements.
False
The Council of Europe Convention on Cybercrime has not been well received by advocates of intellectual property rights because it de-emphasizes prosecution for copyright infringement.
False
The disaster recovery preparation team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters. _____
False
The total time needed to place the business function back in service must be longer than the maximum tolerable downtime.
False
The work response time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. _____
False
Two ways to activate an alert roster are simultaneously and in parallel.
False
Laws, policies, and their associated penalties only provide deterrence if which of the following conditions is present?
Fear of penalty Probability of being caught Probability of penalty being administered -All of the other answers are correct-
What is the subject of the Computer Security Act of 1987?
Federal
Which of the following acts is also widely known as the Gramm-Leach-Bliley Act?
Financial Services Modernization Act
What is the subject of the Sarbanes-Oxley Act?
Financial reporting
The Computer _____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
Fraud
_____ is a professional association that focuses on auditing, control, and security. The membership comprises both technical and managerial professionals.
ISACA
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages?
Identify resource requirements Identify recovery priorities for system resources Determine mission/business processes and recovery criticality -All of these are BIA stages-
There are three general causes of unethical and illegal behavior: _____, Accident, and Intent.
Ignorance
Each of the following is a role for the crisis management response team EXCEPT:
Informing local emergency services to respond to the crisis
In 2001, the Council of Europe drafted the European Council Cybercrime Convention, which empowers an international task force to oversee a range of security functions associated with _____ activities.
Internet
The Health Insurance Portability and Accountability Act of 1996, also known as the _____ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange.
Kennedy-Kessebaum
The Digital _____ Copyright Act is the American contribution to an international effort by the World Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement.
Millennium
Which type of organizations should prepare for the unexpected?
Organizations of every size and purpose should also prepare for the unexpected.
_____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.
Public
____ uses a number of hard drives to store information across multiple drive units.
RAID
The former System Administration, Networking, and Security Organization is now better known as _____.
SANS
_____ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
Security analysts
The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.
Security and Freedom through Encryption Act
_____ is a cornerstone in the protection of information assets and in the prevention of financial loss.
Separation of duties
In the 1999 study of computer use-ethics, which of the following countries reported the least tolerant attitudes toward misuse of organizational computing resources?
Singapore
Which if these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams?
So individuals don't find themselves with different responsibilities in different locations at the same time.
_____ is the requirement that every employee be able to perform the work of another employee.
Task rotation
_____ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Temporary employees
A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position.
True
A business process is a task performed by an organization or one of its units in support of the organization's overall mission and operations.
True
A service bureau is an agency that provides a service for a fee. _____
True
An affidavit is a sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place.
True
An alert message is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.
True
Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught.
True
Prior to the development of each of the types of contingency planning documents, the CP team should work to develop the policy environment. _____
True
Prior to the development of each of the types of contingency planning documents, the CP team should work todevelop the policy environment.
True
Reported attacks are a probable indicator of an actual incident.
True
Security administrators provide day-to-day systems monitoring to support an organization's goals and objectives.
True
Since it was established in January 2001, every FBI field office has started an InfraGard program to collaborate with public and private organizations and the academic community.
True
Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group.
True
The Department of Homeland Security works with academic campuses nationally, focusing on resilience, recruitment, internationalization, growing academic maturity, and academic research.
True
The Secret Service is charged with safeguarding the nation's financial infrastructure and payments systems to preserve the integrity of the economy.
True
The business impact analysis is a preparatory activity common to both CP and risk management,
True
The business impact analysis is a preparatory activity common to both CP and risk management.
True
The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: protect and forget or apprehend and prosecute _____
True
The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: the two approaches are protect and forget, and apprehend and prosecute.
True
The process of examining an incident candidate and determining whether it constitutes an actual incident is called incident classification. _____
True
The process of integrating information security perspectives into the hiring process includes with reviewing and updating all job descriptions.
True
The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. _____
True
The use of standardized job descriptions can increase the degree of professionalism in the information security field.
True
The work recovery time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered.
True
To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.
True
The _____ defines stiffer penalties for prosecution of terrorism-related activities.
USA Patriot Act
Which of the following is not one of the categories of positions defined by Schwartz?
User
A(n) _____ is a document containing contact information for the people to be notified in the event of an incident.
alert roster
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage _____.
by accident and/or through unintentional negligence
The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____.
chain of evidence
The CPMT should include a _____ who is a high-level manager to support, promote, and endorse the findings of the project and could be the COO or (ideally) the CEO/president.
champion
Ideally, the _____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components
chief information officer (CIO)
A ____ site provides only rudimentary services and facilities.
cold
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____.
controls have failed controls have been bypassed controls have proven ineffective -All of the above-
The most common schedule for tape-based backup is a _____ backup, either incremental or differential, with a weekly off-site full backup.
daily-on-site
The storage of duplicate online transaction data, along with the duplication of the databases, at a remote site on a redundant server is called _____.
database shadowing
A crime involving digital media, computer technology, or related components may best be called an act of _____.
digital malfeasance
The process of examining an adverse event or incident and determining whether it constitutes an actual disaster is known as _____.
disaster classification
An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor with a ____ backup strategy.
disk-to-disk-to-cloud
Most common data backup schemes involve ______.
disk-to-disk-to-cloud neither a nor b -both a and/or b- RAID
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.
electronic vaulting
Many organizations use a(n) _____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.
exit
In most cases, organizations look for a technically qualified information security _____ who has a solid understanding of how an organization operates.
generalist
A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment's notice.
hot site
The unauthorized taking of person information with the intent of committing fraud and abuse of a person's financial and personal reputation, purchasing goods and services without authorization, and generally impersonating the victim for illegal or unethical purposes.is known as _____.
identity theft
The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption is _____.
maximum tolerable downtime (MTD)
Many who move to business-oriented information security were formerly_____ who were often involved in national security or cybersecurity.
military personnel
The latest forecasts for information security-related positions expect _____ openings than in many previous years..
more
A potential disadvantage of a timeshare site-resumption strategy is:
more than one organization might need the facility
Many who enter the field of information security are technical professionals such as _____ who find themselves working on information security applications and processes more often than traditional IT assignments.
networking experts or systems administrators database administrators programmers -All of the other answers are correct-
Security managers accomplish _____ identified by the CISO and resolve issues identified by technicians
objectives
Information about a person's history, background, and attributes that can be used to commit identity theft is known as _____ information.
personally identifiable
Digital forensics involves the _____, identification, extraction, documentation, and interpretation of digital media.
preservation
In 2002, Congress passed the Federal Information Security Management Act (FISMA), which mandates that all federal agencies _____.
provide security awareness training periodic assessment of risk develop policies and procedures based on risk assessments -all of the other answers are correct-
The point in time before a disruption or system outage to which business process data can be recovered after an outage is ____.
recovery point objective (RPO)
The ISSMP concentration examination is designed to provide CISSPs with a mechanism to demonstrate competence in _____.
security management practices enterprise security management practices business continuity planning and disaster recovery planning -All of these answers are correct-
A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.
service agreement
A ____ is an agency that provides physical facilities in the event of a disaster for a fee.
service bureau
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except _____.
to harass
A(n) disaster recovery plan includes the steps necessary to ensure the continuation of the organization when a disaster's scope or scale exceeds the ability of the organization to restore operations, usually through relocation of critical business functions to an alternate location. _____
False
A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. _____
False
The SSCP examination is much more rigorous than the CISSP examination.
False
The United States has implemented a version of the DMCA law called the Database Right, in order to comply with Directive 95/46/EC.
False
The computer security incident response team is composed solely of technical IT professionals who are prepared to detect, react to, and recover from an incident.
False
The continuity planning management team (CPMT) is the group of senior managers and project members organized to conduct and lead all contingency planning efforts.
False
The security manager position is much more general than that of the CISO.
False
Use of dormant accounts is a probable indicator of an actual incident.
False
An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.
True
Criminal laws address activities and conduct harmful to society and are categorized as public law.
True
Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster.
True
Evidentiary material is any information that could potentially support an organization's legal or policy-based case against a suspect.
True
Forensics can provide a determination of the source or origin of an event, problem, or issue like an incident.
True
In many cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.
True
In many organizations, information security teams lack established roles and responsibilities.
True
Incident classification is the process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident.
True
Incident damage assessment is used to determine the impact from a breach of confidentiality, integrity, and availability on information and information assets.
True
Incident response is an organization's set of planning and preparation efforts for detecting, reacting to, and recovering from an incident.
True
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident.
True
The chain of evidence is the detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition.
True
The disaster recovery planning team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters. False
True
Using a service bureau is a BC strategy in which an organization contracts with a service agency to provide a facility for a fee.
True
The CISA credential is promoted by ISACA as the certification that is appropriate for all but which type of professionals?
accounting
The sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place is called a(n) _____.
affadavit
To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a behavioral feasibility study before the program is _____.
implemented
The model commonly used by large organizations places the information security department within the _____ department.
information technology
Criminal or unethical _____ goes to the state of mind of the individual performing the act.
intent
The ISSEP concentration allows CISSP certificate holders to demonstrate expert knowledge of all of the following except _____.
international laws
The information security function can be placed within the _____.
legal department insurance and risk management function administrative services function -All of the other answers are correct-
Like the CISSP, the SSCP certification is more applicable to the security_____ than to the security _____.
manager, technician
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any _____ purposes.
marketing
The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources is ____.
recovery time objective (RTO)
The transfer of transaction data in real time to an off-site facility is called ____.
remote journaling
Data backup should be based on a(n) ____ policy that specifies how long log data should be maintained .
retention
