haggerty final
The number of possible keys to a cipher is a ___________. A. checksum B. cryptosystem C. keyspace D. key directory
keyspace
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________. A. academic excellence B. professional development C. certification D. responsibility
professional development
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________. A. worm B. Trojan C. logic bomb D. DoS
worm
____________ creates standards that federal agencies use to classify their data and IT systems. A. FERPA B. FISMA C. GLBA D. NIST
NIST
________ enables you to prevent a party from denying a previous statement or action. A. Authentication B. Integrity C. Nonrepudiation D. Confidentiality
Nonrepudiation
The regulating agency for the Federal Information Systems Management Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission
Office of Management and Budget
________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk. A. Risk management B. Quantitative risk analysis C. Qualitative risk analysis D. Financial risk analysis
Quantitative risk analysis
________ attack countermeasures such as antivirus signature files or integrity databases. A. Retro viruses B. Stealth viruses C. Polymorphic viruses D. Slow viruses
Retro viruses
____ is a risk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls. A. Risk identification B. Risk assessment C. Inventory of assets D. Identify threats and vulnerabilities
Risk assessment
Digital signatures require asymmetric key cryptography. A. True B. False
True
ISO 17799 is an international security standard. A. True B. False
True
Unlike viruses, worms do not require a host program in order to survive and replicate. A. True B. False
True
Malware developers often use _____________ to write boot record infectors. A. C programming language B. C++ programming language C. Java D. assembly language
assembly language
Which of the following describes the Internet Engineering Task Force (IETF)? A. An international nongovernmental organization with the goal of developing and publishing international standards. B. An international security standard that documents a comprehensive set of controls that represent information systems best practices. C. A standards organization that develops and promotes Internet standards. D. A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
A standards organization that develops and promotes Internet standards.
What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation? A. Data Encryption Standard (DES) B. Keyword mixed alphabet cipher C. One-time pad cipher D. Substitution cipher
Data Encryption Standard (DES)
DoD Directive 8570.01 is a voluntary certification requirement and has increased the number of personnel who pursue certifications. A. True B. False
False
What term is used to describe any personally identifiable financial information that a consumer provides to a financial institution? A. covered entity B. nonpublic personal information (NPI) C. personally identifiable information (PII) D. directory information
nonpublic personal information (NPI)
Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. A. security B. privacy C. nonrepudiation D. reliability
nonrepudiation
What name is given to patient health information that is computer based? A. personally identifiable information (PII) B. privately held information C. electronic protected health information (EPHI) D. directory information
electronic protected health information (EPHI)
CompTIA's Security+ certification provides ________. A. four main credentials, each addressing a different security professional role B. entry-level information security certification of choice for IT professionals C. several credentials that focus on both general and Web-related security D. more than 20 individual credentials that span several information security job disciplines
entry-level information security certification of choice for IT professionals
A(n) ________ is a measurable occurrence that has an impact on the business. A. corrective control B. event C. cost D. critical business function
event
________ is a document produced by the IETF that contains standards as well as other specifications or descriptive contents. A. A Request for Comments (RFC) B. ISO 17799 C. ISO/IEC 27002 D. The Special Publications 800 series
A Request for Comments (RFC)
Which of the following is the definition of packet-filtering firewall? A. An advanced firewall that processes all traffic between two systems. Instead of allowing a direct connection between two systems, it connects to each system separately and passes filtered traffic to the destination based on filtering rules. B. A firewall device that has three NICs. One NIC connects to the Internet, the second connects to the internal network, and the third connects to a DMZ. C. A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator. D. A protocol used on IP networks to provide configuration details automatically to client computers.
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.
The regulating agency for the Gramm-Leach-Bliley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission
A. FTC
Which OSI Reference Model layer includes all programs on a computer that interact with the network? A. Presentation Layer B. Session Layer C. Network Layer D. Application Layer
Application Layer
The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems. A. CISSP-ISSEP® B. CISSP-ISSAP® C. CISSP-ISSMP® D. CSSLP®
CISSP-ISSEP®
A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A. A. Caesar cipher B. Vigenère cipher C. transposition cipher D. product cipher
Caesar cipher
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment? A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE) B. Certificate of completion C. Accredited D. Continuing education diploma
Certificate of completion
The best fits for (ISC)2's _____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitio
Certified Authorization Professional
ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner
Certified Secure Software Lifecycle Professional
___ is the act of unscrambling ciphertext into plaintext. A. Hash B. Decryption C. Salt value D. Algorithm
Decryption
A __________________ signature is a representation of a physical signature stored in a digital format. A. Digital B. Digitized C. Private key D. Public key
Digital
_______ is information that is publicly available about all students at a school. A. Minimum necessary rule B. Nonpublic personal information (NPI) C. Personally identifiable information (PII) D. Directory information
Directory information
_______ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job. A. Internet Protocol Security (IPSec) B. Dynamic Host Configuration Protocol (DHCP) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Control Message Protocol (ICMP)
Dynamic Host Configuration Protocol (DHCP)
The regulating agency for the Children's Internet Protection Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FCC
FCC
Trojans are self-contained programs designed to propagate from one host machine to another, using the host's own network communications protocols. A. True B. False
False
Unencrypted information is ciphertext. A. True B. False
False
The ________________ , enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology. A. HITECH Act B. Federal Information Systems Management Act C. Sarbanes-Oxley Act D. Office for Civil Rights
HITECH Act
The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes. A. American National Standards Institute B. International Electrotechnical Commission (IEC) C. International Telecommunication Union D. National Institute of Standards and Technology
International Electrotechnical Commission (IEC)
________ is a suite of protocols designed to connect sites securely using IP networks. A. Dynamic Host Configuration Protocol (DHCP) B. Network access control (NAC) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec)
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______. A. OPM B. NIST C. NSA D. Computer Security Act of 1987
NSA
The ____________________ is responsible for FISMA compliance. A. FTC B. Securities and Exchange Commission C. Department of Health and Human Services D. Office of Management and Budget (OMB)
Office of Management and Budget (OMB)
______ include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. A. Retro viruses B. Stealth viruses C. Polymorphic viruses D. Multipartite viruses
Polymorphic viruses
Which OSI Reference Model layer is responsible for the coding of data? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
Presentation Layer
____________ is a person's right to control the use and disclosure of his or her own personal information. A. Security B. Disclosure C. Privacy D. Integrity
Privacy
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. A. Backup B. Incident C. Risk D. Preventive control
Risk
A process that creates the first secure communications session between a client and a server is the definition of ________. A. nonrepudiation B. certificate authority (CA) C. SSL handshake D. salt value
SSL handshake
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond. A. smurf attack B. phishing attack C. DoS attack D. SYN flood attack
SYN flood attack
The regulating agency for the Sarbanes-Oxley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission
Securities and Exchange Commission
An encryption cipher that uses the same key to encrypt and decrypt is called a _______________ key. A. Symmetric (private) B. Asymmetric (public) C. Encrypting D. Hash E. None of the above
Symmetric (private)
________ are viruses that target computer hardware and software startup functions. A. File infectors B. System infectors C. Data infectors D. Stealth virus
System infectors
A computer virus is an executable program that attaches to, or infects, other executable programs. A. True B. False
True
A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks. A. True B. False
True
A successful DoS attack crashes a server or network device or creates so much network congestion that authorized users cannot access network resources. A. True B. False
True
In information technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks. A. True B. False
True
Increasing the key length generally increases the security of a substitution cipher. A. True B. False
True
Most certifications require certification holders to pursue additional education each year to keep their certifications current. A. True B. False
True
The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family. A. True B. False
True
The goal of cryptography is to make the cost or the time required to decrypt a message without the key exceed the value of the protected information. A. True B. False
True
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas. A. True B. False
True
The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information. A. True B. False
True
The two basic types of ciphers are transposition and substitution. A. True B. False
True
Today, one of the most common methods for identifying what skills a security professional possesses is his or her level of certification. A. True B. False
True
The regulating agency for the Family Educational Rights and Privacy Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FTC
U.S. Department of Education
The stated purpose of the ___________ is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth. A. IETF B. IAB C. W3C D. ANSI
W3C
How your organization responds to risk reflects the value it puts on its ___________. A. environment B. assets C. technology D. vulnerability
assets
One of the ways that malicious code can threaten businesses is by causing economic damage or loss due to the theft, destruction, or unauthorized manipulation of sensitive data. These are known as ________. A. attacks against confidentiality and privacy B. attacks against productivity and performance C. attacks against data integrity D. attacks that create legal liability
attacks against data integrity
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________. A. confidentiality B. integrity C. availability D. security
availability
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________. A. decryption B. breaking codes C. brute-force attack D. cryptanalysis
brute-force attack
Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a(n) ________. A. privately held company B. covered entity C. business associate D. agency
business associate
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________. A. critical business function B. disaster plan C. business continuity plan D. risk management plan
business continuity plan
In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations. A. disclosure B. responsibility C. control D. compliance
compliance
Information regulated under the Gramm-Leach-Bliley Act is ________. A. corporate financial information B. consumer financial information C. federal information systems D. protected health information
consumer financial information
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree. A. continuing education B. academic excellence C. National Centers of Academic Excellence D. standards
continuing education
Information regulated under the Sarbanes-Oxley Act is ________. A. protected health information B. federal information systems C. consumer financial information D. corporate financial information
corporate financial information
Forensics and incident response are examples of ___________ controls. A. preventive B. technical C. corrective D. detective
corrective
What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity? A. digital signature B. public key cryptography C. hash D. algorithm
digital signature
A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files). A. file infector B. system infector C. data infector D. stealth virus
file infector
A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network. A. hub B. firewall C. router D. switch
firewall
Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is ________. A. confidentiality B. integrity C. availability D. security
integrity
Whether software or hardware based, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker. A. botnet B. keystroke logger C. file infector D. logic bomb
keystroke logger
A ___________ is a program that executes a malicious function of some kind when it detects certain conditions. A. worm B. Trojan C. logic bomb D. DoS
logic bomb
A method to restrict access to a network based on identity or other rules is the definition of ________. A. screened subnet B. stateful inspection firewall C. network access control (NAC) D. Media Access Control (MAC)
network access control (NAC)
A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information. A. smurf attack B. DDoS attack C. phishing attack D. Trojan
phishing attack
"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned." This is a disadvantage to choosing the self-study option that can be labeled ________. A. resource selection B. procrastination C. lack of interaction D. quality issues
procrastination
FISMA requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________. A. testing and evaluation B. remedial action C. incident response D. subordinate plans
remedial action
A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________. A. risk mitigation B. risk assignment C. risk acceptance D. risk avoidance
risk avoidance
What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software? A. polymorphic virus B. data infector C. multipartite virus D. stealth virus
stealth virus
A professional certification states that you have taken the course and completed the tasks and assignments. A. True B. False
False
Encryption ciphers fall into two general categories: symmetric (private) key and asymmetric (public) key. A. True B. False
True
The ANSI produces standards that affect nearly all aspects of IT. A. True B. False
True
The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards. A. True B. False
True
The Physical Layer must translate the binary ones and zeros of computer language into the language of the transport medium. A. True B. False
True
Which of the following is the definition of hub? A. A device that connects two or more networks and selectively interchanges packets of data between them. B. A network device that connects network segments, echoing all received traffic to all other ports. C. A firewall device that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet. D. A suite of protocols designed to connect sites securely using IP networks.
A network device that connects network segments, echoing all received traffic to all other ports.
Which of the following is the definition of continuing professional education (CPE)? A. A document that verifies that a student has completed courses and earned a sufficient score on an assessment. B. Educational institutions that meet specific federal information assurance educational guidelines. C. Refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards. D. A standard unit of credit that equals 50 minutes of instruction
A standard unit of credit that equals 50 minutes of instruction.
The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment. A. International Electrotechnical Commission (IEC) B. International Organization for Standardization (ISO) C. National Institute of Standards and Technology (NIST) D. American National Standards Institute (ANSI)
American National Standards Institute (ANSI)
The ________ is a regulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function. A. nonpublic personal information (NPI) B. directory information C. minimum necessary rule D. electronic protected health information (EPHI)
minimum necessary rule
What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address? A. application proxy firewall B. network address translation (NAT) C. Internet Control Message Protocol (ICMP) D. network access control (NAC)
network address translation (NAT)
Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance. A. True B. False
True
Which of the following is the definition of botnet? A. A botnet is a type of virus that primarily infects executable programs. B. A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware. C. A botnet is a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. D. A botnet is a group of honeypots made to simulate a real live network, but isolated from it.
A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.
_____________ are the main source of distributed denial of service (DDoS) attacks and spam. A. Logic bombs B. Botnets C. Stealth viruses D. Trojans
Botnets
___________ refers to the amount of harm a threat can cause by exploiting a vulnerability. A. Impact B. Threat C. Risk D. Incident
Impact
The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®). A. GIAC/SANS Institute B. Infotec Security Certified Program C. International Information Systems Security Certification Consortium, Inc. (ISC)2 D. Information Systems Audit and Control Association
International Information Systems Security Certification Consortium, Inc. (ISC)2
(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security. A. Certified Information Systems Security Professional B. Certified Secure Software Lifecycle Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner
Systems Security Certified Practitioner
What is meant by checksum? A. A secret value that a cipher uses to encrypt or decrypt information. B. The output of a one-way algorithm; a mathematically derived numerical representation of some input. C. Prevents a party from denying a previous statement or action. D. An encryption algorithm that has no corresponding decryption algorithm.
The output of a one-way algorithm; a mathematically derived numerical representation of some input.
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________. A. continuing professional education (CPE) B. accreditation C. certificate of completion D. continuing education
continuing professional education (CPE)
Health plans, health care clearinghouses, and any health care provider that transmit PHI in an electronic form are known as ________ under HIPAA. A. covered entities B. business associates C. protected health information D. exceptions to the Privacy Rule
covered entities
A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________. A. technical control B. preventive control C. safeguard D. administrative control
administrative control
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely? A. hash B. key distribution C. asymmetric key cryptography D. symmetric key cryptography
asymmetric key cryptography
Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like, consuming computing resources and reducing user productivity. These are known as ________. A. attacks against confidentiality and privacy B. attacks against productivity and performance C. attacks against data integrity D. attacks that damage reputation
attacks against productivity and performance
FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________. A. testing and evaluation B. remedial action C. security awareness training D. subordinate plans
security awareness training
A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. A. threat B. impact C. risk D. vulnerability
vulnerability
