haggerty final

Ace your homework & exams now with Quizwiz!

The number of possible keys to a cipher is a ___________. A. checksum B. cryptosystem C. keyspace D. key directory

keyspace

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________. A. academic excellence B. professional development C. certification D. responsibility

professional development

Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________. A. worm B. Trojan C. logic bomb D. DoS

worm

____________ creates standards that federal agencies use to classify their data and IT systems. A. FERPA B. FISMA C. GLBA D. NIST

NIST

________ enables you to prevent a party from denying a previous statement or action. A. Authentication B. Integrity C. Nonrepudiation D. Confidentiality

Nonrepudiation

The regulating agency for the Federal Information Systems Management Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission

Office of Management and Budget

________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk. A. Risk management B. Quantitative risk analysis C. Qualitative risk analysis D. Financial risk analysis

Quantitative risk analysis

________ attack countermeasures such as antivirus signature files or integrity databases. A. Retro viruses B. Stealth viruses C. Polymorphic viruses D. Slow viruses

Retro viruses

____ is a risk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls. A. Risk identification B. Risk assessment C. Inventory of assets D. Identify threats and vulnerabilities

Risk assessment

Digital signatures require asymmetric key cryptography. A. True B. False

True

ISO 17799 is an international security standard. A. True B. False

True

Unlike viruses, worms do not require a host program in order to survive and replicate. A. True B. False

True

Malware developers often use _____________ to write boot record infectors. A. C programming language B. C++ programming language C. Java D. assembly language

assembly language

Which of the following describes the Internet Engineering Task Force (IETF)? A. An international nongovernmental organization with the goal of developing and publishing international standards. B. An international security standard that documents a comprehensive set of controls that represent information systems best practices. C. A standards organization that develops and promotes Internet standards. D. A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

A standards organization that develops and promotes Internet standards.

What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation? A. Data Encryption Standard (DES) B. Keyword mixed alphabet cipher C. One-time pad cipher D. Substitution cipher

Data Encryption Standard (DES)

DoD Directive 8570.01 is a voluntary certification requirement and has increased the number of personnel who pursue certifications. A. True B. False

False

What term is used to describe any personally identifiable financial information that a consumer provides to a financial institution? A. covered entity B. nonpublic personal information (NPI) C. personally identifiable information (PII) D. directory information

nonpublic personal information (NPI)

Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. A. security B. privacy C. nonrepudiation D. reliability

nonrepudiation

What name is given to patient health information that is computer based? A. personally identifiable information (PII) B. privately held information C. electronic protected health information (EPHI) D. directory information

electronic protected health information (EPHI)

CompTIA's Security+ certification provides ________. A. four main credentials, each addressing a different security professional role B. entry-level information security certification of choice for IT professionals C. several credentials that focus on both general and Web-related security D. more than 20 individual credentials that span several information security job disciplines

entry-level information security certification of choice for IT professionals

A(n) ________ is a measurable occurrence that has an impact on the business. A. corrective control B. event C. cost D. critical business function

event

________ is a document produced by the IETF that contains standards as well as other specifications or descriptive contents. A. A Request for Comments (RFC) B. ISO 17799 C. ISO/IEC 27002 D. The Special Publications 800 series

A Request for Comments (RFC)

Which of the following is the definition of packet-filtering firewall? A. An advanced firewall that processes all traffic between two systems. Instead of allowing a direct connection between two systems, it connects to each system separately and passes filtered traffic to the destination based on filtering rules. B. A firewall device that has three NICs. One NIC connects to the Internet, the second connects to the internal network, and the third connects to a DMZ. C. A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator. D. A protocol used on IP networks to provide configuration details automatically to client computers.

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.

The regulating agency for the Gramm-Leach-Bliley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission

A. FTC

Which OSI Reference Model layer includes all programs on a computer that interact with the network? A. Presentation Layer B. Session Layer C. Network Layer D. Application Layer

Application Layer

The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems. A. CISSP-ISSEP® B. CISSP-ISSAP® C. CISSP-ISSMP® D. CSSLP®

CISSP-ISSEP®

A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A. A. Caesar cipher B. Vigenère cipher C. transposition cipher D. product cipher

Caesar cipher

What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment? A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE) B. Certificate of completion C. Accredited D. Continuing education diploma

Certificate of completion

The best fits for (ISC)2's _____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitio

Certified Authorization Professional

ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner

Certified Secure Software Lifecycle Professional

___ is the act of unscrambling ciphertext into plaintext. A. Hash B. Decryption C. Salt value D. Algorithm

Decryption

A __________________ signature is a representation of a physical signature stored in a digital format. A. Digital B. Digitized C. Private key D. Public key

Digital

_______ is information that is publicly available about all students at a school. A. Minimum necessary rule B. Nonpublic personal information (NPI) C. Personally identifiable information (PII) D. Directory information

Directory information

_______ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job. A. Internet Protocol Security (IPSec) B. Dynamic Host Configuration Protocol (DHCP) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Control Message Protocol (ICMP)

Dynamic Host Configuration Protocol (DHCP)

The regulating agency for the Children's Internet Protection Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FCC

FCC

Trojans are self-contained programs designed to propagate from one host machine to another, using the host's own network communications protocols. A. True B. False

False

Unencrypted information is ciphertext. A. True B. False

False

The ________________ , enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology. A. HITECH Act B. Federal Information Systems Management Act C. Sarbanes-Oxley Act D. Office for Civil Rights

HITECH Act

The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes. A. American National Standards Institute B. International Electrotechnical Commission (IEC) C. International Telecommunication Union D. National Institute of Standards and Technology

International Electrotechnical Commission (IEC)

________ is a suite of protocols designed to connect sites securely using IP networks. A. Dynamic Host Configuration Protocol (DHCP) B. Network access control (NAC) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______. A. OPM B. NIST C. NSA D. Computer Security Act of 1987

NSA

The ____________________ is responsible for FISMA compliance. A. FTC B. Securities and Exchange Commission C. Department of Health and Human Services D. Office of Management and Budget (OMB)

Office of Management and Budget (OMB)

______ include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. A. Retro viruses B. Stealth viruses C. Polymorphic viruses D. Multipartite viruses

Polymorphic viruses

Which OSI Reference Model layer is responsible for the coding of data? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer

Presentation Layer

____________ is a person's right to control the use and disclosure of his or her own personal information. A. Security B. Disclosure C. Privacy D. Integrity

Privacy

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. A. Backup B. Incident C. Risk D. Preventive control

Risk

A process that creates the first secure communications session between a client and a server is the definition of ________. A. nonrepudiation B. certificate authority (CA) C. SSL handshake D. salt value

SSL handshake

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond. A. smurf attack B. phishing attack C. DoS attack D. SYN flood attack

SYN flood attack

The regulating agency for the Sarbanes-Oxley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission

Securities and Exchange Commission

An encryption cipher that uses the same key to encrypt and decrypt is called a _______________ key. A. Symmetric (private) B. Asymmetric (public) C. Encrypting D. Hash E. None of the above

Symmetric (private)

________ are viruses that target computer hardware and software startup functions. A. File infectors B. System infectors C. Data infectors D. Stealth virus

System infectors

A computer virus is an executable program that attaches to, or infects, other executable programs. A. True B. False

True

A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks. A. True B. False

True

A successful DoS attack crashes a server or network device or creates so much network congestion that authorized users cannot access network resources. A. True B. False

True

In information technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks. A. True B. False

True

Increasing the key length generally increases the security of a substitution cipher. A. True B. False

True

Most certifications require certification holders to pursue additional education each year to keep their certifications current. A. True B. False

True

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family. A. True B. False

True

The goal of cryptography is to make the cost or the time required to decrypt a message without the key exceed the value of the protected information. A. True B. False

True

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas. A. True B. False

True

The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information. A. True B. False

True

The two basic types of ciphers are transposition and substitution. A. True B. False

True

Today, one of the most common methods for identifying what skills a security professional possesses is his or her level of certification. A. True B. False

True

The regulating agency for the Family Educational Rights and Privacy Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FTC

U.S. Department of Education

The stated purpose of the ___________ is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth. A. IETF B. IAB C. W3C D. ANSI

W3C

How your organization responds to risk reflects the value it puts on its ___________. A. environment B. assets C. technology D. vulnerability

assets

One of the ways that malicious code can threaten businesses is by causing economic damage or loss due to the theft, destruction, or unauthorized manipulation of sensitive data. These are known as ________. A. attacks against confidentiality and privacy B. attacks against productivity and performance C. attacks against data integrity D. attacks that create legal liability

attacks against data integrity

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________. A. confidentiality B. integrity C. availability D. security

availability

Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________. A. decryption B. breaking codes C. brute-force attack D. cryptanalysis

brute-force attack

Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a(n) ________. A. privately held company B. covered entity C. business associate D. agency

business associate

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________. A. critical business function B. disaster plan C. business continuity plan D. risk management plan

business continuity plan

In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations. A. disclosure B. responsibility C. control D. compliance

compliance

Information regulated under the Gramm-Leach-Bliley Act is ________. A. corporate financial information B. consumer financial information C. federal information systems D. protected health information

consumer financial information

The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree. A. continuing education B. academic excellence C. National Centers of Academic Excellence D. standards

continuing education

Information regulated under the Sarbanes-Oxley Act is ________. A. protected health information B. federal information systems C. consumer financial information D. corporate financial information

corporate financial information

Forensics and incident response are examples of ___________ controls. A. preventive B. technical C. corrective D. detective

corrective

What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity? A. digital signature B. public key cryptography C. hash D. algorithm

digital signature

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files). A. file infector B. system infector C. data infector D. stealth virus

file infector

A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network. A. hub B. firewall C. router D. switch

firewall

Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is ________. A. confidentiality B. integrity C. availability D. security

integrity

Whether software or hardware based, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker. A. botnet B. keystroke logger C. file infector D. logic bomb

keystroke logger

A ___________ is a program that executes a malicious function of some kind when it detects certain conditions. A. worm B. Trojan C. logic bomb D. DoS

logic bomb

A method to restrict access to a network based on identity or other rules is the definition of ________. A. screened subnet B. stateful inspection firewall C. network access control (NAC) D. Media Access Control (MAC)

network access control (NAC)

A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information. A. smurf attack B. DDoS attack C. phishing attack D. Trojan

phishing attack

"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned." This is a disadvantage to choosing the self-study option that can be labeled ________. A. resource selection B. procrastination C. lack of interaction D. quality issues

procrastination

FISMA requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________. A. testing and evaluation B. remedial action C. incident response D. subordinate plans

remedial action

A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________. A. risk mitigation B. risk assignment C. risk acceptance D. risk avoidance

risk avoidance

What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software? A. polymorphic virus B. data infector C. multipartite virus D. stealth virus

stealth virus

A professional certification states that you have taken the course and completed the tasks and assignments. A. True B. False

False

Encryption ciphers fall into two general categories: symmetric (private) key and asymmetric (public) key. A. True B. False

True

The ANSI produces standards that affect nearly all aspects of IT. A. True B. False

True

The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards. A. True B. False

True

The Physical Layer must translate the binary ones and zeros of computer language into the language of the transport medium. A. True B. False

True

Which of the following is the definition of hub? A. A device that connects two or more networks and selectively interchanges packets of data between them. B. A network device that connects network segments, echoing all received traffic to all other ports. C. A firewall device that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet. D. A suite of protocols designed to connect sites securely using IP networks.

A network device that connects network segments, echoing all received traffic to all other ports.

Which of the following is the definition of continuing professional education (CPE)? A. A document that verifies that a student has completed courses and earned a sufficient score on an assessment. B. Educational institutions that meet specific federal information assurance educational guidelines. C. Refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards. D. A standard unit of credit that equals 50 minutes of instruction

A standard unit of credit that equals 50 minutes of instruction.

The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment. A. International Electrotechnical Commission (IEC) B. International Organization for Standardization (ISO) C. National Institute of Standards and Technology (NIST) D. American National Standards Institute (ANSI)

American National Standards Institute (ANSI)

The ________ is a regulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function. A. nonpublic personal information (NPI) B. directory information C. minimum necessary rule D. electronic protected health information (EPHI)

minimum necessary rule

What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address? A. application proxy firewall B. network address translation (NAT) C. Internet Control Message Protocol (ICMP) D. network access control (NAC)

network address translation (NAT)

Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance. A. True B. False

True

Which of the following is the definition of botnet? A. A botnet is a type of virus that primarily infects executable programs. B. A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware. C. A botnet is a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus. D. A botnet is a group of honeypots made to simulate a real live network, but isolated from it.

A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

_____________ are the main source of distributed denial of service (DDoS) attacks and spam. A. Logic bombs B. Botnets C. Stealth viruses D. Trojans

Botnets

___________ refers to the amount of harm a threat can cause by exploiting a vulnerability. A. Impact B. Threat C. Risk D. Incident

Impact

The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®). A. GIAC/SANS Institute B. Infotec Security Certified Program C. International Information Systems Security Certification Consortium, Inc. (ISC)2 D. Information Systems Audit and Control Association

International Information Systems Security Certification Consortium, Inc. (ISC)2

(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security. A. Certified Information Systems Security Professional B. Certified Secure Software Lifecycle Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner

Systems Security Certified Practitioner

What is meant by checksum? A. A secret value that a cipher uses to encrypt or decrypt information. B. The output of a one-way algorithm; a mathematically derived numerical representation of some input. C. Prevents a party from denying a previous statement or action. D. An encryption algorithm that has no corresponding decryption algorithm.

The output of a one-way algorithm; a mathematically derived numerical representation of some input.

An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________. A. continuing professional education (CPE) B. accreditation C. certificate of completion D. continuing education

continuing professional education (CPE)

Health plans, health care clearinghouses, and any health care provider that transmit PHI in an electronic form are known as ________ under HIPAA. A. covered entities B. business associates C. protected health information D. exceptions to the Privacy Rule

covered entities

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________. A. technical control B. preventive control C. safeguard D. administrative control

administrative control

What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely? A. hash B. key distribution C. asymmetric key cryptography D. symmetric key cryptography

asymmetric key cryptography

Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like, consuming computing resources and reducing user productivity. These are known as ________. A. attacks against confidentiality and privacy B. attacks against productivity and performance C. attacks against data integrity D. attacks that damage reputation

attacks against productivity and performance

FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________. A. testing and evaluation B. remedial action C. security awareness training D. subordinate plans

security awareness training

A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. A. threat B. impact C. risk D. vulnerability

vulnerability


Related study sets

Ch. 25 Pharm EAQ antidysrhythmics

View Set

Managerial Accounting: Chapter 1

View Set

Biology 1050 practice exam questions

View Set

MKTG 3313 Final question practice

View Set

Chapter 48: Skin Integrity and Wound Care (Skin Integrity and Wound Care - Implementation and Evaluation)

View Set

Phonic, spelling and word study - Vocabulary

View Set