ICTN 4040 - Lunsford Midterm - ECU
Which of these is not one of the general categories of security policy? a. Category-specific policy (CSP) b. Enterprise information security policy (EISP) c. Issue-specific security policy (ISSP) d. Systems-specific policy (SysSP)
a. Category-specific policy (CSP)
_______ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident. a. Damage assessment b. Containment development c. Incident response d. Disaster assessment
a. Damage assessment
The _____ defines stiffer penalties for prosecution of terrorism-related activities. a. USA PATRIOT Act b. Sarbanes-Oxley Act c. Gramm-Leach-Bliley Act d. Economic Espionage Act
a. USA PATRIOT Act
The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____. a. chain of evidence b. search warrant c. audit trail d. evidence affidavit
a. chain of evidence
The actions taken by management to specify the short-term goals and objectives of the organization are _____. a. operational planning b. tactical planning c. strategic planning d. contingency planning
a. operational planning
Individuals who control, and are therefore ultimately responsible for, the security and use of a particular set of information are known as data __________. a. owners b. custodians c. trustees d. users
a. owners
A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n) ______. a. rainbow table b. dictionary c. crib d. crack file
a. rainbow table
A computer is the __________ of an attack when it is used to conduct an attack against another computer. a. subject b. object c. target d. facilitator
a. subject
The _____ risk treatment strategy attempts to shift risk to other assets, other processes, or other organizations. a. transference b. defense c. acceptance d. mitigation
a. transference
A(n) _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. a. IP b. FCO c. CTO d. HTTP
b. FCO
_____ use allows copyrighted materials to be used to support news reporting, teaching, scholarship, and similar activities, if the use is for educational or library purposes, is not for profit, and is not excessive. a. Justified b. Fair c. Personal d. Limited
b. Fair
_____ controls address personnel security, physical security, and the protection of production inputs and outputs. a. Informational b. Operational c. Technical d. Managerial
b. Operational
____ uses a number of hard drives to store information across multiple drive units. a. Legacy backup b. RAID c. Continuous database protection d. Virtualization
b. RAID
_________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty. a. Loss magnitude b. Risk c. Loss frequency d. Loss
b. Risk
Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. a. SSL b. SLA c. MSL d. MIN
b. SLA
Risk _____ is a determination of the extent to which an organization's information assets are exposed to risk. a. interpretation b. analysis c. exploration d. declaration
b. analysis
______ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents. a. infoterrorism b. cyberterrorism c. hacking d. cracking
b. cyberterrorism
In a ______ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources. a. denial-of-service b. distributed denial-of-service c. virus d. spam
b. distributed denial-of-service
The risk management (RM) _____ is the overall structure of the strategic planning and design for the entirety of the organization's RM efforts. a. assessment b. framework c. acceptance d. treatment
b. framework
The actions taken by management to specify the intermediate goals and objectives of the organization are _____. a. operational planning b. tactical planning c. strategic planning d. contingency planning
b. tactical planning
Risk _____ is the application of security mechanisms to reduce the risks to an organization's data and information systems. a. avoidance b. treatment c. identification d. assessment
b. treatment
People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____. a. Security policy developers b. Security professionals c. System administrators d. End users
c. System administrators
______ are compromised systems that are directed remotely (usually by a transmitted command) by the attacker to participate in the attack. a. Drones b. Helpers C. Zombies D. Servants
c. Zombies
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value. a. result b. smashing c. hash d. code
c. hash
Understanding the _________ context means understanding elements that could impact or influence the RM process such as the organization's governance structure (or lack thereof), the organization's internal stakeholders, as well as the organization's culture. a. external b. design c. internal d. risk evaluation
c. internal
Which of these is NOT a unique function of information security management? a. hardware b. planning c. policy d. programs
c. policy
________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security, software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented. a. CSOs b. CISOs c. Security managers d. Security analysts
c. security managers
In a _____, assets or threats can be prioritized by identifying criteria with differing levels of importance, assigning a score for each of the criteria, and then summing and ranking those scores. a. threat assessment b. risk management program c. weighted table analysis d. data classification scheme
c. weighted table analysis
Laws, policies, and their associated penalties only provide deterrence if which of the following conditions is present? a. Fear of penalty b. Probability of being caught c. Probability of penalty being administered d. All of the other answers are correct
d. All of the other answers are correct
The ISSMP concentration examination is designed to provide CISSPs with a mechanism to demonstrate competence in _____. a. enterprise security management practices b. security management practices c. business continuity planning and disaster recovery planning d. All of these answers are correct
d. All of these answers are correct
The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. a. Prepper Act b. Economic Espionage Act c. USA PATRIOT Act d. Security and Freedom through Encryption Act
d. Security and Freedom through Encryption Act
A ____ site provides only rudimentary services and facilities. a. commercial b. warm c. hot d. cold
d. cold
A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment's notice. a. mobile site b. cold site c. service bureau d. hot site
d. hot site
