Info Security Midterm
__________ law comprises a wide variety of laws that govern a nation or state.
Civil
The National Information Infrastructure Protection Act of 1996 modified which act?
Computer Fraud and Abuse Act
The __________ is an intermediate area between a trusted network and an untrusted network.
DMZ
A(n) _________ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
Fraud
__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
Packet-filtering
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
Physical
Which of the following is not a major processing mode category for firewalls?
Router passthru
The ____________________ data file contains the hashed representation of the user's password.
SAM
Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____.
SLA
__________ inspection firewalls keep track of each network connection between internal and external systems.
Stateful
__________ filtering requires that the firewall's filtering rules for allowing and denying packets are developed and installed with the firewall.
Static
________often function as standards or procedures to be used when configuring or maintaining systems.
SysSPs
When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?
The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.
A short-term interruption in electrical power availability is known as a ____.
fault
An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.
framework
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any __________ purposes.
marketing
Hackers can be generalized into two skill groups: expert and ____________________.
novice
The first phase of risk management is _________.
risk identification
"4-1-9" fraud is an example of a ____________________ attack.
social engineering
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.
direct
The concept of competitive _________ refers to falling behind the competition.
disadvantage
A __________ filtering firewall can react to an emergent event and update or create rules to deal with the event.
dynamic
Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________.
education
A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.
strategic
A computer is the __________ of an attack when it is used to conduct an attack against another computer.
subject
The restrictions most commonly implemented in packet-filtering firewalls are based on __________.
All of the above: IP source and destination address, Direction (inbound or outbound), and TCP or UDP source and destination port requests.
Which of the following functions does information security perform for an organization?
All of the above: Protecting the organization's ability to function, Protecting the data the organization collects and uses, and Enabling the safe operation of applications implemented on the organization's IT systems.
__________ of information is the quality or state of being genuine or original.
Authenticity
A(n) _________ is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.
Data classification scheme
The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.
EISP
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?
Electronic Communications Privacy Act
_________ addresses are sometimes called electronic serial numbers or hardware addresses.
MAC
__________ was the first operating system to integrate security as one of its core functions.
MULTICS
__________ has become a widely accepted evaluation standard for training and education related to the security of information systems.
NSTISSI No. 4011
__________ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.
Public
The goals of information security governance include all but which of the following?
Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care
The application layer proxy firewall is also known as a(n) __________.
application firewall
Risk _________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.
appetite
Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
control
Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards.
de jure
The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.
demilitarized
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value.
hash
The Health Insurance Portability and Accountability Act of 1996, also known as the __________ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange.
kennedy-Kessebaum
__________ access control is a form of __________ access control in which users are assigned a matrix of authorizations for particular areas of access.
lattice-based, nondiscretionary
The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________."
management
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except __________.
to harass
Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
trespass
Federal agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered "National Security Information," __________ data is the lowest-level classification.
unclassified
The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security.
vulnerabilities
