InfoSec 3300 - Chapter 1
What do audit logs that track user activity on an information system provide?
Accountability
Force majeure includes
Acts of war, civil disorder, forces of nature
"4-1-9" is one form of a(n) _____ fraud
Advance fee
Force majeure DOES NOT include
Armed robbery
An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it
Attack
The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process?
Authentication
A process that defines what the user is permitted to do
Authorization
Approaches to password cracking
Brute force, dictionary attacks, social engineering attacks
NOT a step in the problem-solving process
Build support among management for the candidate solution
A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted is the _____ security model.
CNSS
According The the C.I.A. triad, what is the most desirable characteristic for privacy?
Confidenciality
A C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?
Confidentiality
A hacker who intentionally removes or bypasses software copyright protection designed to prevent unauthorized duplication or use is known as a(n)
Cracker
Attack that involves sending a large number of connection or information requests to a target
Denial-of-service (DoS)
An attack in which a coordinated stream of requests is launched against a target from many locations at the same time
Distributed denial-of-service
A technique used to compromise a system
Exploit
Which of the following is NOT among the "deadly sins of software security"?
Extortion sins
A short-term interruption in electrical power availability is known as a _____
Fault
The set of responsibilities and practices exercises by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise's resources are used responsibly
Governance
One form of online vandalism is _____, in which individuals interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
Hacktivism
The collection and analysis of information about an organization's business competitors, often through illegal or unethical means, to gain an unfair edge over them
Industrial espionage
The protection of confidentiality, integrity, and availability of data regardless of its location is known as
Information Security
C.I.A. characteristic that addresses the threat from corruption, damage, destruction, or other disruption of its authentic state
Integrity
In the _____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network
Man-in-the-middle
Communications security involves the protection of _____
Media, technology, and content
The protection of voice and data components, connections, and content is known as _____ security.
Network
The principle of management dedicated to the structuring of resources to support the accomplishment of objectives?
Organization
An information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems is known as _____
Penetration tester
Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program?
People
NOT a primary function of Information Security Management
Performance
The principle of management that develops, creates, and implements strategies for the accomplishment of objectives
Planning
Primary functions of Information Security Management
Planning, protection, projects
Function of Information Security Management that seeks to dictate certain behavior within the organization through a set of organizational guidelines
Policy
Recognition that data used by an organization should only be used for the purposes stated by the information owner at the time it was collected
Privacy
The hash values for a wide variety of passwords can be stored in a database known as a(n) _____, which can be indexed and quickly searched using the hash value allowing the corresponding plaintext password to be determined.
Rainbow table
An attack that uses phishing techniques along with specialized forms of malware to encrypt the victim's data files
Ransomware
NOT an approach to password cracking
Ransomware
First step in the problem-solving process
Recognize and define the problem
Technology services are usually arranged with an agreement defining minimum service levels known as a(n) _____
SLA
"4-1-9" fraud is an example of a _____ attack.
Social engineering
The unauthorized duplication, installation, or distribution of copyrighted computer software, which is a violation of intellectual property called _____
Software piracy
Human error or failure often can be prevented with training and awareness programs, policy, and _____
Technical controls
Which of the 12 Categories of Threats best describes a situation where the adversary removes data from a victim's computer?
Theft
Any event or circumstance that has the potential to adversely affect operations and assets
Threat
Acts of _____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to access.
Trespass
Malware programs that hide their true nature, and reveal their designed behavior only when activated
Trojan horses
A potential weakness in an asset or its defensive control system(s)
Vulnerability
Which statement defines the differences between a computer virus and a computer worm?
Worms can make copies all by themselves but viruses need to attach to an existing program on the host computer to replicate
