InfoSec Final
The CISA credential is promoted by ISACA as the certification that is appropriate for all but which type of professionals? a. security b. accounting c. auditing d. networking
accounting
A(n) _____ is a document containing contact information for the people to be notified in the event of an incident. a. phone list b. alert roster c. call registry d. emergency notification system
alert roster
The _____ is typically considered the top information security officer in the organization. a. CISO b. CEO c. CTO d. CFO
CISO
_____ is the action of luring an individual into committing a crime to get a conviction. a. Enticement b. Entrapment c. Padding d. Intrusion
Entrapment
The bottom-up approach to information security has a higher probability of success than the top-down approach. a. True b. False
False
The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called _____. a. Organizational Management and Professionals b. Information Technology Management and Professionals c. Executive Management d. Information Security Management and Professionals
Information Technology Management and Professionals
Understanding the _____ context means understanding the impact of elements such as the business environment, the legal/regulatory/compliance environment, as well as the threat environment. a. design b. risk evaluation c. external d. internal
external
The model commonly used by large organizations places the information security department within the _____ department. a. financial b. information technology c. production d. management
information technology
Which type of organizations should prepare for the unexpected? a. organizations of every size and purpose b. large organizations which have many assets at risk c. only those without good insurance d. small organizations that can easily recover
organizations of every size and purpose
A table of hash values and their corresponding plaintext values used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n) _____. a. crib b. rainbow table c. dictionary d. crack file
rainbow table
A(n) _____ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. a. IDSE b. SPAN c. NIDPS d. DPS
SPAN
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. a. True b. False
True
Good firewall rules include denying all data that is not verifiably authentic. a. True b. False
True
Good security programs begin and end with policy. a. True b. False
True
Technical mechanisms like digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media have been used to deter or prevent the theft of software intellectual property. a. True b. False
True
The Cybersecurity Analyst+ certification from _____ is an intermediate certification with both knowledge-based and performance-based assessments. a. SANS b. ISACA c. ACM d. CompTIA
CompTIA
The _____ is an intermediate area between a trusted network and an untrusted network. a. DMZ b. domain c. firewall d. perimeter
DMZ
Digital signatures should be created using processes and products that are based on the _____. a. NIST b. SSL c. HTTPS d. DSS
DSS
_____ are encrypted message components that can be mathematically proven to be authentic. a. MACs b. Message certificates c. Digital signatures d. Message digests
Digital signatures
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? a. Sarbanes-Oxley Act b. Economic Espionage Act c. Electronic Communications Privacy Act d. Financial Services Modernization Act
Electronic Communications Privacy Act
_____ is the process of converting an original message into a form that is unreadable to unauthorized individuals. a. Decryption b. Cryptology c. Cryptography d. Encryption
Encryption
"Knowing yourself" means identifying, examining, and understanding the threats facing the organization's information assets. a. True b. False
False
A brute force function is a mathematical algorithm that generates a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity. a. True b. False
False
A disaster is any adverse event that could result in loss of an information asset or assets but does not currently threaten the viability of the entire organization. a. True b. False
False
Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. a. True b. False
False
An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms. a. True b. False
False
Discretionary access control is an organizational approach that specifies resource use based on the assignment of data classification schemes to resources and clearance levels to users. a. True b. False
False
Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting. a. True b. False
False
In a study on software license infringement, licenses from the United States were significantly more permissive than those from the Netherlands and other countries. a. True b. False
False
Incident detail assessment determines the impact from a breach of confidentiality, integrity, and availability on information and information assets. a. True b. False
False
Intrusion detection consists of procedures and systems that detect, identify, and limit intrusions before returning operations to a normal state. a. True b. False
False
Network security focuses on the protection of physical items, objects, or areas from unauthorized access and misuse. a. True b. False
False
Risk mitigation is the process of assigning a risk rating or score to each information asset. a. True b. False
False
The centralized IDPS implementation approach occurs when all detection functions are managed in a central location. a. True b. False
False
The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization. a. True b. False
False
The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not. a. True b. False
False
The operational plan documents the organization's intended long-term direction and efforts for the next several years. a. True b. False
False
The primary mission of information security is to ensure that systems and their content retain their confidentiality. a. True b. False
False
The security framework is a more detailed version of the security blueprint. a. True b. False
False
To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted. a. True b. False
False
With the removal of copyright protection mechanisms, software can be easily and legally distributed and installed. a. True b. False
False
What is the subject of the Computer Security Act? a. Federal agency information security b. Telecommunications common carriers c. Cryptography software vendors d. All of the above
Federal agency information security
_____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. a. MAC b. Hash c. Key d. Encryption
Hash
A(n) _____ works like a burglar alarm in that it detects a violation and activates an alarm. a. IDPS b. DoS c. WiFi d. UDP
IDPS
There are three general causes of unethical and illegal behavior: _____, Accident, or Intent. a. Curiosity b. Ignorance c. Revenge d. None of the above
Ignorance
A(n) _____ reviews the log files generated by servers, network devices, and even other IDPSs looking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred. a. stat IDPS b. HIDPS c. LFM d. AppIDPS
LFM
The EISP component of _____ provides information on the importance of information security in the organization and the legal and ethical obligation to protect critical information about customers, employees, and markets. a. Statement of Purpose b. Information Security Elements c. Information Security Responsibilities and Roles d. Need for Information Security
Need for Information Security
_____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications. a. AH b. ESP c. PGP d. DES
PGP
_____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. a. Criminal b. Civil c. Public d. Private
Public
The _____ algorithm, developed in 1977, was the first public-key encryption algorithm published for commercial use. a. MAC b. RSA c. AES d. DES
RSA
_____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor. a. Mutual agreement b. Service agreement c. Time-share agreement d. Memorandum of understanding
Service agreement
_____ is any technology that aids in gathering information about a person or organization without their knowledge. a. A worm b. A Trojan c. A bot d. Spyware
Spyware
_____ often function as standards or procedures to be used when configuring or maintaining systems. a. EISPs b. SysSPs c. ESSPs d. ISSPs
SysSPs
Which of the following versions of TACACS is still in use? a. TACACS v2 b. Extended TACACS c. TACACS+ d. All of these are correct
TACACS+
The _____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. a. FTP b. TCP c. HTTP d. WWW
TCP
_____ is the requirement that every employee be able to perform the work of another employee. a. Two-man control b. Task rotation c. Duty exchange d. Collusion
Task rotation
A breach of possession may not always result in a breach of confidentiality. a. True b. False
True
An HIDPS can monitor system logs for predefined events. a. True b. False
True
An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training. a. True b. False
True
Business impact analysis is a preparatory activity common to both CP and risk management. a. True b. False
True
Exposure factor is the expected percentage of loss that would occur from a particular attack. a. True b. False
True
For 802.11 wireless networks, a wireless security toolkit should include the ability to sniff wireless traffic and scan wireless hosts. a. True b. False
True
Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied. a. True b. False
True
Link encryption is a series of encryptions and decryptions between systems, where each system in a network decrypts the message sent to it, re-encrypts it using different keys, then sends it to the next neighbor. This process continues until the message reaches the final destination. a. True b. False
True
Packet-filtering firewalls scan network data packets looking for compliance or violations of the firewall's database rules. a. True b. False
True
Some policies may also need a sunset clause indicating their expiration date. a. True b. False
True
Steganography is a data hiding method that involves embedding information within other files, such as digital pictures or other images. a. True b. False
True
The Secret Service is charged with safeguarding the nation's financial infrastructure and payments systems to preserve the integrity of the economy. a. True b. False
True
The organization should adopt naming standards that do not convey information to potential system attackers. a. True b. False
True
The position of security analyst may be an entry-level position. a. True b. False
True
Using a service bureau is a BC strategy in which an organization contracts with a service agency to provide a facility for a fee. a. True b. False
True
Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. a. acceptance b. benefit c. residual d. appetite
appetite
A threat _____ is an evaluation of the threats to information assets, including a determination of their likelihood of occurrence and potential impact of an attack. a. review b. investigation c. assessment d. search
assessment
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security _____. a. policy b. plan c. standard d. blueprint
blueprint
Most common data backup schemes involve _____. a. RAID b. disk-to-disk-to-cloud c. neither a nor b d. both a and b
both a and b
Human error or failure often can be prevented with training, ongoing awareness activities, and _____. a. controls b. paperwork c. hugs d. threats
controls
Which of the following is NOT a described IDPS control strategy? a. centralized b. fully distributed c. decentralized d. All of these are a described IDPS control strategy
decentralized
A crime involving digital media, computer technology, or related components is best called an act of _____. a. digital malfeasance b. digital abuse c. computer trespass d. computer theft
digital malfeasance
A server would experience a(n) _____ attack when a hacker compromises it to acquire information via a remote location using a network connection. a. software b. direct c. hardware d. indirect
direct
A _____ filtering firewall can react to an emergent event and update or create rules to deal with the event. a. stateless b. dynamic c. static d. stateful
dynamic
A short-term interruption in electrical power availability is known as a _____. a. fault b. lag c. blackout d. brownout
fault
What is the subject of the Sarbanes-Oxley Act? a. privacy b. banking c. financial reporting d. trade secrets
financial reporting
In most cases, organizations look for a technically qualified information security _____ who has a solid understanding of how an organization operates. a. expert b. specialist c. internist d. generalist
generalist
Which of these is NOT a unique function of information security management? a. hardware b. policy c. programs d. planning
hardware
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as _____. a. information security b. physical security c. network security d. communications security
information security
The probability that a specific vulnerability within an organization will be attacked by a threat is known as _____. a. externality b. potential c. determinism d. likelihood
likelihood
The average amount of time until the next hardware failure is known as _____. a. mean time to repair (MTTR) b. mean time to diagnose (MTTD) c. mean time to failure (MTTF) d. mean time between failure (MTBF)
mean time to failure (MTTF)
Individuals who control and are responsible for the security and use of a particular set of information are known as data _____. a. users b. trustees c. owners d. custodians
owners
A _____ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. a. aggressive b. active c. passive d. secret
passive
The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the _____ side of the organization. a. operational b. technology c. Internet d. people
people
Information about a person's history, background, and attributes that can be used to commit identity theft is known as _____ information. a. privately held b. identity defined c. virtually interpreted d. personally identifiable
personally identifiable
The protection of tangible items, objects, or areas from unauthorized access and misuse is known as _____. a. network security b. physical security c. communications security d. information security
physical security
In most common implementation models, the content filter has two components: _____. a. rating and decryption b. filtering and encoding c. allow and deny d. rating and filtering
rating and filtering
The dominant architecture used to secure network access today is the _____ firewall. a. static b. unlimited c. screened subnet d. bastion
screened subnet
A computer is the _____ of an attack when it is used to conduct an attack against another computer. a. target b. facilitator c. subject d. object
subject
In _____ mode, the data within an IP packet is encrypted, but the header information is not. a. public b. tunnel c. symmetric d. transport
transport
_____ signifies how often you expect a specific type of attack to occur. a. ARO b. ALE c. CBA d. SLE
ARO
_____ risk treatment is a strategy to do nothing to protect a vulnerability and to accept the outcome of its exploitation. a. Transference b. Mitigation c. Acceptance d. Defense
Acceptance
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes that _____. a. controls have been bypassed b. controls have proven ineffective c. controls have failed d. All of the above
All of the above
Redundancy can be implemented at a number of points throughout the security architecture, such as in _____. a. firewalls b. proxy servers c. access controls d. All of the above
All of the above
